Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Confirm Me.exe

Overview

General Information

Sample name:Confirm Me.exe
Analysis ID:1526550
MD5:9e1f57731569a5ccbd7526f3ae1c4b50
SHA1:1c7915b594ea634885c57c2281a8ce77483f1961
SHA256:f659219bbbb50593d0cd629ccf48faca878b444162b14863854480a7c9289266
Tags:exeuser-JolefanM
Infos:

Detection

STRRAT
Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected STRRAT
AI detected suspicious sample
Connects to a pastebin service (likely for C&C)
Found API chain indicative of debugger detection
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after checking a module file name)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • Confirm Me.exe (PID: 6972 cmdline: "C:\Users\user\Desktop\Confirm Me.exe" MD5: 9E1F57731569A5CCBD7526F3AE1C4B50)
    • install.exe (PID: 5988 cmdline: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe MD5: 5ECD826BABBEBDD959456C471DEC6465)
      • javaw.exe (PID: 6524 cmdline: "C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\COPYRIGHT;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre\jphp-runtime.jar;jre\jphp-xml-ext.jar;jre\jphp-zend-ext.jar;jre\jphp-zip-ext.jar;jre\lib;jre\LICENSE;jre\README.txt;jre\release;jre\slf4j-api.jar;jre\slf4j-simple.jar;jre\THIRDPARTYLICENSEREADME-JAVAFX.txt;jre\THIRDPARTYLICENSEREADME.txt;jre\Welcome.html;jre\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncher MD5: 48C96771106DBDD5D42BBA3772E4B414)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: javaw.exe PID: 6524JoeSecurity_STRRATYara detected STRRATJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 97.0% probability
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADD24F0 CryptReleaseContext,4_2_6ADD24F0
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADD16EE _Java_sun_security_mscapi_Key_cleanUp@24,CryptDestroyKey,CryptReleaseContext,4_2_6ADD16EE
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADD1CBB _Java_sun_security_mscapi_Key_getKeyType@16,CryptGetKeyParam,sprintf,4_2_6ADD1CBB
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADD26A7 _Java_sun_security_mscapi_RSAPublicKey_getPublicKeyBlob@16,CryptExportKey,CryptExportKey,GetLastError,??2@YAPAXI@Z,CryptExportKey,4_2_6ADD26A7
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADD1C59 _Java_sun_security_mscapi_Key_getContainerName@16,CryptGetProvParam,4_2_6ADD1C59
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADD2274 _Java_sun_security_mscapi_KeyStore_destroyKeyContainer@12,CryptAcquireContextA,GetLastError,4_2_6ADD2274
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADD120D _Java_sun_security_mscapi_PRNG_generateSeed@16,CryptAcquireContextA,GetLastError,CryptGenRandom,GetLastError,??2@YAPAXI@Z,CryptGenRandom,GetLastError,CryptGenRandom,4_2_6ADD120D
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADD2423 _Java_sun_security_mscapi_RSACipher_getKeyFromCert@20,CryptAcquireCertificatePrivateKey,GetLastError,CryptGetUserKey,CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,CryptImportPublicKeyInfo,GetLastError,4_2_6ADD2423
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADD2BF6 _Java_sun_security_mscapi_KeyStore_storePrivateKey@20,CryptAcquireContextA,GetLastError,CryptImportKey,4_2_6ADD2BF6
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADD13AC _Java_sun_security_mscapi_KeyStore_loadKeysOrCertificateChains@12,CertOpenSystemStoreA,GetLastError,CertEnumCertificatesInStore,CryptAcquireCertificatePrivateKey,CryptGetUserKey,CryptReleaseContext,CryptSetKeyParam,CertGetPublicKeyLength,CertGetNameStringA,??2@YAPAXI@Z,CertGetNameStringA,CryptGetKeyParam,CertFreeCertificateChain,4_2_6ADD13AC
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADD1B50 _Java_sun_security_mscapi_RSAKeyPairGenerator_generateRSAKeyPair@16,CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,GetLastError,CryptGenKey,4_2_6ADD1B50
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADD1D4B _Java_sun_security_mscapi_KeyStore_storeCertificate@40,CertOpenSystemStoreA,??2@YAPAXI@Z,CertCreateCertificateContext,GetLastError,??2@YAPAXI@Z,memcpy,CertSetCertificateContextProperty,CryptGetProvParam,CryptGetProvParam,??2@YAPAXI@Z,CryptGetProvParam,??2@YAPAXI@Z,mbstowcs,CryptGetProvParam,??2@YAPAXI@Z,CryptGetProvParam,??2@YAPAXI@Z,mbstowcs,CryptGetProvParam,CryptGetKeyParam,CertSetCertificateContextProperty,CertAddCertificateContextToStore,GetLastError,4_2_6ADD1D4B
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADD1968 _Java_sun_security_mscapi_RSASignature_verifySignedHash@44,__except_handler4,CryptCreateHash,CryptGetProvParam,CryptAcquireContextA,GetLastError,CryptCreateHash,??2@YAPAXI@Z,??2@YAPAXI@Z,CryptSetHashParam,CryptVerifySignatureA,4_2_6ADD1968
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADD256A _Java_sun_security_mscapi_RSACipher_encryptDecrypt@28,??2@YAPAXI@Z,CryptEncrypt,GetLastError,CryptDecrypt,4_2_6ADD256A
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADD1363 ??3@YAXPAX@Z,CryptReleaseContext,4_2_6ADD1363
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADD1719 _Java_sun_security_mscapi_RSASignature_signHash@40,__except_handler4,CryptCreateHash,CryptCreateHash,CryptGetProvParam,CryptAcquireContextA,GetLastError,CryptCreateHash,??2@YAPAXI@Z,CryptSetHashParam,CryptGetKeyParam,CryptSignHashA,CryptSignHashA,??2@YAPAXI@Z,CryptSignHashA,4_2_6ADD1719
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADD1B16 ??3@YAXPAX@Z,??3@YAXPAX@Z,CryptDestroyHash,CryptReleaseContext,4_2_6ADD1B16
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADD2500 _Java_sun_security_mscapi_KeyStore_getKeyLength@16,CryptGetKeyParam,GetLastError,4_2_6ADD2500
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADD192E ??3@YAXPAX@Z,??3@YAXPAX@Z,CryptDestroyHash,CryptReleaseContext,4_2_6ADD192E
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADD2D25 _Java_sun_security_mscapi_RSASignature_importPublicKey@16,CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,GetLastError,CryptImportKey,4_2_6ADD2D25
    Source: Confirm Me.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\README.txtJump to behavior
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME-JAVAFX.txtJump to behavior
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME-JAVAFX.txtJump to behavior
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME.txtJump to behavior
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME.txtJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr100.dllJump to behavior
    Source: unknownHTTPS traffic detected: 104.20.3.235:443 -> 192.168.2.5:49778 version: TLS 1.2
    Source: Confirm Me.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libt2k\t2k.pdb source: t2k.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjli\jli.pdb source: Confirm Me.exe, 00000000.00000003.2164017536.0000000002775000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjavaaccessbridge\JavaAccessBridge.pdb source: Confirm Me.exe, 00000000.00000003.2105009235.0000000002772000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libinstrument\instrument.pdb source: Confirm Me.exe, 00000000.00000003.2122874503.0000000002779000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\eula\obj\eula.pdb source: Confirm Me.exe, 00000000.00000003.2112822739.000000000277E000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\jre-image\bin\javaws.pdb source: Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjawtaccessbridge-32\JAWTAccessBridge-32.pdb source: Confirm Me.exe, 00000000.00000003.2102696019.0000000002770000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libwindowsaccessbridge\WindowsAccessBridge.pdb source: Confirm Me.exe, 00000000.00000003.2106535004.0000000002772000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libj2pkcs11\j2pkcs11.pdb source: Confirm Me.exe, 00000000.00000003.2123933808.0000000002770000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libwindowsaccessbridge-32\WindowsAccessBridge-32.pdb source: Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libj2pcsc\j2pcsc.pdb source: Confirm Me.exe, 00000000.00000003.2123475901.000000000277F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\orbd_objs\orbd.pdb source: Confirm Me.exe, 00000000.00000003.2185814089.0000000002771000.00000004.00000020.00020000.00000000.sdmp, orbd.exe.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava_crw_demo\java_crw_demo.pdb98 source: Confirm Me.exe, 00000000.00000003.2128456389.000000000277B000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\rmid_objs\rmid.pdb source: Confirm Me.exe, 00000000.00000003.2190587949.0000000002775000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsplashscreen\splashscreen.pdb source: Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjavaaccessbridge-32\JavaAccessBridge-32.pdb) source: Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, JavaAccessBridge-32.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\keytool_objs\keytool.pdb source: Confirm Me.exe, 00000000.00000003.2174055178.000000000277C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjavaaccessbridge-32\JavaAccessBridge-32.pdb source: Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, JavaAccessBridge-32.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjsound\jsound.pdbIC source: Confirm Me.exe, 00000000.00000003.2171101964.0000000002776000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2ssv\obj\jp2ssv.pdb source: Confirm Me.exe, 00000000.00000003.2168135670.000000000277C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2ssv\obj\jp2ssv.pdb source: Confirm Me.exe, 00000000.00000003.2168135670.000000000277C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\kinit_objs\kinit.pdb source: Confirm Me.exe, 00000000.00000003.2175087733.0000000002779000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnio\nio.pdbic source: Confirm Me.exe, 00000000.00000003.2184692925.000000000277B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2374873004.000000006E087000.00000002.00000001.01000000.0000000D.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnpt\npt.pdb source: Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libfontmanager\fontmanager.pdb@ source: Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb source: Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libdcpr\dcpr.pdb source: Confirm Me.exe, 00000000.00000003.2109755976.000000000277B000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libhprof_jvmti\hprof.pdb source: Confirm Me.exe, 00000000.00000003.2122048543.0000000002773000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjdwp\jdwp.pdbI source: Confirm Me.exe, 00000000.00000003.2135311826.000000000277A000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\jjs_objs\jjs.pdb source: Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\servertool_objs\servertool.pdb source: Confirm Me.exe, 00000000.00000003.2191839179.0000000002777000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\hotspot\windows_i486_compiler1\product\jvm.pdb source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\eula\obj\eula.pdb0 source: Confirm Me.exe, 00000000.00000003.2112822739.000000000277E000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnio\nio.pdb source: Confirm Me.exe, 00000000.00000003.2184692925.000000000277B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2374873004.000000006E087000.00000002.00000001.01000000.0000000D.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2iexp\obj\jp2iexp.pdb source: Confirm Me.exe, 00000000.00000003.2164971000.0000000002778000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjli\jli.pdb source: Confirm Me.exe, 00000000.00000003.2164017536.0000000002775000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: msvcr120.i386.pdb source: Confirm Me.exe, 00000000.00000003.2183367662.0000000002777000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2372853891.000000006BF41000.00000020.00000001.01000000.0000000E.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libdt_socket\dt_socket.pdb source: Confirm Me.exe, 00000000.00000003.2112138274.000000000277D000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\javacpl\obj\javacpl.pdb4 source: Confirm Me.exe, 00000000.00000003.2129267673.0000000002778000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\pack200_objs\pack200.pdb source: Confirm Me.exe, 00000000.00000003.2186297923.0000000002778000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: msvcp120.i386.pdb source: Confirm Me.exe, 00000000.00000003.2180498787.0000000002770000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, javaw.exe, 00000004.00000002.2372515366.000000006BEC1000.00000020.00000001.01000000.0000000F.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libdt_shmem\dt_shmem.pdb source: Confirm Me.exe, 00000000.00000003.2111585981.0000000002778000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjfr\jfr.pdb source: Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjawt\jawt.pdb source: Confirm Me.exe, 00000000.00000003.2134492627.000000000277D000.00000004.00000020.00020000.00000000.sdmp, jawt.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\rmiregistry_objs\rmiregistry.pdb source: Confirm Me.exe, 00000000.00000003.2191177168.000000000277A000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjaas\jaas_nt.pdb source: Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjawtaccessbridge\JAWTAccessBridge.pdb source: Confirm Me.exe, 00000000.00000003.2103096731.0000000002770000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava_crw_demo\java_crw_demo.pdb source: Confirm Me.exe, 00000000.00000003.2128456389.000000000277B000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava\java.pdb source: Confirm Me.exe, 00000000.00000003.2127170220.0000000002772000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2375058158.000000006E3E3000.00000002.00000001.01000000.0000000A.sdmp, java.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjsdt\jsdt.pdb source: Confirm Me.exe, 00000000.00000003.2170077141.000000000277F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjpeg\jpeg.pdb source: Confirm Me.exe, 00000000.00000003.2169273331.0000000002776000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\ktab_objs\ktab.pdb source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\klist_objs\klist.pdb source: Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\javacpl\obj\javacpl.pdb source: Confirm Me.exe, 00000000.00000003.2129267673.0000000002778000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnet\net.pdb source: Confirm Me.exe, 00000000.00000003.2184133514.0000000002777000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2373233269.000000006C07D000.00000002.00000001.01000000.0000000C.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libbci\bci.pdb source: Confirm Me.exe, 00000000.00000003.2109082232.000000000277E000.00000004.00000020.00020000.00000000.sdmp, bci.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsplashscreen\splashscreen.pdb source: Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libverify\verify.pdb source: javaw.exe, 00000004.00000002.2375515849.000000006F976000.00000002.00000001.01000000.00000009.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\javacplexec\obj\javacpl.pdb source: Confirm Me.exe, 00000000.00000003.2130000619.0000000002773000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\java_objs\java.pdb source: Confirm Me.exe, 00000000.00000003.2127860611.000000000277E000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2iexp\obj\jp2iexp.pdb< source: Confirm Me.exe, 00000000.00000003.2164971000.0000000002778000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\javaw_objs\javaw.pdb source: Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, javaw.exe, 00000004.00000002.2349945499.000000000098C000.00000002.00000001.01000000.00000006.sdmp, javaw.exe, 00000004.00000000.2300773769.000000000098C000.00000002.00000001.01000000.00000006.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb8^DkdwBk source: javaw.exe, 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\java-rmi_objs\java-rmi.pdb source: Confirm Me.exe, 00000000.00000003.2125754785.000000000277B000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\liblcms\lcms.pdb source: Confirm Me.exe, 00000000.00000003.2177737342.000000000277F000.00000004.00000020.00020000.00000000.sdmp, lcms.dll.0.dr
    Source: Binary string: msvcr100.i386.pdb source: Confirm Me.exe, 00000000.00000003.2182045877.0000000002770000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2374421523.000000006C461000.00000020.00000001.01000000.00000007.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\ssv\obj\ssv.pdb source: Confirm Me.exe, 00000000.00000003.2193499543.0000000002778000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjdwp\jdwp.pdb source: Confirm Me.exe, 00000000.00000003.2135311826.000000000277A000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libzip\zip.pdb source: javaw.exe, 00000004.00000002.2375253895.000000006E4AA000.00000002.00000001.01000000.0000000B.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\javacplexec\obj\javacpl.pdb0 source: Confirm Me.exe, 00000000.00000003.2130000619.0000000002773000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libmlib_image\mlib_image.pdb source: Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, mlib_image.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunec\sunec.pdb$ source: javaw.exe, 00000004.00000002.2371383744.000000006ADF3000.00000002.00000001.01000000.00000017.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunec\sunec.pdb source: javaw.exe, 00000004.00000002.2371383744.000000006ADF3000.00000002.00000001.01000000.00000017.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\jre-image\bin\deploy.pdb source: Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\jabswitch\jabswitch.pdb source: Confirm Me.exe, 00000000.00000003.2125094328.0000000002773000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2launcher\obj\jp2launcher.pdbP*A source: Confirm Me.exe, 00000000.00000003.2165813508.0000000002772000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\jre-image\bin\javaws.pdbPfC source: Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2native\obj\jp2native.pdb source: Confirm Me.exe, 00000000.00000003.2166511343.000000000277D000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjsound\jsound.pdb source: Confirm Me.exe, 00000000.00000003.2171101964.0000000002776000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjfr\jfr.pdby* source: Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava\java.pdb'% source: Confirm Me.exe, 00000000.00000003.2127170220.0000000002772000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2375058158.000000006E3E3000.00000002.00000001.01000000.0000000A.sdmp, java.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libmlib_image\mlib_image.pdb9 source: Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, mlib_image.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb8^ source: Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunmscapi\sunmscapi.pdb source: javaw.exe, 00000004.00000002.2371227574.000000006ADD4000.00000002.00000001.01000000.00000018.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\tnameserv_objs\tnameserv.pdb source: tnameserv.exe.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libhprof_jvmti\hprof.pdbi source: Confirm Me.exe, 00000000.00000003.2122048543.0000000002773000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libresource\resource.pdb source: Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\liblcms\lcms.pdb* source: Confirm Me.exe, 00000000.00000003.2177737342.000000000277F000.00000004.00000020.00020000.00000000.sdmp, lcms.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnpt\npt.pdbY" source: Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libfontmanager\fontmanager.pdb source: Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libmanagement\management.pdb source: Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjsoundds\jsoundds.pdb source: Confirm Me.exe, 00000000.00000003.2171917868.0000000002775000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjpeg\jpeg.pdbi source: Confirm Me.exe, 00000000.00000003.2169273331.0000000002776000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\policytool_objs\policytool.pdb source: Confirm Me.exe, 00000000.00000003.2186844213.000000000277C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libmanagement\management.pdby: source: Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libkcms\kcms.pdb source: Confirm Me.exe, 00000000.00000003.2172830819.0000000002770000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2launcher\obj\jp2launcher.pdb source: Confirm Me.exe, 00000000.00000003.2165813508.0000000002772000.00000004.00000020.00020000.00000000.sdmp
    Source: C:\Users\user\Desktop\Confirm Me.exeCode function: 0_2_00405C4D GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C4D
    Source: C:\Users\user\Desktop\Confirm Me.exeCode function: 0_2_00402930 FindFirstFileW,0_2_00402930
    Source: C:\Users\user\Desktop\Confirm Me.exeCode function: 0_2_0040689E FindFirstFileW,FindClose,0_2_0040689E
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_0097A3A5 __getdrive,FindFirstFileExA,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,_free,___loctotime64_t,_free,__wsopen_s,__fstat64i32,__close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,4_2_0097A3A5
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_00975225 FindFirstFileA,FindNextFileA,_strlen,_strlen,_strlen,_memmove,_memmove,FindClose,4_2_00975225
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\InstallerPDW\jre\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\InstallerPDW\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior

    Networking

    barindex
    Connects to a pastebin service (likely for C&C)
    Source: unknownDNS query: name: pastebin.com
    Source: Joe Sandbox ViewIP Address: 104.20.3.235 104.20.3.235
    Source: Joe Sandbox ViewIP Address: 104.20.3.235 104.20.3.235
    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
    Source: Joe Sandbox ViewJA3 fingerprint: 2db6873021f2a95daa7de0d93a1d1bf2
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficDNS traffic detected: DNS query: pastebin.com
    Source: javaw.exe, 00000004.00000002.2351020651.0000000004C46000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: HTTP://WWW.CHAMBERSIGN.ORG
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/allow-java-encodings
    Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/allow-java-encodingshgo
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/continue-after-fatal-error
    Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/continue-after-fatal-errorTo
    Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/create-cdata-nodes
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2361017795.0000000014C9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/disallow-doctype-decl
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/create-entity-ref-nodes
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansion
    Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansionG
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/include-ignorable-whitespace
    Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/include-ignorable-whitespace:
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations
    Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations3
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocations
    Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocationsQo
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/include-comments
    Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/include-comments1
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/parser-settings
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicates
    Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/namespace-growth
    Source: javaw.exe, 00000004.00000002.2362196887.00000000155A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/namespacesY
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd
    Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtdA
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-builtin-refs
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2361017795.0000000014C9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/standard-uri-conformant
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validate-annotations
    Source: javaw.exe, 00000004.00000002.2361017795.0000000014DA6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-trees
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/dynamic
    Source: javaw.exe, 00000004.00000002.2361017795.0000000014DA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/dynamicI
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking
    Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema-full-checkinga
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/augment-psvi
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/element-default
    Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/element-default=
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-value
    Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema:
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdef
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdef
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/warn-on-duplicate-entitydef
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-uris
    Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-uris6
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-language
    Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-language:
    Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xincludeC
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/
    Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/co
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/dom/current-element-node
    Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/dom/current-element-node7
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/dom/document-class-name
    Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/dom/document-class-name3
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2361017795.0000000014C9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/input-buffer-size
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factory
    Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factory0lo
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/document-scanner
    Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/document-scanner5
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor
    Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor7
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner
    Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner7
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-manager
    Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-manager:
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver
    Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-resolverh
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-handler
    Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-handler=
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-reporter
    Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-reporter8
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/grammar-pool
    Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/grammar-pooln
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-binder
    Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-binderA
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-context
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2361017795.0000000014C9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolver
    Source: javaw.exe, 00000004.00000002.2361017795.0000000014C9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolver5
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/symbol-table
    Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/symbol-table6
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation-manager
    Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation-manager:
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/dtd
    Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/dtdD
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/schema
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/xinclude-handler
    Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/xinclude-handler;
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/locale
    Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/localehF
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocation
    Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocationJ
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/security-manager
    Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/security-manager&
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymousTypes
    Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymousTypes?
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A0CA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://asm.objectweb.org
    Source: Confirm Me.exe, 00000000.00000003.2127170220.0000000002772000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2375058158.000000006E3E3000.00000002.00000001.01000000.0000000A.sdmp, javaw.exe, 00000004.00000002.2356527969.0000000009E16000.00000004.00001000.00020000.00000000.sdmp, java.dll.0.drString found in binary or memory: http://bugreport.sun.com/bugreport/
    Source: Confirm Me.exe, 00000000.00000003.2127170220.0000000002772000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2375058158.000000006E3E3000.00000002.00000001.01000000.0000000A.sdmp, java.dll.0.drString found in binary or memory: http://bugreport.sun.com/bugreport/java.vendor.url.bughttp://java.oracle.com/java.vendor.urljava.ven
    Source: Confirm Me.exe, 00000000.00000003.2121246597.0000000002779000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.
    Source: Confirm Me.exe, 00000000.00000003.2121246597.0000000002779000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.GStreamer
    Source: Confirm Me.exe, 00000000.00000003.2121246597.0000000002779000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.Internal
    Source: Confirm Me.exe, 00000000.00000003.2121246597.0000000002779000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.This
    Source: Confirm Me.exe, 00000000.00000003.2121246597.0000000002779000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.Your
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A5E8000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A5E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A675000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.chambersign.org/chambersroot.crl
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A5E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crlS
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A5E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
    Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl#
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
    Source: Confirm Me.exe, 00000000.00000003.2073849307.000000000277B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://download.oracle.com/javase/7/docs/technotes/guides/plugin/
    Source: Confirm Me.exe, 00000000.00000003.2161732222.00000000028F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://icl.com/saxon
    Source: Confirm Me.exe, 00000000.00000003.2161732222.00000000028F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://icl.com/saxonorg.apache.xalan.xslt.extensions.RedirectxsltDocumentElem:
    Source: Confirm Me.exe, 00000000.00000003.2127170220.0000000002772000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2375058158.000000006E3E3000.00000002.00000001.01000000.0000000A.sdmp, javaw.exe, 00000004.00000002.2356527969.0000000009E1C000.00000004.00001000.00020000.00000000.sdmp, java.dll.0.drString found in binary or memory: http://java.oracle.com/
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/jaxp/xpath/dom
    Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/jaxp/xpath/dom;l
    Source: Confirm Me.exe, 00000000.00000003.2135311826.000000000277A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/products/jpda
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/dom/properties/
    Source: javaw.exe, 00000004.00000002.2361017795.0000000014DA6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/dom/properties/ancestor-check
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguage
    Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguage=
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaSource
    Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaSource;
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/
    Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/)
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace
    Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace3
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/
    Source: javaw.exe, 00000004.00000002.2361017795.0000000014C9B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A46F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtd
    Source: javaw.exe, 00000004.00000002.2361017795.0000000014C9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtd9
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/reader-in-defined-state
    Source: javaw.exe, 00000004.00000002.2361017795.0000000014DA6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A46F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/report-cdata-event
    Source: Confirm Me.exe, 00000000.00000003.2114974237.0000000002775000.00000004.00000020.00020000.00000000.sdmp, fxplugins.dll.0.drString found in binary or memory: http://javafx.com/
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A2B7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://javafx.com/fxml/1
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A2B7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://javafx.com/javafx/8
    Source: Confirm Me.exe, 00000000.00000003.2114974237.0000000002775000.00000004.00000020.00020000.00000000.sdmp, fxplugins.dll.0.drString found in binary or memory: http://javafx.com/vp6decoderflvdemux
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/feature/secure-processing
    Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTD
    Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTDR
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchema
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalStylesheet
    Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.dom.DOMResult/feature
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.dom.DOMSource/feature
    Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.sax.SAXResult/feature#
    Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.sax.SAXSource/feature
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, jfr.jar.0.drString found in binary or memory: http://javax.xml.transform.sax.SAXTransformerFactory/feature
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.sax.SAXTransformerFactory/feature/xmlfilter
    Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.sax.SAXTransformerFactory/feature0
    Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.stax.StAXResult/feature
    Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.stax.StAXSource/feature
    Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.stax.StAXSource/feature#
    Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.stream.StreamResult/feature8
    Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.stream.StreamSource/feature
    Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.stream.StreamSource/feature6
    Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
    Source: Confirm Me.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2364658631.000000001644C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://null.sun.com/
    Source: Confirm Me.exe, 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.example.net:80
    Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
    Source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://openjdk.java.net/jeps/220).
    Source: Confirm Me.exe, 00000000.00000003.2072751855.0000000002770000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://oss.oracle.com/projects/gstreamer-mods/
    Source: Confirm Me.exe, 00000000.00000003.2072751855.0000000002770000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://oss.oracle.com/projects/webkit-java-mods/
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://policy.camerfirma.com
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://policy.camerfirma.com0
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://policy.camerfirma.comC
    Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://relaxngcc.sf.net/).
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A5E8000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A5E8000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/0
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/C
    Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
    Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s2.symcb.com0
    Source: Confirm Me.exe, 00000000.00000003.2072751855.0000000002770000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.com/docs/siteowner.aspx.
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A5E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://site.com/
    Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0f
    Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
    Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcd.com0&
    Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tartarus.org/~martin/PorterStemmer
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crls
    Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
    Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
    Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
    Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://upx.sourceforge.net/upx-license.html.
    Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://upx.tsx.org
    Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wildsau.idv.uni-linz.ac.at/mfx/upx.html
    Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2072751855.0000000002770000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/
    Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2072751855.0000000002770000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class2.crl
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class2.crl0
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3P.crl
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3P.crl0
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3P.crls
    Source: javaw.exe, 00000004.00000002.2351020651.0000000004C46000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.chambersign.org
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A5E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.chambersign.org1
    Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ecma-international.org
    Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ecma-international.org/memento/codeofconduct.htm
    Source: Confirm Me.exe, 00000000.00000003.2121246597.0000000002779000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ifpi.org/isrc/
    Source: Confirm Me.exe, 00000000.00000003.2161732222.00000000028F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jclark.com/xt
    Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.linuxnet.com
    Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nexus.hu/upx
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/feature/use-service-mechanism
    Source: jfr.jar.0.drString found in binary or memory: http://www.oracle.com/hotspot/jdk/
    Source: jfr.jar.0.drString found in binary or memory: http://www.oracle.com/hotspot/jfr-info/
    Source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmp, jfr.jar.0.drString found in binary or memory: http://www.oracle.com/hotspot/jvm/
    Source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.oracle.com/hotspot/jvm/java/monitor/address
    Source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.oracle.com/hotspot/jvm/vm/code_sweeper/id
    Source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.oracle.com/hotspot/jvm/vm/compiler/id
    Source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.oracle.com/hotspot/jvm/vm/gc/id
    Source: javaw.exe, 00000004.00000002.2364389357.0000000016411000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A5E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/technetwork/java/javafx/index.html
    Source: Confirm Me.exe, 00000000.00000003.2193499543.0000000002778000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/technetwork/java/javase/downloads/index.html
    Source: Confirm Me.exe, 00000000.00000003.2073849307.000000000277B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/technetwork/java/javase/overview/
    Source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.oracle.com/technetwork/java/javaseproducts/
    Source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.oracle.com/technetwork/java/javaseproducts/C:
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/is-standalone
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/elementAttributeLimit
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/enableExtensionFunctions
    Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/enableExtensionFunctions=
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityReplacementLimit
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/getEntityCountInfo
    Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/getEntityCountInfo%
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxElementDepth
    Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxGeneralEntitySizeLimit
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxOccurLimit
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimit
    Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimit#
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxXMLNameLimit
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/totalEntitySizeLimit
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/xmlSecurityPropertyManager
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bmc
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A675000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A5E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
    Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sgi.com/software/opensource/cid/license.html
    Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sgi.com/software/opensource/glx/license.html.
    Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/cps0(
    Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/rpa00
    Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.unicode.org/Public/
    Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.unicode.org/Public/.
    Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.unicode.org/cldr/data/.
    Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.unicode.org/copyright.html.
    Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.unicode.org/reports/
    Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.xfree86.org/)
    Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.apache.org/xalan
    Source: javaw.exe, 00000004.00000002.2361017795.0000000014D69000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.apache.org/xpath/features/whitespace-pre-stripping
    Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.apache.org/xslt
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/
    Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/P
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTD
    Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTD7
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-general-entities
    Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-general-entitiesYo
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-parameter-entities
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespace-prefixes
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespaces
    Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespaces=
    Source: javaw.exe, 00000004.00000002.2362196887.00000000155A1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A46F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/string-interning
    Source: javaw.exe, 00000004.00000002.2362196887.00000000155A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/string-interningfeature
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/use-entity-resolver2
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/validation
    Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/validation?
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/lexical-handler
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/xml-string
    Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/xml-string?
    Source: Confirm Me.exe, 00000000.00000003.2161732222.00000000028F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xmlsoft.org/XSLT/
    Source: Confirm Me.exe, 00000000.00000003.2161732222.00000000028F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xmlsoft.org/XSLT/Templates:
    Source: Confirm Me.exe, 00000000.00000003.2161732222.00000000028F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xmlsoft.org/XSLT/namespace
    Source: Confirm Me.exe, 00000000.00000003.2161732222.00000000028F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xmlsoft.org/XSLT/namespacehttp://www.jclark.com/xtxpath
    Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
    Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
    Source: javaw.exe, 00000004.00000002.2364389357.00000000163B0000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/TsSaltan/DevelNext-jURL/releases/latest
    Source: javaw.exe, 00000004.00000002.2356527969.0000000009ED3000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/gson
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.coms
    Source: javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/WhdMR234
    Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
    Source: unknownHTTPS traffic detected: 104.20.3.235:443 -> 192.168.2.5:49778 version: TLS 1.2
    Source: C:\Users\user\Desktop\Confirm Me.exeCode function: 0_2_00405705 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405705
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6B3F6800 GetKeyboardState,4_2_6B3F6800
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADD2BF6 _Java_sun_security_mscapi_KeyStore_storePrivateKey@20,CryptAcquireContextA,GetLastError,CryptImportKey,4_2_6ADD2BF6
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADD2D25 _Java_sun_security_mscapi_RSASignature_importPublicKey@16,CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,GetLastError,CryptImportKey,4_2_6ADD2D25
    Source: C:\Users\user\Desktop\Confirm Me.exeCode function: 0_2_0040351C EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,ExitProcess,CoUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040351C
    Source: C:\Users\user\Desktop\Confirm Me.exeCode function: 0_2_00406C5F0_2_00406C5F
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeCode function: 3_2_00405D303_2_00405D30
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeCode function: 3_2_004013B03_2_004013B0
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_0098B4A14_2_0098B4A1
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_009784FF4_2_009784FF
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_009770164_2_00977016
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_009768294_2_00976829
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_0097B99C4_2_0097B99C
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_0097B5FE4_2_0097B5FE
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_009899254_2_00989925
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_0097C1564_2_0097C156
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_0098A5524_2_0098A552
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_0097BD6E4_2_0097BD6E
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_0097B1694_2_0097B169
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_00989E764_2_00989E76
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_009893D44_2_009893D4
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_00977B2F4_2_00977B2F
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_00977F2B4_2_00977F2B
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADE2ACB4_2_6ADE2ACB
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADE3CF04_2_6ADE3CF0
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADE6CEE4_2_6ADE6CEE
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADE9AE74_2_6ADE9AE7
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADE32864_2_6ADE3286
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADEDEBA4_2_6ADEDEBA
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADED6B54_2_6ADED6B5
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADEDCAE4_2_6ADEDCAE
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADED2574_2_6ADED257
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADED87C4_2_6ADED87C
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADE3E7A4_2_6ADE3E7A
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADE7FDA4_2_6ADE7FDA
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADE91DA4_2_6ADE91DA
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADE33D54_2_6ADE33D5
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADED75B4_2_6ADED75B
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADE71684_2_6ADE7168
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADE69664_2_6ADE6966
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADE95644_2_6ADE9564
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADE29114_2_6ADE2911
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADEE52D4_2_6ADEE52D
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6B386A784_2_6B386A78
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6B386A764_2_6B386A76
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6B3DE9404_2_6B3DE940
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6B3869F04_2_6B3869F0
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6B3528204_2_6B352820
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6B36082C4_2_6B36082C
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6B36AD604_2_6B36AD60
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6B3DED604_2_6B3DED60
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6B3B8CC04_2_6B3B8CC0
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6B3523A04_2_6B3523A0
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6B3522804_2_6B352280
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6B37E2C04_2_6B37E2C0
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6B3CA0064_2_6B3CA006
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6B3B87B04_2_6B3B87B0
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6B3607A04_2_6B3607A0
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6B3525304_2_6B352530
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6B3DE5304_2_6B3DE530
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6B3DDB904_2_6B3DDB90
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6B3E1A104_2_6B3E1A10
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6B351A404_2_6B351A40
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6B3BBA804_2_6B3BBA80
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6B3BD9604_2_6B3BD960
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeCode function: String function: 00406E10 appears 37 times
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: String function: 00978A72 appears 35 times
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: String function: 0097DB40 appears 40 times
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: String function: 6B404026 appears 177 times
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: String function: 6B403DC6 appears 34 times
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: String function: 6B403F81 appears 217 times
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: String function: 6B3AEA57 appears 132 times
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: String function: 00973BA3 appears 49 times
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: String function: 6B403D9C appears 107 times
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: String function: 6B3FF4BC appears 215 times
    Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamektab.exeN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamejfxmedia.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedecora_sse.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamejjs.exeN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamejavaw.exeN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameklist.exeN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamejfr.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefontmanager.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamejavaws.exeX vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesplashscreen.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprism_sw.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameJavaAccessBridge-32.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemlib_image.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameresource.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemanagement.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameawt.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamejaas_nt.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2161732222.00000000028F7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamejfxwebkit.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedeploy.dllX vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWindowsAccessBridge-32.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprism_d3d.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenpt.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2130612947.000000000277B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamejavafx_font.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2193499543.00000000027D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamessv.dllX vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2177737342.000000000277F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelcms.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2184133514.0000000002777000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenet.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2135311826.000000000277A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamejdwp.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2166511343.000000000277D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamejp2native.dllX vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2109755976.000000000277B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedcpr.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2170077141.000000000277F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamejsdt.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2191177168.000000000277A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamermiregistry.exeN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2127860611.000000000277E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamejava.exeN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2131468702.0000000002775000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamejavafx_font_t2k.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2171101964.0000000002776000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamejsound.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2134492627.000000000277D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamejawt.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2164017536.0000000002775000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamejli.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2169273331.0000000002776000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamejpeg.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2172830819.0000000002770000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamecmm.dll^ vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2185814089.0000000002771000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameorbd.exeN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2127170220.0000000002772000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamejava.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2190587949.0000000002775000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamermid.exeN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2168135670.000000000277C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamejp2ssv.dllX vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2123475901.000000000277F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamej2pcsc.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2183367662.0000000002777000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcr120.dll^ vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2105009235.0000000002772000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameJavaAccessBridge.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2102696019.0000000002770000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameJAWTAccessBridge-32.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2112138274.000000000277D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedt_socket.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2103096731.0000000002770000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameJAWTAccessBridge.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2186844213.000000000277C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepolicytool.exeN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2187677469.000000000277A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprism_common.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2122048543.0000000002773000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamehprof.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2164971000.0000000002778000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamejp2iexp.dllX vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2111585981.0000000002778000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedt_shmem.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2171917868.0000000002775000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamejsoundds.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2123933808.0000000002770000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamej2pkcs11.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2115977249.0000000002773000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameglass.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2191839179.0000000002777000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameservertool.exeN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2174055178.000000000277C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekeytool.exeN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2175087733.0000000002779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekinit.exeN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2186297923.0000000002778000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepack200.exeN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2106535004.0000000002772000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWindowsAccessBridge.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2180498787.0000000002770000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp120.dll^ vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2128456389.000000000277B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamejava_crw_demo.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2182045877.0000000002770000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcr100_clr0400.dll^ vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2122874503.0000000002779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameinstrument.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2109082232.000000000277E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamebci.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2121246597.0000000002779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegstreamer-lite.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2165813508.0000000002772000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamejp2launcher.exeX vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2130000619.0000000002773000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamejavacpl.exeX vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2112822739.000000000277E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeula.dllX vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2125754785.000000000277B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamejava-rmi.exeN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2119978601.00000000027AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameglib-lite.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2132216215.0000000002779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamejavafx_iio.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2125094328.0000000002773000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamejabswitch.exeN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2114974237.0000000002775000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefxplugins.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2184692925.000000000277B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenio.dllN vs Confirm Me.exe
    Source: Confirm Me.exe, 00000000.00000003.2129267673.0000000002778000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamejavacpl.cplX vs Confirm Me.exe
    Source: Confirm Me.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
    Source: classification engineClassification label: mal60.troj.evad.winEXE@5/218@1/1
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeCode function: 3_2_00401ED0 GetLastError,puts,ShellExecuteA,printf,fclose,MessageBoxA,FormatMessageA,strlen,strcat,LocalFree,fprintf,fprintf,fprintf,3_2_00401ED0
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADD22F9 _Java_sun_security_mscapi_RSACipher_findCertificateUsingAlias@16,CertOpenSystemStoreA,GetLastError,CertGetNameStringA,CertEnumCertificatesInStore,CertGetNameStringA,??2@YAPAXI@Z,CertGetNameStringA,strcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,4_2_6ADD22F9
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADD20B5 _Java_sun_security_mscapi_KeyStore_removeCertificate@24,CertOpenSystemStoreA,??2@YAPAXI@Z,CertCreateCertificateContext,GetLastError,CertFindCertificateInStore,CertGetNameStringA,CertGetNameStringA,??2@YAPAXI@Z,CertGetNameStringA,strcmp,CertDeleteCertificateFromStore,GetLastError,4_2_6ADD20B5
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADD13AC _Java_sun_security_mscapi_KeyStore_loadKeysOrCertificateChains@12,CertOpenSystemStoreA,GetLastError,CertEnumCertificatesInStore,CryptAcquireCertificatePrivateKey,CryptGetUserKey,CryptReleaseContext,CryptSetKeyParam,CertGetPublicKeyLength,CertGetNameStringA,??2@YAPAXI@Z,CertGetNameStringA,CryptGetKeyParam,CertFreeCertificateChain,4_2_6ADD13AC
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADD1D4B _Java_sun_security_mscapi_KeyStore_storeCertificate@40,CertOpenSystemStoreA,??2@YAPAXI@Z,CertCreateCertificateContext,GetLastError,??2@YAPAXI@Z,memcpy,CertSetCertificateContextProperty,CryptGetProvParam,CryptGetProvParam,??2@YAPAXI@Z,CryptGetProvParam,??2@YAPAXI@Z,mbstowcs,CryptGetProvParam,??2@YAPAXI@Z,CryptGetProvParam,??2@YAPAXI@Z,mbstowcs,CryptGetProvParam,CryptGetKeyParam,CertSetCertificateContextProperty,CertAddCertificateContextToStore,GetLastError,4_2_6ADD1D4B
    Source: C:\Users\user\Desktop\Confirm Me.exeCode function: 0_2_0040351C EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,ExitProcess,CoUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040351C
    Source: C:\Users\user\Desktop\Confirm Me.exeCode function: 0_2_004049B1 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004049B1
    Source: C:\Users\user\Desktop\Confirm Me.exeCode function: 0_2_004021CF CoCreateInstance,0_2_004021CF
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeCode function: 3_2_00404740 FindResourceExA,LoadResource,LockResource,fprintf,FindResourceExA,LoadResource,LockResource,fprintf,strchr,strlen,strcpy,FindResourceExA,LoadResource,LockResource,fprintf,strchr,strlen,strcpy,strncpy,strlen,strcat,strncpy,strlen,strcat,FindResourceExA,LoadResource,LockResource,atoi,SetLastError,SetLastError,SetLastError,strcpy,fprintf,FindResourceExA,LoadResource,LockResource,atoi,strcpy,fprintf,fprintf,SetLastError,SetLastError,fprintf,3_2_00404740
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDWJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeMutant created: NULL
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Local\Temp\nszF341.tmpJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCommand line argument: 1.84_2_00971000
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCommand line argument: 1.8.0_101-b134_2_00971000
    Source: Confirm Me.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\Confirm Me.exeFile read: C:\Users\desktop.iniJump to behavior
    Source: C:\Users\user\Desktop\Confirm Me.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: javaw.exeString found in binary or memory: sun/launcher/LauncherHelper
    Source: javaw.exeString found in binary or memory: -help
    Source: C:\Users\user\Desktop\Confirm Me.exeFile read: C:\Users\user\Desktop\Confirm Me.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\Confirm Me.exe "C:\Users\user\Desktop\Confirm Me.exe"
    Source: C:\Users\user\Desktop\Confirm Me.exeProcess created: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe C:\Users\user\AppData\Roaming\InstallerPDW\install.exe
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeProcess created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe "C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\COPYRIGHT;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre\jphp-runtime.jar;jre\jphp-xml-ext.jar;jre\jphp-zend-ext.jar;jre\jphp-zip-ext.jar;jre\lib;jre\LICENSE;jre\README.txt;jre\release;jre\slf4j-api.jar;jre\slf4j-simple.jar;jre\THIRDPARTYLICENSEREADME-JAVAFX.txt;jre\THIRDPARTYLICENSEREADME.txt;jre\Welcome.html;jre\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncher
    Source: C:\Users\user\Desktop\Confirm Me.exeProcess created: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe C:\Users\user\AppData\Roaming\InstallerPDW\install.exeJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeProcess created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe "C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\COPYRIGHT;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre\jphp-runtime.jar;jre\jphp-xml-ext.jar;jre\jphp-zend-ext.jar;jre\jphp-zip-ext.jar;jre\lib;jre\LICENSE;jre\README.txt;jre\release;jre\slf4j-api.jar;jre\slf4j-simple.jar;jre\THIRDPARTYLICENSEREADME-JAVAFX.txt;jre\THIRDPARTYLICENSEREADME.txt;jre\Welcome.html;jre\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncherJump to behavior
    Source: C:\Users\user\Desktop\Confirm Me.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\Confirm Me.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\Confirm Me.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\Confirm Me.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Users\user\Desktop\Confirm Me.exeSection loaded: dwmapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Confirm Me.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\Confirm Me.exeSection loaded: oleacc.dllJump to behavior
    Source: C:\Users\user\Desktop\Confirm Me.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Users\user\Desktop\Confirm Me.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\Confirm Me.exeSection loaded: shfolder.dllJump to behavior
    Source: C:\Users\user\Desktop\Confirm Me.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\Confirm Me.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\Confirm Me.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: acgenral.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: msacm32.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: dwmapi.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: winmmbase.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: winmmbase.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: aclayers.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: acgenral.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: msacm32.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: dwmapi.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: winmmbase.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: winmmbase.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: aclayers.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: dhcpcsvc6.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: dhcpcsvc.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: d3d9.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: d3d10warp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: resourcepolicyclient.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: dxcore.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: dwrite.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: windowscodecs.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: dataexchange.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: d3d11.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: dcomp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: dxgi.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: twinapi.appcore.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: textinputframework.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\Confirm Me.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
    Source: Confirm Me.exeStatic file information: File size 48457393 > 1048576
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr100.dllJump to behavior
    Source: Confirm Me.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libt2k\t2k.pdb source: t2k.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjli\jli.pdb source: Confirm Me.exe, 00000000.00000003.2164017536.0000000002775000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjavaaccessbridge\JavaAccessBridge.pdb source: Confirm Me.exe, 00000000.00000003.2105009235.0000000002772000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libinstrument\instrument.pdb source: Confirm Me.exe, 00000000.00000003.2122874503.0000000002779000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\eula\obj\eula.pdb source: Confirm Me.exe, 00000000.00000003.2112822739.000000000277E000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\jre-image\bin\javaws.pdb source: Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjawtaccessbridge-32\JAWTAccessBridge-32.pdb source: Confirm Me.exe, 00000000.00000003.2102696019.0000000002770000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libwindowsaccessbridge\WindowsAccessBridge.pdb source: Confirm Me.exe, 00000000.00000003.2106535004.0000000002772000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libj2pkcs11\j2pkcs11.pdb source: Confirm Me.exe, 00000000.00000003.2123933808.0000000002770000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libwindowsaccessbridge-32\WindowsAccessBridge-32.pdb source: Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libj2pcsc\j2pcsc.pdb source: Confirm Me.exe, 00000000.00000003.2123475901.000000000277F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\orbd_objs\orbd.pdb source: Confirm Me.exe, 00000000.00000003.2185814089.0000000002771000.00000004.00000020.00020000.00000000.sdmp, orbd.exe.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava_crw_demo\java_crw_demo.pdb98 source: Confirm Me.exe, 00000000.00000003.2128456389.000000000277B000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\rmid_objs\rmid.pdb source: Confirm Me.exe, 00000000.00000003.2190587949.0000000002775000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsplashscreen\splashscreen.pdb source: Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjavaaccessbridge-32\JavaAccessBridge-32.pdb) source: Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, JavaAccessBridge-32.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\keytool_objs\keytool.pdb source: Confirm Me.exe, 00000000.00000003.2174055178.000000000277C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjavaaccessbridge-32\JavaAccessBridge-32.pdb source: Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, JavaAccessBridge-32.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjsound\jsound.pdbIC source: Confirm Me.exe, 00000000.00000003.2171101964.0000000002776000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2ssv\obj\jp2ssv.pdb source: Confirm Me.exe, 00000000.00000003.2168135670.000000000277C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2ssv\obj\jp2ssv.pdb source: Confirm Me.exe, 00000000.00000003.2168135670.000000000277C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\kinit_objs\kinit.pdb source: Confirm Me.exe, 00000000.00000003.2175087733.0000000002779000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnio\nio.pdbic source: Confirm Me.exe, 00000000.00000003.2184692925.000000000277B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2374873004.000000006E087000.00000002.00000001.01000000.0000000D.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnpt\npt.pdb source: Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libfontmanager\fontmanager.pdb@ source: Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb source: Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libdcpr\dcpr.pdb source: Confirm Me.exe, 00000000.00000003.2109755976.000000000277B000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libhprof_jvmti\hprof.pdb source: Confirm Me.exe, 00000000.00000003.2122048543.0000000002773000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjdwp\jdwp.pdbI source: Confirm Me.exe, 00000000.00000003.2135311826.000000000277A000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\jjs_objs\jjs.pdb source: Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\servertool_objs\servertool.pdb source: Confirm Me.exe, 00000000.00000003.2191839179.0000000002777000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\hotspot\windows_i486_compiler1\product\jvm.pdb source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\eula\obj\eula.pdb0 source: Confirm Me.exe, 00000000.00000003.2112822739.000000000277E000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnio\nio.pdb source: Confirm Me.exe, 00000000.00000003.2184692925.000000000277B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2374873004.000000006E087000.00000002.00000001.01000000.0000000D.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2iexp\obj\jp2iexp.pdb source: Confirm Me.exe, 00000000.00000003.2164971000.0000000002778000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjli\jli.pdb source: Confirm Me.exe, 00000000.00000003.2164017536.0000000002775000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: msvcr120.i386.pdb source: Confirm Me.exe, 00000000.00000003.2183367662.0000000002777000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2372853891.000000006BF41000.00000020.00000001.01000000.0000000E.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libdt_socket\dt_socket.pdb source: Confirm Me.exe, 00000000.00000003.2112138274.000000000277D000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\javacpl\obj\javacpl.pdb4 source: Confirm Me.exe, 00000000.00000003.2129267673.0000000002778000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\pack200_objs\pack200.pdb source: Confirm Me.exe, 00000000.00000003.2186297923.0000000002778000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: msvcp120.i386.pdb source: Confirm Me.exe, 00000000.00000003.2180498787.0000000002770000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, javaw.exe, 00000004.00000002.2372515366.000000006BEC1000.00000020.00000001.01000000.0000000F.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libdt_shmem\dt_shmem.pdb source: Confirm Me.exe, 00000000.00000003.2111585981.0000000002778000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjfr\jfr.pdb source: Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjawt\jawt.pdb source: Confirm Me.exe, 00000000.00000003.2134492627.000000000277D000.00000004.00000020.00020000.00000000.sdmp, jawt.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\rmiregistry_objs\rmiregistry.pdb source: Confirm Me.exe, 00000000.00000003.2191177168.000000000277A000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjaas\jaas_nt.pdb source: Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjawtaccessbridge\JAWTAccessBridge.pdb source: Confirm Me.exe, 00000000.00000003.2103096731.0000000002770000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava_crw_demo\java_crw_demo.pdb source: Confirm Me.exe, 00000000.00000003.2128456389.000000000277B000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava\java.pdb source: Confirm Me.exe, 00000000.00000003.2127170220.0000000002772000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2375058158.000000006E3E3000.00000002.00000001.01000000.0000000A.sdmp, java.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjsdt\jsdt.pdb source: Confirm Me.exe, 00000000.00000003.2170077141.000000000277F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjpeg\jpeg.pdb source: Confirm Me.exe, 00000000.00000003.2169273331.0000000002776000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\ktab_objs\ktab.pdb source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\klist_objs\klist.pdb source: Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\javacpl\obj\javacpl.pdb source: Confirm Me.exe, 00000000.00000003.2129267673.0000000002778000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnet\net.pdb source: Confirm Me.exe, 00000000.00000003.2184133514.0000000002777000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2373233269.000000006C07D000.00000002.00000001.01000000.0000000C.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libbci\bci.pdb source: Confirm Me.exe, 00000000.00000003.2109082232.000000000277E000.00000004.00000020.00020000.00000000.sdmp, bci.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsplashscreen\splashscreen.pdb source: Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libverify\verify.pdb source: javaw.exe, 00000004.00000002.2375515849.000000006F976000.00000002.00000001.01000000.00000009.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\javacplexec\obj\javacpl.pdb source: Confirm Me.exe, 00000000.00000003.2130000619.0000000002773000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\java_objs\java.pdb source: Confirm Me.exe, 00000000.00000003.2127860611.000000000277E000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2iexp\obj\jp2iexp.pdb< source: Confirm Me.exe, 00000000.00000003.2164971000.0000000002778000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\javaw_objs\javaw.pdb source: Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, javaw.exe, 00000004.00000002.2349945499.000000000098C000.00000002.00000001.01000000.00000006.sdmp, javaw.exe, 00000004.00000000.2300773769.000000000098C000.00000002.00000001.01000000.00000006.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb8^DkdwBk source: javaw.exe, 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\java-rmi_objs\java-rmi.pdb source: Confirm Me.exe, 00000000.00000003.2125754785.000000000277B000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\liblcms\lcms.pdb source: Confirm Me.exe, 00000000.00000003.2177737342.000000000277F000.00000004.00000020.00020000.00000000.sdmp, lcms.dll.0.dr
    Source: Binary string: msvcr100.i386.pdb source: Confirm Me.exe, 00000000.00000003.2182045877.0000000002770000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2374421523.000000006C461000.00000020.00000001.01000000.00000007.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\ssv\obj\ssv.pdb source: Confirm Me.exe, 00000000.00000003.2193499543.0000000002778000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjdwp\jdwp.pdb source: Confirm Me.exe, 00000000.00000003.2135311826.000000000277A000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libzip\zip.pdb source: javaw.exe, 00000004.00000002.2375253895.000000006E4AA000.00000002.00000001.01000000.0000000B.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\javacplexec\obj\javacpl.pdb0 source: Confirm Me.exe, 00000000.00000003.2130000619.0000000002773000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libmlib_image\mlib_image.pdb source: Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, mlib_image.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunec\sunec.pdb$ source: javaw.exe, 00000004.00000002.2371383744.000000006ADF3000.00000002.00000001.01000000.00000017.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunec\sunec.pdb source: javaw.exe, 00000004.00000002.2371383744.000000006ADF3000.00000002.00000001.01000000.00000017.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\jre-image\bin\deploy.pdb source: Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\jabswitch\jabswitch.pdb source: Confirm Me.exe, 00000000.00000003.2125094328.0000000002773000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2launcher\obj\jp2launcher.pdbP*A source: Confirm Me.exe, 00000000.00000003.2165813508.0000000002772000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\jre-image\bin\javaws.pdbPfC source: Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2native\obj\jp2native.pdb source: Confirm Me.exe, 00000000.00000003.2166511343.000000000277D000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjsound\jsound.pdb source: Confirm Me.exe, 00000000.00000003.2171101964.0000000002776000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjfr\jfr.pdby* source: Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava\java.pdb'% source: Confirm Me.exe, 00000000.00000003.2127170220.0000000002772000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2375058158.000000006E3E3000.00000002.00000001.01000000.0000000A.sdmp, java.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libmlib_image\mlib_image.pdb9 source: Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, mlib_image.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb8^ source: Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunmscapi\sunmscapi.pdb source: javaw.exe, 00000004.00000002.2371227574.000000006ADD4000.00000002.00000001.01000000.00000018.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\tnameserv_objs\tnameserv.pdb source: tnameserv.exe.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libhprof_jvmti\hprof.pdbi source: Confirm Me.exe, 00000000.00000003.2122048543.0000000002773000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libresource\resource.pdb source: Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\liblcms\lcms.pdb* source: Confirm Me.exe, 00000000.00000003.2177737342.000000000277F000.00000004.00000020.00020000.00000000.sdmp, lcms.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnpt\npt.pdbY" source: Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libfontmanager\fontmanager.pdb source: Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libmanagement\management.pdb source: Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjsoundds\jsoundds.pdb source: Confirm Me.exe, 00000000.00000003.2171917868.0000000002775000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjpeg\jpeg.pdbi source: Confirm Me.exe, 00000000.00000003.2169273331.0000000002776000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\policytool_objs\policytool.pdb source: Confirm Me.exe, 00000000.00000003.2186844213.000000000277C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libmanagement\management.pdby: source: Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libkcms\kcms.pdb source: Confirm Me.exe, 00000000.00000003.2172830819.0000000002770000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2launcher\obj\jp2launcher.pdb source: Confirm Me.exe, 00000000.00000003.2165813508.0000000002772000.00000004.00000020.00020000.00000000.sdmp
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_00974DC6 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,4_2_00974DC6
    Source: jfxwebkit.dll.0.drStatic PE information: section name: .unwante
    Source: prism_sw.dll.0.drStatic PE information: section name: _RDATA
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_0098F4AD pushad ; ret 4_2_0098F4AE
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_0098F8EC push cs; iretd 4_2_0098F9C2
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_0098F9EE push cs; iretd 4_2_0098F9C2
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_0098FB9E push ebx; ret 4_2_0098FB9F
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_0097DB85 push ecx; ret 4_2_0097DB98
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_009807ED push edi; ret 4_2_009807EE
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADD2EB5 push ecx; ret 4_2_6ADD2EC8
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADF23F5 push ecx; ret 4_2_6ADF2408
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6B4048B5 push ecx; ret 4_2_6B4048C8
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6B404026 push ecx; ret 4_2_6B404039
    Source: msvcr100.dll.0.drStatic PE information: section name: .text entropy: 6.90903234258047
    Source: msvcr100.dll0.0.drStatic PE information: section name: .text entropy: 6.90903234258047
    Source: msvcr120.dll.0.drStatic PE information: section name: .text entropy: 6.95576372950548
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JAWTAccessBridge-32.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\lcms.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr100.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\npt.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\kcms.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\fontmanager.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfxwebkit.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jli.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\kinit.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2iexp.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\verify.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dt_socket.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\bci.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2native.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfr.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dt_shmem.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\rmiregistry.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jawt.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java_crw_demo.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\prism_sw.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javacpl.cplJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_font.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\sunmscapi.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\nio.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\servertool.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\net.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\policytool.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\zip.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\WindowsAccessBridge.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jabswitch.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaws.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ssvagent.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfxmedia.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\fxplugins.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\wsdetect.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dcpr.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ssv.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\WindowsAccessBridge-32.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javacpl.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2ssv.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\glib-lite.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\tnameserv.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\gstreamer-lite.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\deploy.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\awt.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\prism_d3d.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\sunec.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\decora_sse.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\splashscreen.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2launcher.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\orbd.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\j2pcsc.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_iio.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jdwp.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsoundds.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr120.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\plugin2\npjp2.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\klist.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\keytool.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\rmid.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\management.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcp120.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dtplugin\npdeployJava1.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\glass.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jaas_nt.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JavaAccessBridge-32.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\mlib_image.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\t2k.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\hprof.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\prism_common.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsdt.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\unpack200.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\unpack.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ktab.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\w2k_lsa_auth.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\instrument.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_font_t2k.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\j2pkcs11.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\client\jvm.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\resource.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JavaAccessBridge.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jjs.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\eula.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JAWTAccessBridge.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\pack200.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsound.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jpeg.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java-rmi.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\plugin2\msvcr100.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dtplugin\deployJava1.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javacpl.cplJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\README.txtJump to behavior
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME-JAVAFX.txtJump to behavior
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME-JAVAFX.txtJump to behavior
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME.txtJump to behavior
    Source: C:\Users\user\Desktop\Confirm Me.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME.txtJump to behavior
    Source: C:\Users\user\Desktop\Confirm Me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6B36AD60 rdtsc 4_2_6B36AD60
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JAWTAccessBridge-32.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr100.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\lcms.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\npt.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\kcms.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jli.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfxwebkit.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\fontmanager.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\kinit.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2iexp.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\verify.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\bci.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dt_socket.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2native.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfr.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dt_shmem.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\rmiregistry.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jawt.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java_crw_demo.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\prism_sw.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javacpl.cplJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_font.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\sunmscapi.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\nio.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\servertool.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\net.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\policytool.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\WindowsAccessBridge.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\zip.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jabswitch.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaws.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ssvagent.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfxmedia.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\fxplugins.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\wsdetect.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dcpr.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ssv.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javacpl.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\WindowsAccessBridge-32.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2ssv.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\tnameserv.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\glib-lite.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\gstreamer-lite.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\deploy.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\awt.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\prism_d3d.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\sunec.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\decora_sse.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\splashscreen.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2launcher.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\orbd.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_iio.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\j2pcsc.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jdwp.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsoundds.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr120.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\plugin2\npjp2.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\klist.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\keytool.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\rmid.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcp120.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\management.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dtplugin\npdeployJava1.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\glass.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jaas_nt.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\t2k.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\mlib_image.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JavaAccessBridge-32.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\prism_common.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\hprof.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsdt.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\unpack200.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\unpack.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ktab.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\w2k_lsa_auth.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\instrument.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_font_t2k.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\j2pkcs11.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\client\jvm.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\resource.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JavaAccessBridge.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jjs.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\eula.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JAWTAccessBridge.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\pack200.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsound.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jpeg.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java-rmi.exeJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dtplugin\deployJava1.dllJump to dropped file
    Source: C:\Users\user\Desktop\Confirm Me.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\plugin2\msvcr100.dllJump to dropped file
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_4-59958
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeAPI coverage: 1.8 %
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6B3C4604 GetKeyboardLayout followed by cmp: cmp ax, cx and CTI: jne 6B3C4627h4_2_6B3C4604
    Source: C:\Users\user\Desktop\Confirm Me.exeCode function: 0_2_00405C4D GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C4D
    Source: C:\Users\user\Desktop\Confirm Me.exeCode function: 0_2_00402930 FindFirstFileW,0_2_00402930
    Source: C:\Users\user\Desktop\Confirm Me.exeCode function: 0_2_0040689E FindFirstFileW,FindClose,0_2_0040689E
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_0097A3A5 __getdrive,FindFirstFileExA,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,_free,___loctotime64_t,_free,__wsopen_s,__fstat64i32,__close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,4_2_0097A3A5
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_00975225 FindFirstFileA,FindNextFileA,_strlen,_strlen,_strlen,_memmove,_memmove,FindClose,4_2_00975225
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\InstallerPDW\jre\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\InstallerPDW\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
    Source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: l{constant pool}code cache C-heap hand metaspace chunks dict zone strs syms heap threads [Verifying Genesis-2147483648Unable to link/verify Finalizer.register methodUnable to link/verify ClassLoader.addClass methodProtectionDomain.impliesCreateAccessControlContext() has the wrong linkageUnable to link/verify Unsafe.throwIllegalAccessError methodJava heap space: failed reallocation of scalar replaced objectsGC overhead limit exceededRequested array size exceeds VM limitCompressed class spaceJava heap spaceUnable to link/verify VirtualMachineError classC:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\hotspot\src\share\vm\oops\arrayKlass.cpp[]guarantee(component_mirror()->klass() != NULL) failedshould have a classC:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\hotspot\src\share\vm\gc_interface/collectedHeap.inline.hpp - length: %dguarantee(a->length() >= 0) failedarray with negative length?guarantee(obj->is_array()) failedmust be arrayshould be klassguarantee(is_constantPool()) failedvtable restored by this call<pseudo-string> cache=0x%08x (extra) for /operands[%d]/preresolutionconstant pool [%d]A constant pool lockC:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\hotspot\src\share\vm\oops\constantPool.cppguarantee(!ConstantPool::is_invokedynamic_index(which)) failedan invokedynamic instruction does not have a klassRESOLVE %s %s
    Source: javaw.exe, 00000004.00000003.2301973931.0000000014C6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: com/sun/corba/se/impl/util/SUNVMCID.classPK
    Source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmp, classlist.0.drBinary or memory string: java/lang/VirtualMachineError
    Source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: Unable to link/verify VirtualMachineError class
    Source: Confirm Me.exe, 00000000.00000003.2135311826.000000000277A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: JVM version %s (%s, %s)<unknown>VirtualMachineImpl.cRedefineClassesGetTopThreadGroupsJNI_FALSENewStringUTF;DeleteWeakGlobalRefsignature bagsignaturesclassTrack.cloaded classesclassTrack tableNewWeakGlobalRefsignatureKlassNodeAttempting to insert duplicate classloaded classes arraySetTagcommonRef.cDeleteGlobalRefFreeing %d (%x)
    Source: Confirm Me.exe, 00000000.00000003.2135311826.000000000277A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VirtualMachineImpl.c
    Source: javaw.exe, 00000004.00000003.2301973931.0000000014C6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: org/omg/CORBA/OMGVMCID.classPK
    Source: javaw.exe, 00000004.00000002.2350571854.0000000002600000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: cjava/lang/VirtualMachineError
    Source: javaw.exe, 00000004.00000002.2350571854.0000000002600000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: t[Ljava/lang/VirtualMachineError;
    Source: javaw.exe, 00000004.00000003.2301973931.0000000014C6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: )Q+com/sun/corba/se/impl/util/SUNVMCID.classPK
    Source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: _well_known_klasses[SystemDictionary::VirtualMachineError_klass_knum]
    Source: javaw.exe, 00000004.00000003.2301973931.0000000014C6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: java/lang/VirtualMachineError.classPK
    Source: javaw.exe, 00000004.00000002.2350234267.0000000000D3B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlll
    Source: javaw.exe, 00000004.00000002.2350571854.0000000002600000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: lVirtualMachineError.java
    Source: C:\Users\user\Desktop\Confirm Me.exeAPI call chain: ExitProcess graph end nodegraph_0-3618
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeAPI call chain: ExitProcess graph end nodegraph_4-59959

    Anti Debugging

    barindex
    Found API chain indicative of debugger detection
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleepgraph_4-59674
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6B36AD60 rdtsc 4_2_6B36AD60
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_0097D15B _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_0097D15B
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_00974DC6 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,4_2_00974DC6
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_00987E87 __lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,4_2_00987E87
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeCode function: 3_2_00401150 SetUnhandledExceptionFilter,__getmainargs,_iob,_iob,_setmode,_iob,_iob,_setmode,__p__fmode,__p__environ,_cexit,ExitProcess,3_2_00401150
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_0097D15B _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_0097D15B
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_009796E8 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_009796E8
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_0097EF37 SetUnhandledExceptionFilter,4_2_0097EF37
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADD2E44 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,4_2_6ADD2E44
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6ADF1A72 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,4_2_6ADF1A72
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeMemory protected: page read and write | page guardJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeProcess created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe "C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\COPYRIGHT;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre\jphp-runtime.jar;jre\jphp-xml-ext.jar;jre\jphp-zend-ext.jar;jre\jphp-zip-ext.jar;jre\lib;jre\LICENSE;jre\README.txt;jre\release;jre\slf4j-api.jar;jre\slf4j-simple.jar;jre\THIRDPARTYLICENSEREADME-JAVAFX.txt;jre\THIRDPARTYLICENSEREADME.txt;jre\Welcome.html;jre\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncherJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeProcess created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe "c:\users\user\appdata\roaming\installerpdw\jre\bin\javaw.exe" -dfile.encoding=utf-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\copyright;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre\jphp-runtime.jar;jre\jphp-xml-ext.jar;jre\jphp-zend-ext.jar;jre\jphp-zip-ext.jar;jre\lib;jre\license;jre\readme.txt;jre\release;jre\slf4j-api.jar;jre\slf4j-simple.jar;jre\thirdpartylicensereadme-javafx.txt;jre\thirdpartylicensereadme.txt;jre\welcome.html;jre\zt-zip.jar" org.develnext.jphp.ext.javafx.fxlauncher
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeProcess created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe "c:\users\user\appdata\roaming\installerpdw\jre\bin\javaw.exe" -dfile.encoding=utf-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\copyright;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre\jphp-runtime.jar;jre\jphp-xml-ext.jar;jre\jphp-zend-ext.jar;jre\jphp-zip-ext.jar;jre\lib;jre\license;jre\readme.txt;jre\release;jre\slf4j-api.jar;jre\slf4j-simple.jar;jre\thirdpartylicensereadme-javafx.txt;jre\thirdpartylicensereadme.txt;jre\welcome.html;jre\zt-zip.jar" org.develnext.jphp.ext.javafx.fxlauncherJump to behavior
    Source: Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [mwndProcID was NULL in mainLoop()wndProc(JIJJ)JNULL != hIcon../../src/common/windows/native/WindowsJavaTrayIcon.cppTrayNotifyWndShell_TrayWndUnable to Start Java Plug-in Control Panel%s\javacpl.exeJava Sys Tray
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: GetLocaleInfoW,_wtoi,GetACP,4_2_6B3E69B7
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: _Java_sun_awt_windows_WPageDialogPeer__1show@8,__EH_prolog3_catch,memset,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,wcscmp,free,GlobalLock,_control87,_control87,_control87,_control87,GlobalUnlock,_CxxThrowException,GlobalLock,GlobalUnlock,4_2_6B3EEC97
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_0097F719 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,4_2_0097F719
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_0098819A __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,SetOaNoCache,4_2_0098819A
    Source: C:\Users\user\Desktop\Confirm Me.exeCode function: 0_2_0040351C EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,ExitProcess,CoUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040351C
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Yara detected STRRAT
    Source: Yara matchFile source: Process Memory Space: javaw.exe PID: 6524, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected STRRAT
    Source: Yara matchFile source: Process Memory Space: javaw.exe PID: 6524, type: MEMORYSTR
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 4_2_6B368450 ?NotifyAdapterEventListeners@D3DPipelineManager@@SAXIJ@Z,_JNU_GetEnv@8,JNU_CallStaticMethodByName,4_2_6B368450

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
    Native API    		1
    DLL Side-Loading    		1
    DLL Side-Loading    		1
    Disable or Modify Tools    		11
    Input Capture    		2
    System Time Discovery    		Remote Services11
    Archive Collected Data    		1
    Web Service    		Exfiltration Over Other Network Medium1
    Data Encrypted for Impact
    CredentialsDomainsDefault Accounts13
    Command and Scripting Interpreter    		Boot or Logon Initialization Scripts1
    Access Token Manipulation    		1
    Deobfuscate/Decode Files or Information    		LSASS Memory3
    File and Directory Discovery    		Remote Desktop Protocol11
    Input Capture    		22
    Encrypted Channel    		Exfiltration Over Bluetooth1
    System Shutdown/Reboot
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)12
    Process Injection    		3
    Obfuscated Files or Information    		Security Account Manager25
    System Information Discovery    		SMB/Windows Admin Shares1
    Clipboard Data    		1
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
    Install Root Certificate    		NTDS131
    Security Software Discovery    		Distributed Component Object ModelInput Capture2
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    Software Packing    		LSA Secrets1
    Virtualization/Sandbox Evasion    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain Credentials1
    Process Discovery    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
    Masquerading    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    Virtualization/Sandbox Evasion    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
    Access Token Manipulation    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron12
    Process Injection    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    Confirm Me.exe3%ReversingLabs
    Confirm Me.exe4%VirustotalBrowse

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Roaming\InstallerPDW\install.exe3%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JAWTAccessBridge-32.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JAWTAccessBridge.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JavaAccessBridge-32.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JavaAccessBridge.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\WindowsAccessBridge-32.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\WindowsAccessBridge.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\awt.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\bci.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\client\jvm.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dcpr.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\decora_sse.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\deploy.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dt_shmem.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dt_socket.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dtplugin\deployJava1.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dtplugin\npdeployJava1.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\eula.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\fontmanager.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\fxplugins.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\glass.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\glib-lite.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\gstreamer-lite.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\hprof.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\instrument.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\j2pcsc.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\j2pkcs11.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jaas_nt.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jabswitch.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java-rmi.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java_crw_demo.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javacpl.cpl0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javacpl.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_font.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_font_t2k.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_iio.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaws.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jawt.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jdwp.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfr.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfxmedia.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfxwebkit.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jjs.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jli.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2iexp.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2launcher.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2native.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2ssv.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jpeg.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsdt.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsound.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsoundds.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\kcms.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\keytool.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\kinit.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\klist.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ktab.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\lcms.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\management.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\mlib_image.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcp120.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr100.dll0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    SourceDetectionScannerLabelLink
    pastebin.com0%VirustotalBrowse

    URLs

    SourceDetectionScannerLabelLink
    http://repository.swisssign.com/00%URL Reputationsafe
    http://bugreport.sun.com/bugreport/0%URL Reputationsafe
    http://java.oracle.com/0%URL Reputationsafe
    http://www.symauth.com/cps0(0%URL Reputationsafe
    http://www.symauth.com/rpa000%URL Reputationsafe
    http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
    http://www.quovadisglobal.com/cps00%URL Reputationsafe
    http://repository.swisssign.com/C0%VirustotalBrowse
    http://apache.org/xml/features/validation/schema/augment-psvi0%VirustotalBrowse
    http://apache.org/xml/properties/internal/entity-manager0%VirustotalBrowse
    http://javafx.com/fxml/10%VirustotalBrowse
    http://apache.org/xml/properties/input-buffer-size0%VirustotalBrowse
    HTTP://WWW.CHAMBERSIGN.ORG0%VirustotalBrowse
    http://apache.org/xml/properties/internal/document-scanner50%VirustotalBrowse
    http://java.sun.com/xml/dom/properties/0%VirustotalBrowse
    http://apache.org/xml/features/internal/parser-settings0%VirustotalBrowse
    http://www.oracle.com/hotspot/jvm/vm/compiler/id0%VirustotalBrowse
    http://apache.org/xml/properties/internal/stax-entity-resolver0%VirustotalBrowse
    http://apache.org/xml/features/dom/include-ignorable-whitespace0%VirustotalBrowse
    http://apache.org/xml/properties/internal/error-reporter0%VirustotalBrowse
    http://apache.org/xml/features/validation/schema:0%VirustotalBrowse
    http://apache.org/xml/features/xinclude/fixup-base-uris0%VirustotalBrowse
    http://apache.org/xml/properties/schema/external-schemaLocationJ0%VirustotalBrowse
    http://www.oracle.com/hotspot/jvm/java/monitor/address0%VirustotalBrowse
    http://apache.org/xml/features/include-comments0%VirustotalBrowse
    http://apache.org/xml/properties/internal/symbol-table60%VirustotalBrowse
    http://apache.org/xml/features/scanner/notify-char-refs0%VirustotalBrowse
    http://apache.org/xml/properties/internal/namespace-binderA0%VirustotalBrowse
    http://apache.org/xml/features/namespacesY0%VirustotalBrowse
    http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace30%VirustotalBrowse
    http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation0%VirustotalBrowse
    http://apache.org/xml/properties/dom/current-element-node70%VirustotalBrowse
    http://apache.org/xml/features/standard-uri-conformant0%VirustotalBrowse
    http://java.sun.com/xml/stream/properties/ignore-external-dtd90%VirustotalBrowse
    http://apache.org/xml/features/continue-after-fatal-error0%VirustotalBrowse
    http://wildsau.idv.uni-linz.ac.at/mfx/upx.html0%VirustotalBrowse
    http://apache.org/xml/properties/internal/document-scanner0%VirustotalBrowse
    http://java.sun.com/xml/stream/properties/ignore-external-dtd0%VirustotalBrowse
    http://www.oracle.com/hotspot/jdk/0%VirustotalBrowse
    http://www.oracle.com/xml/is-standalone0%VirustotalBrowse
    http://www.oracle.com/technetwork/java/javase/overview/0%VirustotalBrowse
    http://icl.com/saxon0%VirustotalBrowse
    http://javafx.com/vp6decoderflvdemux0%VirustotalBrowse
    http://www.oracle.com/technetwork/java/javaseproducts/0%VirustotalBrowse
    http://xml.apache.org/xslt0%VirustotalBrowse
    http://xml.org/sax/features/validation?0%VirustotalBrowse
    http://java.sun.com/xml/dom/properties/ancestor-check0%VirustotalBrowse
    http://www.oracle.com/hotspot/jvm/0%VirustotalBrowse
    http://asm.objectweb.org1%VirustotalBrowse
    http://www.linuxnet.com1%VirustotalBrowse
    http://apache.org/xml/features/dom/include-ignorable-whitespace:0%VirustotalBrowse
    http://apache.org/xml/properties/security-manager0%VirustotalBrowse
    http://apache.org/xml/properties/security-manager&0%VirustotalBrowse
    http://apache.org/xml/properties/internal/xinclude-handler;0%VirustotalBrowse
    http://apache.org/xml/features/validation/schema-full-checking0%VirustotalBrowse
    http://apache.org/xml/features/xinclude0%VirustotalBrowse
    http://apache.org/xml/properties/internal/dtd-scanner70%VirustotalBrowse
    http://openjdk.java.net/jeps/220).0%VirustotalBrowse
    http://mozilla.org/MPL/2.0/.0%VirustotalBrowse
    http://apache.org/xml/properties/locale0%VirustotalBrowse
    http://apache.org/xml/properties/localehF0%VirustotalBrowse
    http://apache.org/xml/properties/internal/grammar-pool0%VirustotalBrowse
    http://oss.oracle.com/projects/webkit-java-mods/0%VirustotalBrowse
    http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0%VirustotalBrowse
    http://apache.org/xml/features/allow-java-encodings0%VirustotalBrowse
    http://www.sgi.com/software/opensource/glx/license.html.0%VirustotalBrowse
    http://java.sun.com/xml/stream/properties/reader-in-defined-state0%VirustotalBrowse
    http://relaxngcc.sf.net/).0%VirustotalBrowse
    http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.0%VirustotalBrowse
    http://tartarus.org/~martin/PorterStemmer0%VirustotalBrowse
    http://download.oracle.com/javase/7/docs/technotes/guides/plugin/0%VirustotalBrowse
    http://apache.org/xml/properties/internal/validator/dtdD0%VirustotalBrowse
    http://www.oracle.com/feature/use-service-mechanism0%VirustotalBrowse

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    pastebin.com
    		104.20.3.235
    		truetrueunknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://javafx.com/fxml/1javaw.exe, 00000004.00000002.2356527969.000000000A2B7000.00000004.00001000.00020000.00000000.sdmpfalseunknown
    http://javax.xml.XMLConstants/property/accessExternalDTDRjavaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpfalse
      		unknown
      http://apache.org/xml/features/validation/schema/augment-psvijavaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpfalseunknown
      http://apache.org/xml/properties/input-buffer-sizejavaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2361017795.0000000014C9B000.00000004.00000020.00020000.00000000.sdmpfalseunknown
      http://repository.swisssign.com/Cjavaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmpfalseunknown
      http://www.chambersign.org1javaw.exe, 00000004.00000002.2356527969.000000000A5E8000.00000004.00001000.00020000.00000000.sdmpfalse
        		unknown
        http://repository.swisssign.com/0javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A5E8000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        HTTP://WWW.CHAMBERSIGN.ORGjavaw.exe, 00000004.00000002.2351020651.0000000004C46000.00000004.00001000.00020000.00000000.sdmpfalseunknown
        http://apache.org/xml/properties/internal/entity-managerjavaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmpfalseunknown
        http://apache.org/xml/properties/internal/document-scanner5javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpfalseunknown
        http://apache.org/xml/features/internal/parser-settingsjavaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpfalseunknown
        http://apache.org/xml/features/dom/include-ignorable-whitespacejavaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpfalseunknown
        http://java.sun.com/xml/dom/properties/javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpfalseunknown
        http://apache.org/xml/properties/internal/stax-entity-resolverjavaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2361017795.0000000014C9B000.00000004.00000020.00020000.00000000.sdmpfalseunknown
        http://www.oracle.com/hotspot/jvm/vm/compiler/idjavaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmpfalseunknown
        http://apache.org/xml/features/xinclude/fixup-base-urisjavaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpfalseunknown
        http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocationjavaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpfalseunknown
        http://apache.org/xml/properties/internal/error-reporterjavaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmpfalseunknown
        http://apache.org/xml/features/validation/schema:javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpfalseunknown
        http://policy.camerfirma.comCjavaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmpfalse
          		unknown
          http://apache.org/xml/properties/internal/namespace-binderAjavaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpfalseunknown
          http://apache.org/xml/properties/schema/external-schemaLocationJjavaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpfalseunknown
          http://www.oracle.com/hotspot/jvm/java/monitor/addressjavaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmpfalseunknown
          http://apache.org/xml/features/include-commentsjavaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpfalseunknown
          http://apache.org/xml/features/scanner/notify-char-refsjavaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpfalseunknown
          http://javax.xml.transform.sax.SAXResult/feature#javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpfalse
            		unknown
            http://apache.org/xml/properties/internal/symbol-table6javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpfalseunknown
            http://apache.org/xml/features/namespacesYjavaw.exe, 00000004.00000002.2362196887.00000000155A1000.00000004.00000020.00020000.00000000.sdmpfalseunknown
            http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace3javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpfalseunknown
            http://policy.camerfirma.com0javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmpfalse
              		unknown
              http://apache.org/xml/properties/dom/current-element-node7javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpfalseunknown
              http://wildsau.idv.uni-linz.ac.at/mfx/upx.htmlConfirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmpfalseunknown
              http://java.sun.com/xml/stream/properties/ignore-external-dtdjavaw.exe, 00000004.00000002.2361017795.0000000014C9B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A46F000.00000004.00001000.00020000.00000000.sdmpfalseunknown
              http://java.sun.com/xml/stream/properties/ignore-external-dtd9javaw.exe, 00000004.00000002.2361017795.0000000014C9B000.00000004.00000020.00020000.00000000.sdmpfalseunknown
              http://apache.org/xml/features/continue-after-fatal-errorjavaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmpfalseunknown
              http://apache.org/xml/features/standard-uri-conformantjavaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2361017795.0000000014C9B000.00000004.00000020.00020000.00000000.sdmpfalseunknown
              http://apache.org/xml/properties/internal/document-scannerjavaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpfalseunknown
              http://www.oracle.com/hotspot/jdk/jfr.jar.0.drfalseunknown
              http://www.certplus.com/CRL/class2.crljavaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmpfalse
                		unknown
                http://bugreport.sun.com/bugreport/Confirm Me.exe, 00000000.00000003.2127170220.0000000002772000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2375058158.000000006E3E3000.00000002.00000001.01000000.0000000A.sdmp, javaw.exe, 00000004.00000002.2356527969.0000000009E16000.00000004.00001000.00020000.00000000.sdmp, java.dll.0.drfalse
                • URL Reputation: safe
                		unknown
                http://java.oracle.com/Confirm Me.exe, 00000000.00000003.2127170220.0000000002772000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2375058158.000000006E3E3000.00000002.00000001.01000000.0000000A.sdmp, javaw.exe, 00000004.00000002.2356527969.0000000009E1C000.00000004.00001000.00020000.00000000.sdmp, java.dll.0.drfalse
                • URL Reputation: safe
                		unknown
                http://apache.org/xml/features/javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  http://apache.org/xml/features/generate-synthetic-annotationsjavaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    http://www.oracle.com/technetwork/java/javaseproducts/C:javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmpfalse
                      		unknown
                      http://www.xfree86.org/)Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        http://www.symauth.com/cps0(Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://xml.org/sax/features/allow-dtd-events-after-endDTDjavaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          http://cps.chambersign.org/cps/chambersroot.htmljavaw.exe, 00000004.00000002.2356527969.000000000A5E8000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmpfalse
                            		unknown
                            http://www.certplus.com/CRL/class3P.crljavaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmpfalse
                              		unknown
                              http://www.unicode.org/cldr/data/.Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-onlyjavaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  http://xml.org/sax/features/string-interningfeaturejavaw.exe, 00000004.00000002.2362196887.00000000155A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    http://crl.securetrust.com/STCA.crljavaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		unknown
                                      http://www.jclark.com/xtConfirm Me.exe, 00000000.00000003.2161732222.00000000028F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        http://apache.org/xml/properties/internal/namespace-binderjavaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          http://www.oracle.com/hotspot/jvm/vm/gc/idjavaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmpfalse
                                            		unknown
                                            http://www.symauth.com/rpa00Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.oracle.com/technetwork/java/javase/downloads/index.htmlConfirm Me.exe, 00000000.00000003.2193499543.0000000002778000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              http://www.oracle.com/xml/is-standalonejavaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                              http://www.oracle.com/technetwork/java/javase/overview/Confirm Me.exe, 00000000.00000003.2073849307.000000000277B000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                              http://icl.com/saxonConfirm Me.exe, 00000000.00000003.2161732222.00000000028F7000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                              http://javax.xml.transform.sax.SAXTransformerFactory/featurejavaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, jfr.jar.0.drfalse
                                                		unknown
                                                http://javafx.com/vp6decoderflvdemuxConfirm Me.exe, 00000000.00000003.2114974237.0000000002775000.00000004.00000020.00020000.00000000.sdmp, fxplugins.dll.0.drfalseunknown
                                                http://javax.xml.XMLConstants/property/accessExternalStylesheetjavaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  http://xml.org/sax/features/validation?javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                  http://apache.org/xml/properties/security-managerjavaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                  http://www.oracle.com/technetwork/java/javaseproducts/javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmpfalseunknown
                                                  http://java.sun.com/xml/dom/properties/ancestor-checkjavaw.exe, 00000004.00000002.2361017795.0000000014DA6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmpfalseunknown
                                                  http://xml.apache.org/xsltjavaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                  http://www.oracle.com/hotspot/jvm/javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmp, jfr.jar.0.drfalseunknown
                                                  http://javax.xml.transform.stax.StAXResult/featurejavaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    http://asm.objectweb.orgjavaw.exe, 00000004.00000002.2356527969.000000000A0CA000.00000004.00001000.00020000.00000000.sdmpfalseunknown
                                                    http://www.linuxnet.comConfirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                    http://apache.org/xml/features/dom/include-ignorable-whitespace:javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                    http://apache.org/xml/properties/security-manager&javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                    http://apache.org/xml/features/xincludejavaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                    http://apache.org/xml/properties/internal/xinclude-handler;javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                    http://apache.org/xml/properties/cojavaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      http://apache.org/xml/features/validation/schema-full-checkingjavaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmpfalseunknown
                                                      http://javax.xml.XMLConstants/property/javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        http://apache.org/xml/properties/internal/dtd-scanner7javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                        http://apache.org/xml/features/allow-java-encodingshgojavaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          http://openjdk.java.net/jeps/220).javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmpfalseunknown
                                                          http://mozilla.org/MPL/2.0/.Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                          http://apache.org/xml/properties/internal/grammar-pooljavaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmpfalseunknown
                                                          http://apache.org/xml/properties/localejavaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmpfalseunknown
                                                          http://java.sun.com/xml/stream/properties/reader-in-defined-statejavaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                          http://crl.thawte.com/ThawteTimestampingCA.crl0Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://www.quovadisglobal.com/cps0javaw.exe, 00000004.00000002.2356527969.000000000A5E8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://apache.org/xml/properties/localehFjavaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                          http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crljavaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmpfalseunknown
                                                          http://relaxngcc.sf.net/).Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                          http://apache.org/xml/features/allow-java-encodingsjavaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                          http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.Confirm Me.exe, 00000000.00000003.2121246597.0000000002779000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                          http://oss.oracle.com/projects/webkit-java-mods/Confirm Me.exe, 00000000.00000003.2072751855.0000000002770000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                          http://www.sgi.com/software/opensource/glx/license.html.Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                          http://apache.org/xml/properties/internal/validator/dtdDjavaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                          http://tartarus.org/~martin/PorterStemmerConfirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                          http://download.oracle.com/javase/7/docs/technotes/guides/plugin/Confirm Me.exe, 00000000.00000003.2073849307.000000000277B000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                          http://www.oracle.com/feature/use-service-mechanismjavaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmpfalseunknown

                                                          World Map of Contacted IPs

                                                          • No. of IPs < 25%
                                                          • 25% < No. of IPs < 50%
                                                          • 50% < No. of IPs < 75%
                                                          • 75% < No. of IPs

                                                          Public IPs

                                                          IPDomainCountryFlagASNASN NameMalicious
                                                          104.20.3.235
                                                          		pastebin.comUnited States
                                                          		13335CLOUDFLARENETUStrue

                                                          General Information

                                                          Joe Sandbox version:41.0.0 Charoite
                                                          Analysis ID:1526550
                                                          Start date and time:2024-10-06 09:31:09 +02:00
                                                          Joe Sandbox product:CloudBasic
                                                          Overall analysis duration:0h 10m 8s
                                                          Hypervisor based Inspection enabled:false
                                                          Report type:full
                                                          Cookbook file name:default.jbs
                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                          Number of analysed new started processes analysed:6
                                                          Number of new started drivers analysed:0
                                                          Number of existing processes analysed:0
                                                          Number of existing drivers analysed:0
                                                          Number of injected processes analysed:0
                                                          Technologies:
                                                          • HCA enabled
                                                          • EGA enabled
                                                          • AMSI enabled
                                                          Analysis Mode:default
                                                          Analysis stop reason:Timeout
                                                          Sample name:Confirm Me.exe
                                                          Detection:MAL
                                                          Classification:mal60.troj.evad.winEXE@5/218@1/1
                                                          EGA Information:
                                                          • Successful, ratio: 100%
                                                          HCA Information:
                                                          • Successful, ratio: 97%
                                                          • Number of executed functions: 68
                                                          • Number of non-executed functions: 375
                                                          Cookbook Comments:
                                                          • Found application associated with file extension: .exe

                                                          Warnings

                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                          • Report size getting too big, too many NtSetInformationFile calls found.

                                                          Simulations

                                                          Behavior and APIs

                                                          No simulations

                                                          Joe Sandbox View / Context

                                                          IPs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          104.20.3.235sostener.vbsGet hashmaliciousNjratBrowse
                                                          • pastebin.com/raw/V9y5Q5vv
                                                          SX8OLQP63C.exeGet hashmaliciousVjW0rm, AsyncRAT, RATDispenserBrowse
                                                          • pastebin.com/raw/V9y5Q5vv
                                                          sostener.vbsGet hashmaliciousRemcosBrowse
                                                          • pastebin.com/raw/V9y5Q5vv
                                                          New Voicemail Invoice 64746w .jsGet hashmaliciousWSHRATBrowse
                                                          • pastebin.com/raw/NsQ5qTHr
                                                          Invoice-883973938.jsGet hashmaliciousWSHRATBrowse
                                                          • pastebin.com/raw/NsQ5qTHr
                                                          2024 12_59_31 a.m..jsGet hashmaliciousWSHRATBrowse
                                                          • pastebin.com/raw/NsQ5qTHr
                                                          PendingInvoiceBankDetails.JS.jsGet hashmaliciousWSHRATBrowse
                                                          • pastebin.com/raw/NsQ5qTHr

                                                          Domains

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          pastebin.comra66DSpa.exeGet hashmaliciousXWormBrowse
                                                          • 104.20.4.235
                                                          tMREqVW0.exeGet hashmaliciousXWormBrowse
                                                          • 104.20.3.235
                                                          wSVyC8FY.exeGet hashmaliciousXWormBrowse
                                                          • 172.67.19.24
                                                          vb.vbsGet hashmaliciousAsyncRAT, PureLog StealerBrowse
                                                          • 104.20.3.235
                                                          tYeFOUhVLd.exeGet hashmaliciousRedLineBrowse
                                                          • 104.20.3.235
                                                          SKMBT_77122012816310TD0128_17311_XLS.vbsGet hashmaliciousRemcosBrowse
                                                          • 104.20.4.235
                                                          sostener.vbsGet hashmaliciousNjratBrowse
                                                          • 104.20.4.235
                                                          sostener.vbsGet hashmaliciousXWormBrowse
                                                          • 104.20.4.235
                                                          3.dllGet hashmaliciousUnknownBrowse
                                                          • 104.20.3.235
                                                          6.dllGet hashmaliciousUnknownBrowse
                                                          • 104.20.4.235

                                                          ASNs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          CLOUDFLARENETUSfile.exeGet hashmaliciousLummaCBrowse
                                                          • 172.67.151.30
                                                          updater.exeGet hashmaliciousXmrigBrowse
                                                          • 172.67.162.29
                                                          file.exeGet hashmaliciousLummaCBrowse
                                                          • 172.67.151.30
                                                          http://www.grandsignatureyercaud.com/Get hashmaliciousUnknownBrowse
                                                          • 104.21.51.144
                                                          http://www.nesianlife.com/Get hashmaliciousUnknownBrowse
                                                          • 104.18.39.195
                                                          https://daf2019.com/8/02Get hashmaliciousUnknownBrowse
                                                          • 172.65.190.172
                                                          https://wtm.entree-plat-dessert.com/r/eNqtj01vgkAQhn8NvVXcL1gOplGBqgUraGrx0gC7iquAwqLVX99Ve2iT9ubMHN6ZyeSd56hbEBqA6oCbGCPCAQM0phBhC7IUJHBp4phQznVAEdGxSfQEotRYwjYyKWMGQTFoQwMCK4mxCmupt1U2+lPTyaTc1RrqatBVxVmLF7Li/HG3jeUj43XNK9lKy/yyRy7nGrJv32jQUHf2UdkpuVfSXC6C9bAo5mAqNzN3IcLBoB0KacxNSptTOZpGXmrlfX/q7OFn8n7yUEaceiRW/VPoRudGgwT2crMOCCGr4Xl86V1zIgp5juC1sfd2lCXe8KU7Pryth8GiG+RWUUQEilF2skVEzh6ejS3PwcBeGTPfB5zNXTo5YPHsrF+vDscJq+zellaxHwrkrW62I0kdAcp+Qvz5oCw3ySY+bGyF1sj8oy6bKr2wF9vvSc7ZusnVJOMx49UDSzt34P9N/4P9DuR/cP9H/QVY0sGGGet hashmaliciousUnknownBrowse
                                                          • 188.114.96.3
                                                          https://blmphilly.com/Get hashmaliciousUnknownBrowse
                                                          • 172.66.0.227
                                                          https://wtm.entree-plat-dessert.com/r/eNpVUF2v2jAM/TXdW29J0vTj4WoCCgMGd3xprLygNHFLS5OWNoELv35hmjTNsuzj42Nb8t2LMQ5Q5CEIfZ9QQAJFLMLEj7HgKMN56DMaAXgoItTzQ+plmPAgxwMSRkIElDA0wAFGccZ8a3Hu+R5CXuN9Ne9nrdveIUMHT60zrs1bDlLCC0Fdw1veWZ6bsi8VWNQBB62hdwW4/9iiY7pUf7jGdMVL4Zpad8wtbC2ZEm7N3L+zrm6MjX0p2xrcUgCz6Wpeoka50GtXNTLrwHy6GIVx5IcOmRotT73dxcEhyR1q3shSFaB0B9DWTAvoe+i0gwMmW4eMXnoJojTS6nnL/2twC1lZKNtqZXPKGT+xTpe8hi+Cv4f5cVPOlTqgnb7sp8dqO5sNtpUODmEUmUez2KVLHsvxaje54s/s12NJznTSL6pi/NhO06dx8EiG/YZSWsyfH/Y94bpS+pliC5Nrkp6z5fz78OP2s5xvjsONjJVKKa4W50dSpfS59Pcf8XLio6QI9qsVAnGYRuubX32blD/s7vtadMmojjq22lZkWbzOLXQ0qVAzzujqMGuaS3Zht0vyG3pQvJg=Get hashmaliciousUnknownBrowse
                                                          • 172.67.186.254
                                                          https://wtm.entree-plat-dessert.com/r/eNpNj1uTojAQhX8N+6aYG4SHqS0VWHXB9Vbj4stUCAGDXJyQ6OKv38zbdPXDV+d096l+ugGEHqAuED7GiAhQAMooRDiABQc5LH3MCBXCBRQRF/vEzSHiXglnyKdF4RHEwAx6EAQ5w7aC0vVcQNze/WnerlrfBwfNHRjbZlybacuUFLxhUolpqazKjRxkJyxpprSYMDPJVc/7Rk4GZriYcKPUOOFWcuASYD/wCJyy4e6gmOmPVhTStA4KRaE/bIIDPdZab2E9bonJqrPus+F925pGy+8DQ28UF1/LnVZC3BumCzEMQukfBX/zy8terrvuDI76doov9WG1mh1q7Z19Ss3Yb45ZwoN2mR6jT/gv/zsm6EqiYVNXy/EQZy/jwEXrD3tCSLV+be2H/q7u9CuDFsPPMLvmyfr3fPt4l+v9Zb5vg67LCKw31zGsM/JK8GkbJBEGYeWd0hSI4hzT3QPXvyL5x95+7goVLhqqWHqoUVJ9xW00jWrQL3OSnld9f8tv7HEL/wMooptNGet hashmaliciousUnknownBrowse
                                                          • 104.18.38.76

                                                          JA3 Fingerprints

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          2db6873021f2a95daa7de0d93a1d1bf2123.sfx.exeGet hashmaliciousSTRRATBrowse
                                                          • 104.20.3.235

                                                          Dropped Files

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          C:\Users\user\AppData\Roaming\InstallerPDW\install.exePInstaller.exeGet hashmaliciousSTRRATBrowse
                                                            C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JAWTAccessBridge-32.dllPInstaller.exeGet hashmaliciousSTRRATBrowse
                                                              123.sfx.exeGet hashmaliciousSTRRATBrowse
                                                                EYOFFTITMDLXZJFFCCGFDTBIY.msiGet hashmaliciousUnknownBrowse
                                                                  SSCBOLGZFXVJMEICRNQMJOCDIF.msiGet hashmaliciousUnknownBrowse
                                                                    BOCTGZXINFFCD20242108.msiGet hashmaliciousUnknownBrowse
                                                                      PGCTGZXFCD20242008.msiGet hashmaliciousUnknownBrowse
                                                                        CloudInstaller.zipGet hashmaliciousUnknownBrowse
                                                                          uChcvn3L6R.exeGet hashmaliciousDCRatBrowse
                                                                            uChcvn3L6R.exeGet hashmaliciousDCRatBrowse
                                                                              Advanced_IP_Scanner_2.5.4594.1 (1).exeGet hashmaliciousUnknownBrowse

                                                                                Created / dropped Files

                                                                                C:\Users\user\.oracle_jre_usage\660d398ef7c667fa.timestamp

                                                                                Download File
                                                                                Process:C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):65
                                                                                Entropy (8bit):4.870154690111824
                                                                                Encrypted:false
                                                                                SSDEEP:3:oNUkh4EaKC5FXmhFtkin:oN9aZ5FXmftfn
                                                                                MD5:E690C7D365EC261B7B873A88D80C693F
                                                                                SHA1:F37FCF6036562BF6DD350B8790FFBA69AF57EE1D
                                                                                SHA-256:4D54275665A91F8B84510BEEDE2D9E32534DE8DC84B9B3DA5F7A995EF39F07DD
                                                                                SHA-512:A23754F6935B3F5A483687904E488B26F8FA91AD3F05330C61BAA4AC1A52B5B3E13221F519F3698D38FBBC6056324793A86D5909DE9A8766367E68D08650B8A2
                                                                                Malicious:false
                                                                                Reputation:low
                                                                                Preview:C:\Users\user\AppData\Roaming\InstallerPDW\jre..1728199946302..

                                                                                C:\Users\user\AppData\Local\Temp\hsperfdata_user\6524

                                                                                Download File
                                                                                Process:C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):65536
                                                                                Entropy (8bit):1.379907052385195
                                                                                Encrypted:false
                                                                                SSDEEP:96:K6Crml8GJMUlNkUXnS+g0DJuwtmjw+JsSCaucrplhdq7VYvGs2U:K6h8GaUlWU60ltmhetcrplhdq7VYvG
                                                                                MD5:56FBCCECF0F28AADDE2EF096C41CAB0D
                                                                                SHA1:3FCE53EB576871B50E21D0F84BBE40E6A70604A4
                                                                                SHA-256:40E7F25BD44D0E2D6C49146F33605C60F9194BD568FD29554A5801E33B80B647
                                                                                SHA-512:B3E13A833D20DB3E1E7A3EE59E0D0757A88A2FF6B8DAFA04BC6A7392AA55233A2C02F4AE23A269E1466A4D935A7E4F455DA0F87A9027CD4E8C49D43FB0D38BBD
                                                                                Malicious:false
                                                                                Reputation:low
                                                                                Preview:.........;.............. .......8...........J...0...sun.rt._sync_Inflations.....-.......8...........J...0...sun.rt._sync_Deflations.....+.......@...........J...8...sun.rt._sync_ContendedLockAttempts..........8...........J...0...sun.rt._sync_FutileWakeups..........0...........J...(...sun.rt._sync_Parks..:.......@...........J...8...sun.rt._sync_EmptyNotifications.............8...........J...0...sun.rt._sync_Notifications..5.......8...........J...0...sun.rt._sync_SlowEnter..............8...........J...0...sun.rt._sync_SlowExit...............8...........J...0...sun.rt._sync_SlowNotify.............8...........J...0...sun.rt._sync_SlowNotifyAll..........8...........J...0...sun.rt._sync_FailedSpins............@...........J...8...sun.rt._sync_SuccessfulSpins................8...........J...0...sun.rt._sync_PrivateA...............8...........J...0...sun.rt._sync_PrivateB...............@...........J...8...sun.rt._sync_MonInCirculation...............8...........J...0...sun.rt._sync_MonScavenged...

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\install.exe

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):139264
                                                                                Entropy (8bit):4.666971952850818
                                                                                Encrypted:false
                                                                                SSDEEP:1536:JZ2FWSNhd/4131iP08SKKAP7wBwp8wZtE:r2ddQ131ispKJP7w2p
                                                                                MD5:5ECD826BABBEBDD959456C471DEC6465
                                                                                SHA1:F94A596B742C0653FF7201469F133108F17B46E9
                                                                                SHA-256:B2BE43C010BC0D268A42A11296829E088D7EEF81CC39BFCDC0B9F0E9A65717EA
                                                                                SHA-512:30563A15786F245E4A7FF1B8996F302DBF4B1D4950098D6899815B5065D3058B290A81B6564C19C85CFCD425C08C9F6BAC5BC31BA95773978F9A9C5CDE123D38
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                Joe Sandbox View:
                                                                                • Filename: PInstaller.exe, Detection: malicious, Browse
                                                                                Reputation:low
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....v.f.................b........................@..................................1....@... ..............................0.......@..F............................................................................2...............................text....`.......b.................. .0`.data...@............f..............@.0..rdata...............h..............@.0@.bss....0.............................0..idata.......0.......n..............@.0..rsrc...F....@.......z..............@.0.................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\COPYRIGHT

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ISO-8859 text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):3313
                                                                                Entropy (8bit):4.557128068430301
                                                                                Encrypted:false
                                                                                SSDEEP:96:a58tiSm9iicC7CRRS9i7cq11iUDcsMLks0h9n:WOi59rcF/Cigq11iUD5MLks0z
                                                                                MD5:FC605D978E7825595D752DF2EF03F8AF
                                                                                SHA1:C493C9541CAAEE4BFE3B3E48913FD9DF7809299F
                                                                                SHA-256:7D697EAA9ACF50FE0B57639B3C62FF02916DA184F191944F49ECA93D0BB3374F
                                                                                SHA-512:FB811DE6A2B36B28CA904224EA3525124BD4628CA9618C70EB9234AB231A09C1B1F28D9B6301581A4FA2E20F1036D5E1C3D6F1BF316C7FE78EF6EDEAE50EA40E
                                                                                Malicious:false
                                                                                Reputation:moderate, very likely benign file
                                                                                Preview:Copyright . 1993, 2016, Oracle and/or its affiliates...All rights reserved.....This software and related documentation are provided under a..license agreement containing restrictions on use and..disclosure and are protected by intellectual property laws...Except as expressly permitted in your license agreement or..allowed by law, you may not use, copy, reproduce, translate,..broadcast, modify, license, transmit, distribute, exhibit,..perform, publish, or display any part, in any form, or by..any means. Reverse engineering, disassembly, or..decompilation of this software, unless required by law for..interoperability, is prohibited.....The information contained herein is subject to change..without notice and is not warranted to be error-free. If you..find any errors, please report them to us in writing.....If this is software or related documentation that is..delivered to the U.S. Government or anyone licensing it on..behalf of the U.S. Government, the following notice is..applicable:...

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\LICENSE

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):41
                                                                                Entropy (8bit):4.271470906740504
                                                                                Encrypted:false
                                                                                SSDEEP:3:c3AXFshzhRSkv:c9hzhgkv
                                                                                MD5:67CB88F6234B6A1F2320A23B197FA3F6
                                                                                SHA1:877ACEBA17B28CFFF3F5DF664E03B319F23767A1
                                                                                SHA-256:263E21F4B43C118A8B4C07F1A8ACB11CAFC232886834433E34187F5663242360
                                                                                SHA-512:4D43E5EDECAB92CEBD853204C941327DCCBFD071A71F066C12F7FB2F1B2DEF59C37A15CE05C4FE06EC2EA296B8630C4E938254A8A92E149E4A0A82C4307D648F
                                                                                Malicious:false
                                                                                Reputation:moderate, very likely benign file
                                                                                Preview:Please refer to http://java.com/license..

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\README.txt

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):47
                                                                                Entropy (8bit):4.2563005536211715
                                                                                Encrypted:false
                                                                                SSDEEP:3:c3AXFshzhRSkjn:c9hzhgkjn
                                                                                MD5:4BDA1F1B04053DCFE66E87A77B307BB1
                                                                                SHA1:B8B35584BE24BE3A8E1160F97B97B2226B38FA7D
                                                                                SHA-256:FD475B1619675B9FB3F5CD11D448B97EDDEE8D1F6DDCCA13DED8BC6E0CAA9CF3
                                                                                SHA-512:997CEE676018076E9E4E94D61EC94D5B69B148B3152A0148E70D0BE959533A13AD0BC1E8B43268F91DB08B881BF5050A6D5C157D456597260A2B332A48068980
                                                                                Malicious:false
                                                                                Reputation:moderate, very likely benign file
                                                                                Preview:Please refer to http://java.com/licensereadme..

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):111645
                                                                                Entropy (8bit):4.8590909329531025
                                                                                Encrypted:false
                                                                                SSDEEP:1536:iiVRF8bLuepEvc5O5YwT3JJ4WOHHA/AFjrlHyEepdfZ9JIH4gDq:dRMiCOjJJ4pg/0Hx9MlZ9KH47
                                                                                MD5:0E05BD8B9BFCF17F142445D1F8C6561C
                                                                                SHA1:CF0A9F4040603008891AA0731ABF89CE2403F2FB
                                                                                SHA-256:C3EA3996241B8E9AE7DB3780E470174076FD2003D8AEFAA77BF0BAB5E04DE050
                                                                                SHA-512:07C7865D31D22BA0C68E384AFEDC22261F7B3A82BEBC9324145FF7F631623ECA2DC31C71CDBBFC9FEBC1733451A095302DE2A0877821A5B68038E350969BF460
                                                                                Malicious:false
                                                                                Preview:.DO NOT TRANSLATE OR LOCALIZE....***************************************************************************....%%The following software may be included in this product:..Microsoft DirectShow - Base Classes....Use of any of this software is governed by the terms of the license below:....MSDN - Information on Terms of Use....Updated: February 13, 2008....ON THIS PAGE.... * ACCEPTANCE OF TERMS.. * PRIVACY AND PROTECTION OF PERSONAL INFORMATION.. * NOTICE SPECIFIC TO APIs AVAILABLE ON THIS WEB SITE.. * NOTICE SPECIFIC TO SOFTWARE AVAILABLE ON THIS WEB SITE.. * NOTICE SPECIFIC TO DOCUMENTATION AVAILABLE ON THIS WEB SITE.. * NOTICES REGARDING SOFTWARE, DOCUMENTATION, APIS AND SERVICES AVAILABLE ON..THIS WEB SITE.. * RESERVATION OF RIGHTS.. * MEMBER ACCOUNT, PASSWORD, AND SECURITY.. * NO UNLAWFUL OR PROHIBITED USE.. * USE OF SERVICES.. * MATERIALS PROVIDED TO MICROSOFT OR POSTED AT ANY MICROSOFT WEB SITE.. * NOTICES AND PROCEDURE FOR MAKING CLAIMS OF COP

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME.txt

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):180668
                                                                                Entropy (8bit):5.064180003233063
                                                                                Encrypted:false
                                                                                SSDEEP:3072:54ct+BcF1N7m8arf1kHRSusX2NyJ9KH4PF4j52eTjLAzE7GzmCK+XNhalQxkM8QB:N7mtrf1GhMF4j5RMGQoyzaXmR
                                                                                MD5:0E87879F452892B85C81071A1DDD5A2A
                                                                                SHA1:2CF97C1A84374A6FBBD5D97FE1B432FA799C3B19
                                                                                SHA-256:9C18836FD0B5E4B0C57CFFDB74574FA5549085C3B327703DC8EFE4208F4E3321
                                                                                SHA-512:10BA68FFD9DEAB10A0B200707C3AF9E95E27AED004F66F049D41310CB041B7618EE017219C848912D5951599208D385BCB928DD33175652101C7E5BC2E3EBA5B
                                                                                Malicious:false
                                                                                Preview:DO NOT TRANSLATE OR LOCALIZE...-----------------------------....%% This notice is provided with respect to ASM Bytecode Manipulation ..Framework v5.0.3, which may be included with JRE 8, and JDK 8, and ..OpenJDK 8.....--- begin of LICENSE ---....Copyright (c) 2000-2011 France T.l.com..All rights reserved.....Redistribution and use in source and binary forms, with or without..modification, are permitted provided that the following conditions..are met:....1. Redistributions of source code must retain the above copyright.. notice, this list of conditions and the following disclaimer.....2. Redistributions in binary form must reproduce the above copyright.. notice, this list of conditions and the following disclaimer in the.. documentation and/or other materials provided with the distribution.....3. Neither the name of the copyright holders nor the names of its.. contributors may be used to endorse or promote products derived from.. this software without specific prior written

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\Welcome.html

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):983
                                                                                Entropy (8bit):5.135635144562017
                                                                                Encrypted:false
                                                                                SSDEEP:24:+STATDcxWpAVjXQ5cjaJ2gjQo4OSED6R8R/TtDpM:+STATD7pqjXBeJdso4OnxRc
                                                                                MD5:3CB773CB396842A7A43AD4868A23ABE5
                                                                                SHA1:ACE737F039535C817D867281190CA12F8B4D4B75
                                                                                SHA-256:F450AEE7E8FE14512D5A4B445AA5973E202F9ED1E122A8843E4DC2D4421015F0
                                                                                SHA-512:6058103B7446B61613071C639581F51718C12A9E7B6ABD3CF3047A3093C2E54B2D9674FAF9443570A3BB141F839E03067301FF35422EB9097BD08020E0DD08A4
                                                                                Malicious:false
                                                                                Preview:<html>..<head>..<title>..Welcome to the Java(TM) Platform..</title>..</head>..<body>....<h2>Welcome to the Java<SUP><FONT SIZE=-2>TM</FONT></SUP> Platform</h2>..<p> Welcome to the Java<SUP><FONT SIZE=-2>TM</FONT></SUP> Standard Edition Runtime .. Environment. This provides complete runtime support for Java applications. ..<p> The runtime environment includes the Java<SUP><FONT SIZE=-2>TM</FONT></SUP> .. Plug-in product which supports the Java environment inside web browsers. ..<h3>References</h3>..<p>..See the <a href="http://download.oracle.com/javase/7/docs/technotes/guides/plugin/">Java Plug-in</a> product..documentation for more information on using the Java Plug-in product...<p> See the <a href=.."http://www.oracle.com/technetwork/java/javase/overview/"..>Java Platform</a> web site for .. more information on the Java Platform. ..<hr>..<font size="-2">..Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved...</font>..<p>..</body>..</html>..

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\asm-all.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Java archive data (JAR)
                                                                                Category:dropped
                                                                                Size (bytes):247787
                                                                                Entropy (8bit):7.915391305945515
                                                                                Encrypted:false
                                                                                SSDEEP:6144:p+30cnH7ihlQT+uRm0C/vL7cvRurEQ9oTo4/1pC:p+3VnYo+WkvsJuApo4/1k
                                                                                MD5:F5AD16C7F0338B541978B0430D51DC83
                                                                                SHA1:2EA49E08B876BBD33E0A7CE75C8F371D29E1F10A
                                                                                SHA-256:7FBFFBC1DB3422E2101689FD88DF8384B15817B52B9B2B267B9F6D2511DC198D
                                                                                SHA-512:82E6749F4A6956F5B8DD5A5596CA170A1B7FF4E551714B56A293E6B8C7B092CBEC2BEC9DC0D9503404DEB8F175CBB1DED2E856C6BC829411C8ED311C1861336A
                                                                                Malicious:false
                                                                                Preview:PK........RT.IcT..............META-INF/MANIFEST.MF.....T]o.0.}G...x.6.......L.T..X_'.\..3.....h....).}r...zF.[.6.3(.........G..LFl. .....z4....4.A@*"........5&.....=..Ah^`.I....N.3......y1#.s.r.5h...D.J7.....s..2..4.05H5.{...A..|.,...}..C....'.tT.g.d.}..I../.....8.2&.w.........+.."..`c.y._...?..9.{........L3.0.....M...6..T.x.R.tQ..+#...`4.K..)f.L.5.^..(..22U....-.#.5Qdj.......n.e=5$..$b."...sA!..D....OO..fNg.... ui.2...=....-..R.G..E..V3..G..m.i..L...f.......8.`......^........!...`5.0V.%?...D&.Iy5.....?...V.._..m.T..B.:..-..Ng)%....}o.w._PK........RT.I................org/..PK........RT.I................org/objectweb/..PK........RT.I................org/objectweb/asm/..PK........RT.I............)...org/objectweb/asm/AnnotationVisitor.class..]O.`.....(+.....:']...`L..b...../.4M..R.~...&.%...~(.9m...3{..?...y....??....]..@E. .v.P.{b..w.'.....'.;......~....qt.^.i.....><.....}.&a..u..&l..{..u. ..........s'3..(L_.^.>.z...uU.<$(..9I.......'......'.........

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JAWTAccessBridge-32.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):14912
                                                                                Entropy (8bit):6.141852308272967
                                                                                Encrypted:false
                                                                                SSDEEP:192:7pQMhM63XLPVT6MsMPapRuBUEp7nYe+PjPriT0fwtK:7muL7PV4aapRuBTp7nYPLr7J
                                                                                MD5:D63933F4E279A140CC2A941CCFF38348
                                                                                SHA1:75169BE2E9BCFE20674D72D43CA6E2BC4A5A9382
                                                                                SHA-256:532D049E0D7A265754902C23B0F150D665A78A3D6FE09AD51C9BE8C29D574A3D
                                                                                SHA-512:D7A5023A5EB9B0C3B2AD6F55696A166F07FA60F9D1A12D186B23AAAACC92EF948CB5DFFA013AFC90C4BBE3DE077D591185902384F677D0BAE2FF7CFD5DB5E06C
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Joe Sandbox View:
                                                                                • Filename: PInstaller.exe, Detection: malicious, Browse
                                                                                • Filename: 123.sfx.exe, Detection: malicious, Browse
                                                                                • Filename: EYOFFTITMDLXZJFFCCGFDTBIY.msi, Detection: malicious, Browse
                                                                                • Filename: SSCBOLGZFXVJMEICRNQMJOCDIF.msi, Detection: malicious, Browse
                                                                                • Filename: BOCTGZXINFFCD20242108.msi, Detection: malicious, Browse
                                                                                • Filename: PGCTGZXFCD20242008.msi, Detection: malicious, Browse
                                                                                • Filename: CloudInstaller.zip, Detection: malicious, Browse
                                                                                • Filename: uChcvn3L6R.exe, Detection: malicious, Browse
                                                                                • Filename: uChcvn3L6R.exe, Detection: malicious, Browse
                                                                                • Filename: Advanced_IP_Scanner_2.5.4594.1 (1).exe, Detection: malicious, Browse
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........5.Z.[.Z.[.Z.[.A<..[.[.A<..Q.[.A<.._.[.S...X.[.Z.Z.D.[.A<..Y.[.A<..[.[.A<..[.[.A<..[.[.RichZ.[.................PE..L...yPjW...........!......................... .....m.........................`......em....@.........................`%......,"..P....@..x............"..@....P.. .... ............................... ..@............ ...............................text............................... ..`.rdata..d.... ......................@..@.data...`....0......................@....rsrc...x....@......................@..@.reloc..^....P....... ..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JAWTAccessBridge.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):14912
                                                                                Entropy (8bit):6.1347115439165085
                                                                                Encrypted:false
                                                                                SSDEEP:192:0Usw4DPU3XLPVT6GsKOhWIutUinYe+PjPriT0fwyI8:ew7PVIKyWIutDnYPLr728
                                                                                MD5:B4EB9B43C293074406ADCA93681BF663
                                                                                SHA1:16580FB7139D06A740F30D34770598391B70AC96
                                                                                SHA-256:8CD69AF7171F24D57CF1E6D0D7ACD2B35B4EA5FDF55105771141876A67917C52
                                                                                SHA-512:A4E999E162B5083B6C6C3EAFEE4D84D1EC1C61DCA6425F849F352FFDCCC2E44DFEE0625C210A8026F9FF141409EEBF9EF15A779B26F59B88E74B6A2CE2E82EF9
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........5.Z.[.Z.[.Z.[.A<..[.[.A<..Q.[.A<.._.[.S...X.[.Z.Z.D.[.A<..Y.[.A<..[.[.A<..[.[.A<..[.[.RichZ.[.................PE..L...zPjW...........!......................... .....m.........................`.......2....@.........................`%......,"..P....@..p............"..@....P.. .... ............................... ..@............ ...............................text............................... ..`.rdata..a.... ......................@..@.data...`....0......................@....rsrc...p....@......................@..@.reloc..^....P....... ..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JavaAccessBridge-32.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):128064
                                                                                Entropy (8bit):6.428684952829155
                                                                                Encrypted:false
                                                                                SSDEEP:3072:uN77TJSG78+5Orcj5K/e2Hrgc6kZAn1yEkBKMKy1Zf22QYHJiuzTl8ShzzM+64mn:uNXd178+5fJZnQLo
                                                                                MD5:2F808ED0642BD5CF8D4111E0AF098BBB
                                                                                SHA1:006163A07052F3D227C2E541691691B4567F5550
                                                                                SHA-256:61DFB6126EBA8D5429F156EAAB24FF30312580B0ABE4009670F1DD0BC64F87BB
                                                                                SHA-512:27DBDA3A922747A031FF7434DE5A596725FF5AE2BC6DD83D6D5565EB2BA180B0516896323294459997B545C60C9E06DA6C2D8DD462A348A6759A404DB0F023A7
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[d.@:.N@:.N@:.N[..NB:.N[..NB:.N[..NK:.NIB.NE:.N@:.N{:.N[..NG:.N[..NA:.N[..NA:.N[..NA:.NRich@:.N........PE..L...rPjW...........!................#..............m................................p.....@.........................p...........P.......x...............@...........................................p...@............................................text............................... ..`.rdata..............................@..@.data...............................@....rsrc...x...........................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JavaAccessBridge.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):127552
                                                                                Entropy (8bit):6.413283221897154
                                                                                Encrypted:false
                                                                                SSDEEP:3072:SdQ4jWJt4XChlFavveKSQ4gHK/e2Hrgc6kZAn1y1koKMKy1Zf22QYHJiuzTl8ShM:Sy4SJ1TFavvehc7ZnwEr
                                                                                MD5:C3DED5F41E28FAF89338FB46382E4C3E
                                                                                SHA1:6F77920776D39550355B146D672C199A3941F908
                                                                                SHA-256:4691603DFABE6D7B7BEAC887DADC0E96243C2FF4F9A88CE3793E93356C53AA08
                                                                                SHA-512:23621F2856899F40CFA9858DC277372BFE39F0205377543EB23E94422D479A53FDF664F4A9A4515C2285811F01D91AB64A834A03A4D3AB0CB7D78F8AF11135FF
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[d.@:.N@:.N@:.N[..NB:.N[..NB:.N[..NK:.NIB.NE:.N@:.N{:.N[..NG:.N[..NA:.N[..NA:.N[..NA:.NRich@:.N........PE..L...sPjW...........!...............................m......................................@.........................@...........P.......p...............@...........................................H...@............................................text...n........................... ..`.rdata..............................@..@.data...............................@....rsrc...p...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\WindowsAccessBridge-32.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):97856
                                                                                Entropy (8bit):6.467907542894502
                                                                                Encrypted:false
                                                                                SSDEEP:1536:/fHGbDtpt+WfGegcX30EJ4YHiYmRkgAPe+GP8uWg1kQOPt:/w2WfGe/30EWbY4Z+GpWuHOPt
                                                                                MD5:F78D2BF2C551BE9DF6A2F3210A2964C1
                                                                                SHA1:B6A4160ECA4C0D0552234FF69BCFDF45F0A2A352
                                                                                SHA-256:9D18E5421A8606985FA54D7CEA921D1B8930358A2E4CDF5FDF2A8B3E4D857288
                                                                                SHA-512:AAC8622683BE57518F8B03198A03BF1F760E082692C1FB6252E96CDBA19D3CEB0A6786CCBD7B98830E865297308FA99DBBEA464E41041ABDDA18AEB862BA993F
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./zR/k.<|k.<|k.<|p..|{.<|p..|2.<|bc.|n.<|k.=|7.<|p..|O.<|p..|j.<|p..|j.<|p..|j.<|Richk.<|........................PE..L...pPjW...........!................At.............p................................7P....@..........................9..A....1..<....................f..@............................................,..@...............@............................text...\........................... ..`.rdata..Qg.......h..................@..@.data...`,...P.......8..............@....rsrc................F..............@..@.reloc..J............N..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\WindowsAccessBridge.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):95808
                                                                                Entropy (8bit):6.48897048228647
                                                                                Encrypted:false
                                                                                SSDEEP:1536:EHSB4i2hJwZaDEoDVzkhbyJCAqn9nV+1vkJnHBoY8BK5Hj:EJJwZWEoDVYby81yiBovkHj
                                                                                MD5:E5A6231FE1E6FEC5F547DFD845D209BC
                                                                                SHA1:3F21F90ECC377B6099637D5B59593D2415450D45
                                                                                SHA-256:51355EA8A7DC238483C8069361776103779CE9FE3CD0267770E321E6E4368366
                                                                                SHA-512:D5D20DF0089F3217B627D39ABD57C61E026D0DC537022FB698F85FA6893C7FA348C40295DEEC78506F0EF608827D39E2F6F3538818BA25E2A0EE1145FCC95940
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./zR/k.<|k.<|k.<|p..|{.<|p..|2.<|bc.|n.<|k.=|7.<|p..|O.<|p..|j.<|p..|j.<|p..|j.<|Richk.<|........................PE..L...qPjW...........!................!o.............p......................................@.........................p7..>...<0..<.......x............^..@...........................................(+..@...............@............................text...<........................... ..`.rdata...e.......f..................@..@.data...`,...P.......0..............@....rsrc...x............>..............@..@.reloc..J............F..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\awt.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):1182272
                                                                                Entropy (8bit):6.63089480914076
                                                                                Encrypted:false
                                                                                SSDEEP:24576:68M4H6ioDs5FELnSbY6Ck2IlAnVCXQlFg3:9eaGnkXQlFQ
                                                                                MD5:159CCF1200C422CED5407FED35F7E37D
                                                                                SHA1:177A216B71C9902E254C0A9908FCB46E8D5801A9
                                                                                SHA-256:30EB581C99C8BCBC54012AA5E6084B6EF4FCEE5D9968E9CC51F5734449E1FF49
                                                                                SHA-512:AB3F4E3851313391B5B8055E4D526963C38C4403FA74FB70750CC6A2D5108E63A0E600978FA14A7201C48E1AFD718A1C6823D091C90D77B17562B7A4C8C40365
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.Q...?...?...?......?.......?.......?.z...?.......?.......?...>.;.?.....s.?.....w.?.......?.......?.......?.Rich..?.........................PE..L...nPjW...........!................,G.............m.........................P......Y.....@.................................,{...........N..............@....P......................................v..@............... ....V..`....................text...<........................... ..`.rdata.............................@..@.data...8....@...~...2..............@....rsrc....N.......P..................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\bci.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):15424
                                                                                Entropy (8bit):6.380726588633652
                                                                                Encrypted:false
                                                                                SSDEEP:384:1Td3hw/L3kKLnYgIOGOOssnPV5Lnf6onYPLr7EbH:1zw/bkKLt7KnddnfPC7S
                                                                                MD5:A46289384F76C2A41BA7251459849288
                                                                                SHA1:4D8EF96EDBE07C8722FA24E4A5B96EBFA18BE2C4
                                                                                SHA-256:728D64BC1FBF48D4968B1B93893F1B5DB88B052AB82202C6840BF7886A64017D
                                                                                SHA-512:34D62BEB1FA7D8630F5562C1E48839CE9429FAEA980561E58076DF5F19755761454EEB882790EC1035C64C654FC1A8CD5EB46ECA12E2BC81449ACBB73296C9E8
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6...W..W..W../x.W...w.W..W..W....s.W...u.W...@.W...A.W...p.W...q.W...v.W..Rich.W..........................PE..L...nPjW...........!......................... .....m.........................`.......9....@..........................'......|$..<....@...............$..@....P....... ..............................8#..@............ ...............................text............................... ..`.rdata..v.... ......................@..@.data...p....0......................@....rsrc........@......................@..@.reloc.......P......."..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\client\Xusage.txt

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):1447
                                                                                Entropy (8bit):4.228834598358894
                                                                                Encrypted:false
                                                                                SSDEEP:24:+3AKdmzfuv6pBSyGJkR/4o6kn2SRGehD+GrspGC/hLRra:BzMUBLGJkBA+RGeV+GrspGC/TO
                                                                                MD5:F4188DEB5103B6D7015B2106938BFA23
                                                                                SHA1:8E3781A080CD72FDE8702EB6E02A05A23B4160F8
                                                                                SHA-256:BD54E6150AD98B444D5D24CEA9DDAFE347ED11A1AAE749F8E4D59C963E67E763
                                                                                SHA-512:0BE9A00A48CF8C7D210126591E61531899502E694A3C3BA7C3235295E80B1733B6F399CAE58FB4F7BFF2C934DA7782D256BDF46793F814A5F25B7A811D0CB2E3
                                                                                Malicious:false
                                                                                Preview: -Xmixed mixed mode execution (default).. -Xint interpreted mode execution only.. -Xbootclasspath:<directories and zip/jar files separated by ;>.. set search path for bootstrap classes and resources.. -Xbootclasspath/a:<directories and zip/jar files separated by ;>.. append to end of bootstrap class path.. -Xbootclasspath/p:<directories and zip/jar files separated by ;>.. prepend in front of bootstrap class path.. -Xnoclassgc disable class garbage collection.. -Xincgc enable incremental garbage collection.. -Xloggc:<file> log GC status to a file with time stamps.. -Xbatch disable background compilation.. -Xms<size> set initial Java heap size.. -Xmx<size> set maximum Java heap size.. -Xss<size> set java thread stack size.. -Xprof output cpu profiling data.. -Xfuture enable strictest checks, an

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\client\jvm.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):3857984
                                                                                Entropy (8bit):6.850425436805504
                                                                                Encrypted:false
                                                                                SSDEEP:98304:GyXul1SNceWfkD000V3wnIACM7g6cv/GZ:Q1SgfEP0ZwnIA97dcv/GZ
                                                                                MD5:39C302FE0781E5AF6D007E55F509606A
                                                                                SHA1:23690A52E8C6578DE6A7980BB78AAE69D0F31780
                                                                                SHA-256:B1FBDBB1E4C692B34D3B9F28F8188FC6105B05D311C266D59AA5E5EC531966BC
                                                                                SHA-512:67F91A75E16C02CA245233B820DF985BD8290A2A50480DFF4B2FD2695E3CF0B4534EB1BF0D357D0B14F15CE8BD13C82D2748B5EDD9CC38DC9E713F5DC383ED77
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$=.$`\.w`\.w`\.w{.Twb\.w..Pwf\.w{.Vwl\.w{.bwl\.wi$[wo\.w`\.w}].w{.cw-^.w{.Swa\.w{.Rwa\.w{.Uwa\.wRich`\.w........PE..L...nPjW...........!......,...........+.......,....m..........................<......q;...@...........................4.......4.......9.(.............:.@.... 9..G....,..............................t2.@.............,.P............................text.....+.......,................. ..`.rdata..Y.....,.......,.............@..@.data...d.....5..*....4.............@....rsrc...(.....9......"7.............@..@.reloc..\.... 9......(7.............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dcpr.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):142912
                                                                                Entropy (8bit):7.350682736920136
                                                                                Encrypted:false
                                                                                SSDEEP:3072:aoGzTjLkRPQ9U9NuLqcNicj5ojGylYCE2Iu2jGLF5A9bE8LUekfCz:LGz/oRPGLJN1IGgYCE2L1F5A9bEGUeR
                                                                                MD5:4BDC32EF5DA731393ACC1B8C052F1989
                                                                                SHA1:A677C04ECD13F074DE68CC41F13948D3B86B6C19
                                                                                SHA-256:A3B35CC8C2E6D22B5832AF74AAF4D1BB35069EDD73073DFFEC2595230CA81772
                                                                                SHA-512:E71EA78D45E6C6BD08B2C5CD31F003F911FD4C82316363D26945D17977C2939F65E3B9748447006F95C3C6653CE30D2CDA67322D246D43C9EB892A8E83DEB31A
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k..K.c.K.c.K.c.Br..I.c.P...H.c.P...I.c.P...N.c.K.b.m.c.P...m.c.P...J.c.P...J.c.P...J.c.RichK.c.........................PE..L...nPjW...........!.........Z......V.............Sm.........................@.......!....@.................................<...P.... ..................@....0..........................................@............................................text...n........................... ..`.rdata........... ..................@..@.data....+.......(..................@....rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\decora_sse.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):64064
                                                                                Entropy (8bit):6.338192715882019
                                                                                Encrypted:false
                                                                                SSDEEP:1536:Skh2CQuUlng7qkKi5iO8pm8cN9qOU33oit:Skkhu0nTli5jN8cNAOUHnt
                                                                                MD5:B04ABE76C4147DE1D726962F86473CF2
                                                                                SHA1:3104BADA746678B0A88E5E4A77904D78A71D1AB8
                                                                                SHA-256:07FF22E96DCFD89226E5B85CC07C34318DD32CDA23B7EA0474E09338654BFEB3
                                                                                SHA-512:2E4E2FEB63B6D7388770D8132A880422ABF6A01941BFF12CAD74DB4A641BDA2DCC8BF58F6DAE90E41CC250B79E7956DDF126943E0F6200272F3376A9A19505F1
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?...{.|.{.|.{.|..N..y.|.{.}.g.|.v.x.|.v.y.|.v.w.|.v.y.|....Z.|....z.|.v.z.|....z.|.Rich{.|.........................PE..L...nPjW...........!......... ......_.............Vm......................... .......*....@.....................................<.......................@...........................................(...@...............t............................text............................... ..`.rdata..............................@..@.data...\...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\deploy.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):453184
                                                                                Entropy (8bit):6.516599034237354
                                                                                Encrypted:false
                                                                                SSDEEP:6144:3J/sbugq7rm5zX2JDYfiA9+wvpsEWcIGnFm8iTFOBITfnvxIW1x8:3JUbzq+5zX25qvdfnFm88nvq+x8
                                                                                MD5:5EDAEFFC60B5F1147068E4A296F6D7FB
                                                                                SHA1:7D36698C62386449A5FA2607886F4ADF7FB3DEEF
                                                                                SHA-256:87847204933551F69F1CBA7A73B63A252D12EF106C22ED9C561EF188DFFCBAE8
                                                                                SHA-512:A691EF121D3AC17569E27BB6DE4688D3506895B1A1A8740E1F16E80EEFCE70BA18B9C1EFD6FD6794FAFC59BA2CAF137B4007FCDC65DDB8BCBFCF42C97B13535B
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........T...:...:...:.......:.e....:......:......:.....:....:....:...;.`.:......:.......:.......:.......:.Rich..:.................PE..L...oPjW...........!.........:......n.............Xm................................-.....@.........................@...\6..............................@.......|8..................................Xh..@...............X...8........................text............................... ..`.rdata...;.......<..................@..@.data...............................@....rsrc...............................@..@.reloc..ZE.......F..................@..B................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dt_shmem.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):25152
                                                                                Entropy (8bit):6.627329311560644
                                                                                Encrypted:false
                                                                                SSDEEP:384:0mgNWEfK0RiC4qxJL8VI6ZEPG5Vv/11nYPLr7N:H6WmK0RiSxJ4VI6W+zbC7N
                                                                                MD5:72B7054811A72D9D48C95845F93FCD2C
                                                                                SHA1:D25F68566E11B91C2A0989BCC64C6EF17395D775
                                                                                SHA-256:D4B63243D1787809020BA6E91564D17FFEA4762AF99201E241F4ECD20108D2E8
                                                                                SHA-512:C6A16DAAF856939615DFDE8E9DBE9D5BFC415507011E85E44C6BF88B17B705C35CD7CED8EDA8F358745063F41096938D128DEE17E14FE93252E5B046BDFCDDC0
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%..cK.cK.cK....cK....cK.cJ.cK....cK....cK....cK....cK....cK....cK.Rich.cK.........PE..L...nPjW...........!.....*...........4.......@....|m................................:6....@.........................0M.......H..<....p...............J..@............A...............................F..@............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data........`.......@..............@....rsrc........p.......B..............@..@.reloc..z............F..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dt_socket.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):21568
                                                                                Entropy (8bit):6.601333059222365
                                                                                Encrypted:false
                                                                                SSDEEP:384:QwiAYZIxsQbbRLEs5Ltd7rpPVJfq0nYPLr7Ko+:BiPZj+bVEmtd7rpdJfnC7J+
                                                                                MD5:73603BF0DC85CAA2F4C4A38B9806EC82
                                                                                SHA1:74EBC4F158936842840973F54AF50CDF46BC9096
                                                                                SHA-256:39EF85AB21F653993C8AAAB2A487E8909D6401A21F27CBA09283B46556FB16AF
                                                                                SHA-512:5C238D677D458D5B7D43FA3FF424E13B62ABFCEDE66D55E3112DC09BF2F7B640EB8F82D00E41A2C7A7E7B36E3FCE3C2DCB060037314418D329466CC462D0BF71
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..<...<...<...'<8.>...'<:.>...'<..>...<...v...5.7.9...'<..1...'<?.=...'<>.=...'<9.=...Rich<...........................PE..L...nPjW...........!.................&.......0....}m................................F.....@..........................A..U....<..P....`...............<..@....p......@1..............................x;..@............0..(............................text............................... ..`.rdata.......0....... ..............@..@.data........P.......2..............@....rsrc........`.......4..............@..@.reloc.......p.......8..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dtplugin\deployJava1.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):827456
                                                                                Entropy (8bit):6.022966185458799
                                                                                Encrypted:false
                                                                                SSDEEP:24576:E0NweWDjb28WNjE/lBy/pUbS3lYMpQIRrAOh3:7Wb5By/pUbouAQIRHh3
                                                                                MD5:E741028613B1FC49EC5A899BE6E3FC34
                                                                                SHA1:9EAE3D3CA22E92A925395A660B55CECB2EB62D54
                                                                                SHA-256:9163A546696E581D443B3A6250F61E5368BE984C69ADFB54EE2B0E51D0FA008E
                                                                                SHA-512:05C6CE707F4F0F415E74D32F1AACEC7E2C7746C3D04C75502EAECAFAF9E0108CE6206A8A3939C92EDCE449FFC0A68FB4389EDAA93D61920D1EC85327D1B3A55A
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Vu.'...t...t...t..Tt...t.lIt...t.lYt...t...t...t}bat...t..`t...t..at{..t..Qt...t..Pt...t..Wt...tRich...t................PE..L...pPjW...........!................T.............`m.....................................@.........................................P..................@....p..\^.....................................@...............X...........................text...,........................... ..`.rdata..8...........................@..@.data....t.......R..................@....rsrc........P......................@..@.reloc..zr...p...t..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dtplugin\npdeployJava1.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):907328
                                                                                Entropy (8bit):6.160830535423145
                                                                                Encrypted:false
                                                                                SSDEEP:24576:ZyWOeRjqm9ZRI+Ga+fme7CV93+x6FQ3ge:VRAeMme7kA6F6ge
                                                                                MD5:4FD3548990CAF9771B688532DEF5DE48
                                                                                SHA1:567C27A4EA16775085D8E87A38FE58BEC4463F7D
                                                                                SHA-256:BDE5DF7BCFC35270B57A8982949BF5F25592A2E560A04E9868B84BEF83A0EA4B
                                                                                SHA-512:FD2CF2072A786293E30CD495BA06F4734F0CEA63CBC49B6D7A24F6891612375E48D1B5758D9408625E769E8A81C7C34F04278E011BCF47EDEB8C2AFC13AEC20C
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............x...x...x....k..x...._..x....v..x....f..x...x...y....^..x....^..x....n..x....o..x....h..x..Rich.x..........................PE..L...nPjW...........!.................D.......0....mm................................t.....@..........................>......."..........................@........c...5..............................p...@............0..4............................text............................... ..`.rdata..T....0......................@..@.data...$Y...@...6...,..............@....rsrc................b..............@..@.reloc...g.......h...X..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\eula.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):109120
                                                                                Entropy (8bit):5.986571003903383
                                                                                Encrypted:false
                                                                                SSDEEP:1536:LE9WcstxlDgZ9EYDKg0nc6N3MR+EpOB+o+5PVT/B:ghspgZPDanhs+EpOBF+5PFB
                                                                                MD5:A5455B9BEB5672D89B1F0FCFAA4C79CA
                                                                                SHA1:9C7DBB5AD1CB3EBE7347A9CDDD80389902DA81EC
                                                                                SHA-256:89A429889DCD0F6A3FE56217A0FEB5912132AAB2817643021EAE3716DA533D4A
                                                                                SHA-512:131866A4754F4AF78A94F0776815E7EA4375736A4B11A723B87A4436FA101D271FFE14E4B49D3AB1AE2FA61CDBDED0C3D174C75327BE3C24E0E4CC39AFFA9469
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ot....Z...Z...Z..Z...ZC@.Z...Z..Z...Z..Z...Z.v.Z...Z.v.Z...Z...Z...Z.x.Z...Z..Z...Z..Z...Z..Z...Z..Z...ZRich...Z........................PE..L...oPjW...........!..............................~m......................................@.........................P...J............0...t..............@...........P...............................0...@............... ...d...`....................text............................... ..`.rdata...D.......F..................@..@.data...0...........................@....rsrc....t...0...v..................@..@.reloc...............|..............@..B........................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\fontmanager.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):223296
                                                                                Entropy (8bit):6.501845596055873
                                                                                Encrypted:false
                                                                                SSDEEP:6144:8P8OC0xbNXLJAEh4hijzud6kAgZkFGMReiDfbgOBI1:8P8OC0xbNXLJAEh4hijzud6kAgYGSA
                                                                                MD5:9D5EDECF7E33DDD0E2A6A0D34FC12CA1
                                                                                SHA1:FC228A80FF85D78AA5BFBA2515EFED3257B9B009
                                                                                SHA-256:6D817519C2E2EFDD3986EB655C1F687D4774730AB20768DF1C0AAEF03B110965
                                                                                SHA-512:B4D58D3415D0255DCD87EF413762BC0F2934AAA6C8151344266949D3DD549ABDCA1366FA751A988CDDC1430EBF5D17668ADF02096DD4D5EAFE75604C0DA0B4C9
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......wG.s3&. 3&. 3&. .h. 0&. (.. 6&. :^. ;&. (.. 4&. 3&. n&. (.4 n&. (.5 "&. (.. 2&. (.. 2&. (.. 2&. Rich3&. ........PE..L...oPjW...........!.........~.....................m.................................e....@......................... ;.......1.......`...............P..@....p......................................@...@............................................text............................... ..`.rdata...O.......P..................@..@.data........@.......,..............@....rsrc........`.......8..............@..@.reloc..L....p.......<..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\fxplugins.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):151104
                                                                                Entropy (8bit):6.548096027649263
                                                                                Encrypted:false
                                                                                SSDEEP:3072:PPuiQNBInyjJ2y53/5d8n9e/ry7zOAHpyWWJd1u2TeKSNlGFGZQfVN2:iBInu2y5P5dkeDy7zOUpLJ2mHZQf2
                                                                                MD5:7A710F90A74981C2F060FA361D094822
                                                                                SHA1:FBDCA4E3F19AD5201572974E3C772A3C2694FBB3
                                                                                SHA-256:9BC52058C02E0C87A6A9470C62D1AA4F998942CC00F99A82E7805E87D958BC16
                                                                                SHA-512:928708DFF6A372BA997C072238823469CBFD28CCBB17A723AD35F851D35C6EFF82748AA41A9215955B9536A14AA57D47ABE0F1BA00D11F8D920A57F91B7A35E5
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................5......7.....................&.......8.......#.....5.........................4......3.....6.....Rich....................PE..L...oPjW...........!................g..............m.........................p............@.........................0...P............@...............6..@....P..........................................@...............4............................text............................... ..`.rdata...g.......h..................@..@.data........0......................@....rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\glass.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):200768
                                                                                Entropy (8bit):6.431501859060678
                                                                                Encrypted:false
                                                                                SSDEEP:3072:lC0MaRHVsSduCCkNlKpR1FHNnuNcCwJPT54l2B3Fzkmldrz5ZD9hYJOj9T3iRK:s0XR1sYtxgGl2B3uWjhYJOj9TSY
                                                                                MD5:434CBB561D7F326BBEFFA2271ECC1446
                                                                                SHA1:3D9639F6DA2BC8AC5A536C150474B659D0177207
                                                                                SHA-256:1EDD9022C10C27BBBA2AD843310458EDAEAD37A9767C6FC8FDDAAF1ADFCBC143
                                                                                SHA-512:9E37B985ECF0B2FEF262F183C1CD26D437C8C7BE97AA4EC4CD8C75C044336CC69A56A4614EA6D33DC252FE0DA8E1BBADC193FF61B87BE5DCE6610525F321B6DC
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............g_..g_..g_..._..g_..._..g_..._..g_..._..g_aT._..g_aT._..g_aT._..g_..f_..g_..._..g_.._..g_.._..g_..._..g_.._..g_Rich..g_........................PE..L...oPjW...........!...............................m.........................0............@..........................l..................X&..............@........(......................................@...............<....^.......................text...\........................... ..`.rdata..............................@..@.data...\"..........................@....rsrc...X&.......(..................@..@.reloc...(.......*..................@..B................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\glib-lite.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):400960
                                                                                Entropy (8bit):6.165546757090391
                                                                                Encrypted:false
                                                                                SSDEEP:6144:vxDvEpBGH7t7PB7Es7va/QdqOBYswIprNWhk+URpxfu4w7J:tvEpBGH7pN57vwQd6swIp5WhkRlfu4CJ
                                                                                MD5:767BBA46789597B120D01E48A685811E
                                                                                SHA1:D2052953DDE6002D590D0D89C2A052195364410A
                                                                                SHA-256:218D349986E2A0CD4A76F665434F455A8D452F1B27EAF9D01A120CB35DA13694
                                                                                SHA-512:86F7F7E87514DBC62C284083D66D5F250A24FC5CD7540AF573C3FB9D47B802BE5FFBBC709B638F8E066AB6E4BB396320F6E65A8016415366799C74772398B530
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......j..'..{t..{t..{t.g.t).{t#..t-.{t#..t".{t#..t".{t#..t,.{tS..ty.{t.8.t".{t..zt..{tS..t/.{t#..t/.{tS..t/.{tRich..{t................PE..L...oPjW...........!.....V...........=.......p.....m.........................P............@.............................^...............................@.... ..h'......................................@............p...............................text....T.......V.................. ..`.rdata...j...p...l...Z..............@..@.data.... ..........................@....rsrc...............................@..@.reloc..h'... ...(..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\gstreamer-lite.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):514112
                                                                                Entropy (8bit):6.805344203686025
                                                                                Encrypted:false
                                                                                SSDEEP:12288:Y5JbfdT5NYGe8m51QSWvopH1kdMDbA2ZoNnYX:Y5JV7eB3KopvnAe2YX
                                                                                MD5:8D0CE7151635322F1FE71A8CEA22A7D6
                                                                                SHA1:81E526D3BD968A57AF430ABB5F55A5C55166E579
                                                                                SHA-256:43C2AC74004F307117D80EE44D6D94DB2205C802AE6F57764810DEE17CFC914D
                                                                                SHA-512:3C78C0249B06A798106FEAF796AA61D3A849F379BD438BF0BB7BFED0DC9B7E7EA7DE689BC3874ED8B97FF2B3BA40265DED251896E03643B696EFDBF2E01AC88C
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Es.J$..J$..J$....N$..Gv..I$..Gv.G$..Gv..G$..Gv..H$..7]..%$.....B$..7]..H$..J$...%..7]..K$..Gv.K$..7].K$..RichJ$..........PE..L...pPjW...........!................g..............m......................................@..........................F.......I..........................@.......lT...................................E..@............................................text............................... ..`.rdata..............................@..@.data....0...`..."...D..............@....rsrc................f..............@..@.reloc..lT.......V...j..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\hprof.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):132672
                                                                                Entropy (8bit):6.708436670828807
                                                                                Encrypted:false
                                                                                SSDEEP:3072:HGBc2vf2AWlvx+Kre9vVv3CoLORljxWEXyB/NK3GyNf9:mxvffVvyo0X8NKW+1
                                                                                MD5:6376B76728E4A873B2BB7233CBCD5659
                                                                                SHA1:3BE08074527D5B5BC4A1DDCEC41375E3B3A8A615
                                                                                SHA-256:4FDF86D78ABC66B44B8AFF4BBCE1F2A5D6D9900767BE3CAAE450409924DBC5AD
                                                                                SHA-512:955E7C5AB735183B491A753710B6F598A142A2876DDAE5AD301C3DA82A65CE82238E0F20C9F558F80138D58F8DC00B4EBD21483CEED0AABEEDA32CCA5D2E3D48
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........vu^............8Y...............................o..............................................Rich............................PE..L...oPjW...........!.....z...x......_..............m......................... ......^.....@.............................i...|...d.......................@........................................... ...@...............d............................text...Ny.......z.................. ..`.rdata...N.......P...~..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\instrument.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):115776
                                                                                Entropy (8bit):6.787384437276838
                                                                                Encrypted:false
                                                                                SSDEEP:1536:0LHPDcdivqC4xMfl/hAxfZ/t0QHQIM7iVxoQCpGlyir0wIOfnToIfemrVZQirM:0rPDco4xMNEfZ1LQG4igmvTBfem7QcM
                                                                                MD5:AB6ED0CFD0C52DBEDE1BE910EFA8A89B
                                                                                SHA1:83CBC2746A50C155261407ECE3D7A5C58AAD0437
                                                                                SHA-256:8A6FBB08E0F418A3BB80CC65233E7270C820741DD57525ED7FD3CC479A49396E
                                                                                SHA-512:41773183FC20E42BF208064163AA55658692B9221560146E4F6A676F96FC76541ED82F1EFDFA31F8C25BA42F271F7D9087DE681DA937BBF0EB2C781E027F1218
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........g0...c...c...c..c...c...c...cP..c...c.|.c...c.|.c...c.|.c...c.|.c...c.|.c...c.|.c...cRich...c........PE..L...oPjW...........!........................0.....m......................................@.........................@.......|...(.......................@...........p1.............................. ...@............0..0............................text...L........................... ..`.rdata...f...0...h..................@..@.data....,..........................@....rsrc...............................@..@.reloc..Z...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\j2pcsc.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):16448
                                                                                Entropy (8bit):6.490137326885244
                                                                                Encrypted:false
                                                                                SSDEEP:384:WCMJqfiSZzDonPV5TyVIbb8nYPLr7VblXT:WLJqrNkndQIsC7Vhj
                                                                                MD5:1F004C428E01F8BEB07B52EB9659A661
                                                                                SHA1:4D6AAB306CB1F4925890BF69FCDF32BBFE942B81
                                                                                SHA-256:1BDEFECDF8CFA3F6DA606AD4D8BD98EC81E4A244D459A141723CCB9DC47E57CB
                                                                                SHA-512:61888A778394950D2840E4D211196FFE1CB18FA45D092CBADBEDF2809BDED3D4421330CFE95392DD098E4AE3F6F8A3070E273FFCA2FB495C43C76332CA331DBF
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3...w.x^w.x^w.x^...^v.x^l..^u.x^l..^u.x^l..^u.x^~..^r.x^w.y^[.x^l..^y.x^l..^v.x^l..^v.x^l..^v.x^Richw.x^........PE..L...oPjW...........!.........................0.....m.........................p.......!....@..........................7.......2..P....P...............(..@....`..`....0..............................`1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...h....@....... ..............@....rsrc........P......."..............@..@.reloc.......`.......&..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\j2pkcs11.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):51264
                                                                                Entropy (8bit):6.576803205025954
                                                                                Encrypted:false
                                                                                SSDEEP:1536:urOHh9t7/GAzqHcGxAARrZT9ixHDyo/r0rV9LrBH1bjPEwhEdheBwHWQFgE/XudL:G+9t7/qHcGHuy/pb
                                                                                MD5:3A744B78C57CFADC772C6DE406B6B31E
                                                                                SHA1:A89BF280453C0BCF8C987B351C168AEB3D7F7141
                                                                                SHA-256:629393079539B1B9849704CE4757714D1CBE5C80E82C6BB3BC4445F4854EFA7B
                                                                                SHA-512:506A147F33C09FA7338E0560F850E42139D0875EF48C297DDB3CC3A29F12822011915FACCB21DA908CF51A462F0EBA56B6B37C71D9C0F842BDE4A697FB4FFB64
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O^;w.?U$.?U$.?U$.G.$.?U$...$.?U$.?T$&?U$...$.?U$...$.?U$...$.?U$...$.?U$...$.?U$...$.?U$Rich.?U$........................PE..L...oPjW...........!.....v...8......l..............m................................O1....@.............................u...|...<.......................@.......................................... ...@............................................text...~t.......v.................. ..`.rdata...'.......(...z..............@..@.data...............................@....rsrc...............................@..@.reloc..V...........................@..B................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jaas_nt.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):19520
                                                                                Entropy (8bit):6.452867740862137
                                                                                Encrypted:false
                                                                                SSDEEP:384:45kF/QP8xkI6hgWIE0PVlyJSZ9nYPLr7+:4SqP7I6rkd4EfC7+
                                                                                MD5:503275E515E3F2770A62D11E386EADBF
                                                                                SHA1:C7BE65796AA0E490779F202C67EEC5E9FBB65113
                                                                                SHA-256:97B5D1C8E7AAACE5C86A418CB7418D3B0BA4F5E178DE3CF1031029F7F36832AF
                                                                                SHA-512:AC7C0CB626C2D821F0F4E392EE4E02C9E0093F019AA5B2947E0C7B3290A0098A3D9BB803AB44FD304CA1F1D272CFB7B775E3C75C72C7523FF7240F38440CFC3C
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."..|fl./fl./fl./}.(/dl./}.*/gl./}../dl./o.'/al./fl./_l./}../kl./}.//gl./}../gl./}.)/gl./Richfl./................PE..L...pPjW...........!.........................0.....m.........................p............@..........................=.......8..d....P...............4..@....`..\....1...............................6..@............0...............................text............................... ..`.rdata..w....0......................@..@.data...`....@.......*..............@....rsrc........P.......,..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jabswitch.exe

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):30784
                                                                                Entropy (8bit):6.413942547146628
                                                                                Encrypted:false
                                                                                SSDEEP:768:+HhfWinfwUFAvnb5TIUX+naSOu9MQQ5jhC7EY:cuin5FAvNTIUX+nbMQQ54EY
                                                                                MD5:530D5597E565654D378F3C87654CCABA
                                                                                SHA1:6FAC0866EE0E68149AC0A0D39097CEF8F93A5D9E
                                                                                SHA-256:0CFAA99AE669DDC00BD59B5857F725DFF5D4C09834E143AB1B5C5F0B5801D13B
                                                                                SHA-512:D7520A28C3054160FCD62C9D816A27266BE9333E00794434FB4529F0FF49A2B08E033B5E67A823E5C184EE2D19D7F615FF9EE643FE71C84011A7E5C03251F3B4
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............I...I...I..HI...I..JI...I..~I...I..GI...I...I..I...I...I..NI...I..II...IRich...I........PE..L....DjW.................0...,.......1.......@....@..................................<....@.................................dR..x....p...............`..@.......t....A...............................P..@............@..p............................text............0.................. ..`.rdata.......@.......4..............@..@.data........`.......N..............@....rsrc........p.......P..............@..@.reloc..p............Z..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java-rmi.exe

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):15936
                                                                                Entropy (8bit):6.466457942735197
                                                                                Encrypted:false
                                                                                SSDEEP:384:GpsbHnDiW6gejmSHhV8cGees7snYPLr7Wj53:GpsbHn/HS/8cresgC743
                                                                                MD5:CF2F023D2B5F0BFB2ECF8AEEA7C51481
                                                                                SHA1:6EB867B1AC656A0FC363DFAE4E2D582606D100FB
                                                                                SHA-256:355366D0C7D7406E2319C90DF2080C0FAE72D9D54E4563C48A09F55CA68D6B0C
                                                                                SHA-512:A2041925039238235ADC5FE8A9B818DFF577C6EA3C55A0DE08DA3DEDD8CD50DC240432BA1A0AEA5E8830DCDCCD3BFBF9CF8A4F21E9B56DC839E074E156FC008D
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW..................................... ....@..........................`......B.....@..................................#..P....@..\............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata..z.... ......................@..@.data........0......................@....rsrc...\....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):126528
                                                                                Entropy (8bit):6.8082748642937725
                                                                                Encrypted:false
                                                                                SSDEEP:3072:Kw2b3Kr+uWU9XzFhziJ1TBZAhsIn/B9NZwMgjeNXLD:43KFFheLCBpV/
                                                                                MD5:73BD0B62B158C5A8D0CE92064600620D
                                                                                SHA1:63C74250C17F75FE6356B649C484AD5936C3E871
                                                                                SHA-256:E7B870DEB08BC864FA7FD4DEC67CEF15896FE802FAFB3009E1B7724625D7DA30
                                                                                SHA-512:EBA1CF977365446B35740471882C5209773A313DE653404A8D603245417D32A4E9F23E3B6CD85721143D2F9A0E46ED330C3D8BA8C24AEE390D137F9B5CD68D8F
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........!..r..r..r.W.r..r.W(r..r...r..r..(r..r...r..r.W.r..r..r..r.W)r..r.W.r..r.W.r..r.W.r..rRich..r................PE..L...qPjW...........!..... ...........(.......0.....m................................6N....@......................... u...B...U..........................@............5...............................S..@............0......<U..@....................text...b........ .................. ..`.rdata.......0.......$..............@..@.data...............................@....rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java.exe

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):191040
                                                                                Entropy (8bit):6.75061028420578
                                                                                Encrypted:false
                                                                                SSDEEP:3072:iUJiEoGLsncZizZQ7QBdCPdG3TBfMzrjZqMNGSplN2:iUJsnVzy7QBdC1G3TBEvFp6
                                                                                MD5:E3E51A21B00CDDE757E4247257AA7891
                                                                                SHA1:7F9E30153F1DF738179FFF084FCDBC4DAE697D18
                                                                                SHA-256:7E92648B919932C0FBFE56E9645D785D9E18F4A608DF06E7C0E84F7CB7401B54
                                                                                SHA-512:FC2981A1C4B2A1A3E7B28F7BF2BE44B0B6435FD43F085120946778F5C2C2CA73AD179796DEC0B92F0C6C8F6B63DD329EECC0AF1BB15392364C209DCF9CD6F7CA
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........+H..E...E...E.L.....E..E....E..E....E......E...D...E..E..{.E..E....E..E....E.Rich..E.........PE..L....DjW.....................&....................@..........................0......aN....@.................................L*..d.......................@............................................$..@............................................text...~........................... ..`.rdata...s.......t..................@..@.data....4...@....... ..............@....rsrc................6..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java_crw_demo.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):23616
                                                                                Entropy (8bit):6.620094371728742
                                                                                Encrypted:false
                                                                                SSDEEP:384:Qp2dG5pC/ujTc8ZrEnrZm8WXLFnPV52WZQAnYPLr7lOGa:uvCGjJ0Q9ndRZdC71a
                                                                                MD5:1C47DD47EBD106C9E2279C7FCB576833
                                                                                SHA1:3BA9B89D9B265D8CEC6B5D6F80F7A28D2030A2D1
                                                                                SHA-256:58914AD5737F2DD3D50418A89ABBB7B30A0BD8C340A1975197EEA02B9E4F25B2
                                                                                SHA-512:091F50B2E621ED80BAFE2541421906DE1BCC35A0E912055B93E40CD903BE8B474103C0D8FECDF46E7F2F3C44BDADE64A857AB2B9CB5404306055150EE4ED002A
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2..v...v...v.....+.t...m'$.u...v...\...m'&.w...m'..t...m'..{...m'#.w...m'".w...m'%.w...Richv...................PE..L...wPjW...........!.....*...........4.......@.....m................................F.....@..........................I..|....E..<....`...............D..@....p.......@...............................D..@............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data...(....P.......:..............@....rsrc........`.......<..............@..@.reloc..^....p.......@..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javacpl.cpl

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):160256
                                                                                Entropy (8bit):6.469497559123052
                                                                                Encrypted:false
                                                                                SSDEEP:3072:a2lpElIhbyyH3c1CX766zKELxKvFaPSnjZqMNJlGle:a2rE+xdW+76DEVKv8wv
                                                                                MD5:4E3C37A4DE0B5572D69AD79B7A388687
                                                                                SHA1:6B274E166641F9CE0170E99FE2D1F4319B75A9E8
                                                                                SHA-256:893A86E7B1DE81DEDAB4794732FCCD02790756A2DBE4815C102F039088DFCBD2
                                                                                SHA-512:8352A1CD859D17A27560448C6FFB0E8200096CAC744C8BB56330397FDE0B7F702E2295999D89FBAD74DF72DF200C391113A23A9B4342ABAC738167967533F9CD
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d6.. We. We. We.;...9We.;...We.)/..)We. Wd..We.O!.(We.;...We.;...!We.;...!We.;...!We.Rich We.........................PE..L....HjW...........!.....r...........q....................................................@.............................Z.......d.... ..............................@...................................@............................................text....p.......r.................. ..`.rdata..jH.......J...v..............@..@.data...,3..........................@....rsrc........ ......................@..@.reloc..@............T..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javacpl.exe

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):70208
                                                                                Entropy (8bit):6.353501201479367
                                                                                Encrypted:false
                                                                                SSDEEP:768:jFVfr2k521ZnrawwMmqPXt+rP3b/9/YMCxx0OpPOrEE14EVHLAuDeGJiqrmehiV9:PxioMmqF+2x0MORLVq7qjh3rmKPNpwGg
                                                                                MD5:C2A59C7343D370BC57765896490331E5
                                                                                SHA1:A50AF979E08A65EB370763A7F70CDB0E179D705D
                                                                                SHA-256:40614FE8B91E01AD3562102E440BDBF5FAC5D9F7292C6B16A58F723BFFFE6066
                                                                                SHA-512:CA266F1B2E51F66D119E2D71E3377C229A3D583853FFB606C101AFEB41689ACE7D1F1594781091DA67F9BE9D09F3019BF048C0F819777E8F1827A56BEEC252C4
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._...1...1...1..9....1.j...1..9....1..9...1.....1...0.q.1.....1..9....1..9....1..9....1.Rich..1.................PE..L....HjW.................B...........B.......`....@..........................@......5C....@..................................}..x.......................@....0.......b...............................u..@............`......@{.......................text...,@.......B.................. ..`.rdata..x'...`...(...F..............@..@.data................n..............@....rsrc................p..............@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_font.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):57408
                                                                                Entropy (8bit):6.6711491011490285
                                                                                Encrypted:false
                                                                                SSDEEP:1536:f6arRmcnq2lxm+Na6C7HIT6T8E2pLSSm3:fzm+q7HITS8E2pLSSA
                                                                                MD5:AEADA06201BB8F5416D5F934AAA29C87
                                                                                SHA1:35BB59FEBE946FB869E5DA6500AB3C32985D3930
                                                                                SHA-256:F8F0B1E283FD94BD87ABCA162E41AFB36DA219386B87B0F6A7E880E99073BDA3
                                                                                SHA-512:89BAD9D1115D030B98E49469275872FFF52D8E394FE3F240282696CF31BCCF0B87FF5A0E9A697A05BEFCFE9B24772D65ED73C5DBD168EED111700CAAD5808A78
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................I2.......(.......*.....................\.:.....\.>...............................)...............+.....Rich............PE..L...tPjW...........!.....r...V.......w.............m......................................@.........................@...x...............................@.......8.......................................@...............4............................text....p.......r.................. ..`.rdata...@.......B...v..............@..@.data...............................@....rsrc...............................@..@.reloc..8...........................@..B................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_font_t2k.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):446528
                                                                                Entropy (8bit):6.603555069382601
                                                                                Encrypted:false
                                                                                SSDEEP:12288:RreTVhY4gXwLR4YS+OX3kQg4O5kM2LY58gwDTxXvwGSelo:Rr4VhyK7eTxXvwelo
                                                                                MD5:8AE40822B18B10494527CA3842F821D9
                                                                                SHA1:202DFFA7541AD0FAD4F0D30CEE8C13591DCA5271
                                                                                SHA-256:C9742396B80A2241CE5309C388B80000D0786A3CAB06A37990B7690FD0703634
                                                                                SHA-512:AA324A265639C67843B4BF6828029B413044CBE4D7F06A253B78B060EA554FECC6E803D59D03742C485B2EB3D52E5C0A44928DCC927501F413EE4664BB8A11F5
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........f.4Z..gZ..gZ..g.}g^..gWUggX..gWUeg\..gWUZgW..gWU[g_..g..qg]..gZ..g...g'~Zg~..g'~[g...g'~fg[..gWUag[..g'~dg[..gRichZ..g........PE..L...uPjW...........!..............................m......................................@.........................@..........d.......................@........%...................................\..@...............,............................text...{........................... ..`.rdata..............................@..@.data...............................@....rsrc...............................@..@.reloc...%.......&..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_iio.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):126016
                                                                                Entropy (8bit):6.608910794554507
                                                                                Encrypted:false
                                                                                SSDEEP:3072:oOxjjADzd+aeaPB9JhjxkM2wzGdXJbD/jn8Y6:ocKzeaPB9JhjxknwzG5JbDb8F
                                                                                MD5:01706B7997730EAA9E2C3989A1847CA6
                                                                                SHA1:7CEAD73CBE94E824FA5E44429B27069384BFDB41
                                                                                SHA-256:20533C66C63DA6C2D4B66B315FFCF5C93AE5416E3DAE68CDD2047EFE7958AB3A
                                                                                SHA-512:3272C8DE6C32D53372D481441DA81AE2B6EA02E8360B23D7F793B24827BD683A6604F43BE18CE2BEE40038FBE7D5F7AF78B2C465A51F82478D881DBEB5744DC2
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........y.r.*.r.*.r.*O..*.r.*.r.*.r.*. .*.r.*. .*.r.*. 0*.r.*. 1*.r.*..0*.r.*...*.r.*. .*.r.*...*.r.*Rich.r.*........PE..L...vPjW...........!.........:.....................m................................c.....@.....................................<.......................@.......\...................................0...@............................................text... ........................... ..`.rdata..8(.......*..................@..@.data...............................@....rsrc...............................@..@.reloc..\...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):191552
                                                                                Entropy (8bit):6.744419946343284
                                                                                Encrypted:false
                                                                                SSDEEP:3072:lScg0xvhTZNIs3Ft+STckCBQo3C0Y22vncTBfsO9jZqMN3cH1Tefqk:lSclI6nTc3BQo3C0YHncTBxvs65
                                                                                MD5:48C96771106DBDD5D42BBA3772E4B414
                                                                                SHA1:E84749B99EB491E40A62ED2E92E4D7A790D09273
                                                                                SHA-256:A96D26428942065411B1B32811AFD4C5557C21F1D9430F3696AA2BA4C4AC5F22
                                                                                SHA-512:9F891C787EB8CEED30A4E16D8E54208FA9B19F72EEEC55B9F12D30DC8B63E5A798A16B1CCC8CEA3E986191822C4D37AEDB556E534D2EB24E4A02259555D56A2C
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........v...%...%...%..w%...%.7D%...%.7q%...%..|%...%...%...%.7E%*..%.7u%...%.7r%...%Rich...%........................PE..L....DjW.....................(...................@..........................0............@.................................\*..d.......................@............................................$..@............................................text............................... ..`.rdata...t.......v..................@..@.data....4...@......."..............@....rsrc................8..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaws.exe

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):269888
                                                                                Entropy (8bit):6.418120581797452
                                                                                Encrypted:false
                                                                                SSDEEP:6144:Fp9B0qT85g5Sq+VBY2qVLC2wH5rM8HoQvlHO:5uqT85sSq+ERVm2wZEQvlHO
                                                                                MD5:F8211DB97BF852C3292C3E9C710C19D9
                                                                                SHA1:46DAD07779E030D8D1214AFE11C4526D9F084051
                                                                                SHA-256:ECF4307739CA93F1569CE49377A28B31FE1EB0F44B6950DBAAFA1925B24C9752
                                                                                SHA-512:B3E20EECA87136CAE77F06E4149E65EBFEF71A43589F7E2833008FE43811A2BC8B6202B6ADB5CE122A1822E83CE226B833DEF93A2B161476BD5B623794E4F697
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......a..L%...%...%...>c..8...J.4.-...,.......%.......>c5.....>c4.....>c..$...>c..$...Rich%...................PE..L...rGjW.................t...........C............@..................................a....@.................................L...x.......................@.......8................................... ...@...............h...T........................text....r.......t.................. ..`.rdata...c.......d...x..............@..@.data...8........z..................@....rsrc................V..............@..@.reloc..>-..........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jawt.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):13888
                                                                                Entropy (8bit):6.274978807671468
                                                                                Encrypted:false
                                                                                SSDEEP:192:ahKnvndLwm3XLPVlD6yTUZnYe+PjPriT0fwdNJLkoRz:a4j7PVl1TAnYPLr7cLka
                                                                                MD5:0291BA5765EE11F36C0040B1F6E821FB
                                                                                SHA1:FFE1DCF575CCD0374DF005E9B01D89F6D7095833
                                                                                SHA-256:F8540BE2BBD5BDE7962D2FE4E7EC9EF9BF53D95B48781AE549AA792F10032485
                                                                                SHA-512:72ADDC631D8CF064E1B047B51EEF7F306CA959D24ED705065C33EE8DDDF7EA84B95B3DE5B0709015A81D36ACA01E15CE99A354D4069D4D798ED128A6A76D1010
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X"._9LR_9LR_9LRD..R^9LRD..RS9LRD..RZ9LRVA.R]9LR_9MR|9LRD..R\9LRD..R^9LRD..R^9LRD..R^9LRRich_9LR........PE..L...xPjW...........!......................... .....m.........................`............@..........................&..J...\"..P....@..................@....P..@.... ...............................!..@............ ...............................text............................... ..`.rdata..Z.... ......................@..@.data...`....0......................@....rsrc........@......................@..@.reloc..t....P......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jdwp.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):163904
                                                                                Entropy (8bit):6.783788147675078
                                                                                Encrypted:false
                                                                                SSDEEP:3072:XrQPwE5tlGsXVomHvD+1febSICzqozXtrQwnNZkB+5:XU15tpX9HvsfrTtMwNWBY
                                                                                MD5:6E08D65F5CBB85E51010F36A84FC181D
                                                                                SHA1:4EEE8BE68BAAF6320AEA29131A1C0B322F09F087
                                                                                SHA-256:2D8658909D9E357A4B70FCF862D690EEC82A2F77161ABB021E0839C6A67D4825
                                                                                SHA-512:DF4494D062E9A8AC82D727D2722DCF32C3FC924FA104F384FA099ADB08ECBDEEA7A19245D779097C0AFCF51F84852328ED595C88380F42BD39560678C8AD9621
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........#..cp..cp..cp...p..cp...p..cp.D.p..cp..bp..cp.D.p..cp.D.p..cp.D.p..cp.D.p..cp.D.p..cp.D.p..cpRich..cp........................PE..L...{PjW...........!...............................m......................................@......................... ?..h...|9..<....P...............h..@....`...)..@...............................(8..@...............,............................text............................... ..`.rdata..._.......`..................@..@.data...0....@.......4..............@....rsrc........P.......8..............@..@.reloc...+...`...,...<..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfr.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):22592
                                                                                Entropy (8bit):6.620820751411794
                                                                                Encrypted:false
                                                                                SSDEEP:384:YL4Z7lZRiY3PB6cGgOp2m1zq2oatSnPV5zYxkpLfsnYPLr7Ybc:E4PZRiY3PB6cVAebaMnd+ypLkC7Cc
                                                                                MD5:700F5789D2E7B14B2F5DE9FDB755762E
                                                                                SHA1:F35EDE3441D6E5461F507B65B78664A6C425E9AC
                                                                                SHA-256:D115EAF96BD41C7A46400DCFF7EF26AC99E3CF7A55A354855C86BAE5C69A895A
                                                                                SHA-512:664A442DD424CA04AC0CE072B9BBD5EF7C657B59A26403C44A856738F7998466BFE3010825A13451281841D39B0A34D8997EE24497D626EC60C19AA1AF0EE465
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6...W..W..W../j.W...e.W..W..W....a.W...g.W...R.W...S.W...b.W...c.W...d.W..Rich.W..........PE..L...|PjW...........!........."......T&.......0.....m.................................O....@.........................`>.......:..<....`...............@..@....p.. ....0...............................9..@............0...............................text...^........................... ..`.rdata..p....0....... ..............@..@.data........P.......6..............@....rsrc........`.......8..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfxmedia.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):115264
                                                                                Entropy (8bit):6.588792190592223
                                                                                Encrypted:false
                                                                                SSDEEP:3072:2Cgsy+/cydqNiaZr+lOzZPh7/W4MCnc8Ioaa2yFWcC6vsx/8:FZOzZPh7/WSe+S6v+U
                                                                                MD5:8BC8FE64128F6D79863BC059D9CC0E2E
                                                                                SHA1:C1F2018F656D5500ACF8FA5C970E51A55004DA2E
                                                                                SHA-256:B77CD78FF90361E7F654983856EE9697FDC68A0F9081C06207B691B0C9AF1F5D
                                                                                SHA-512:6771F23ECF1A449EB6B0B394E0F1D3EB17C973FC0544BA25487C92F215ACC234FC31C9B7BE5528EFD06D29A35BB37DD7934318837576862ADFC2631B4D610A24
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............l..l..l..>7..l..>...l..>5..l..>...l...#..l..5..l..l.zl.....l.....l..4..l..>3..l..6..l.Rich.l.........PE..L...}PjW...........!.........|......],.......@.....m................................~.....@.....................................x.......................@............................................h..@............@...............................text....-.......................... ..`.rdata..4Z...@...\...2..............@..@.data...4...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfxwebkit.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):33934912
                                                                                Entropy (8bit):6.35314231534845
                                                                                Encrypted:false
                                                                                SSDEEP:393216:VJ8d7SMzwH5R2sdDcBwHHdI4DKRlDsqXCagQZhzvilh2Wlq7ODI:VJ8d7zzUesdDtevn
                                                                                MD5:4D857A5FC9CA16D2A67872FACCF85D9F
                                                                                SHA1:EAEB632E526EFA946E4DB1B8CFA31DE6A7B03219
                                                                                SHA-256:7FFA7423DDA07499394B345E5ECE2D54C8E19247E6E76C0E23B5BF1470AB0D7F
                                                                                SHA-512:8DBC8675CE2DACE8D629C3FA66CF65704346AB829AE0B0A1D7B25BE22783B7E73624BA70F6D67264D6CA1656D7590E3753A8DF2227DA45112C5BD4A5654089AF
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........O..z!..z!..z!.c...z!..(...z!..(...z!......z!..z!..z!..(..hz!..(...z!......z!. ...z!..z ..{!......p!......z!..(...z!......z!.Rich.z!.................PE..L...~PjW...........!......... $....................m......................................@.................................X...x.......@...............@..............................................@............................................text.............................. ..`.rdata...E.......F..................@..@.data..............................@....unwante............................@..@.rsrc...@...........................@..@.reloc.............................@..B........................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jjs.exe

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):15936
                                                                                Entropy (8bit):6.475020301731584
                                                                                Encrypted:false
                                                                                SSDEEP:384:GpsE5cnm6ObmSHhV8j0eeq4SziahnYPLr79OOu:Gpszn6iS/8jxeqfhC78Ou
                                                                                MD5:4F11D43AA2215CE771DA528878F01C8E
                                                                                SHA1:8062681D73489FF200CA0BA426FF1FF3F44494A7
                                                                                SHA-256:0D554CD4B373D6D9B9C179A468D179388706C0BDE4D878ED75EF575651588B3C
                                                                                SHA-512:34CB271C32FB479CFAEEC536A5D35A41730E90001D67DC9DB595DB240A1F58C3BF12334BB5CDE7673C8E56A4C272BFBD66E4EACDEE0082F6FD583E4E039EC540
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......C....@.................................$#..P....@..@............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...@....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jli.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):158784
                                                                                Entropy (8bit):6.816453355323999
                                                                                Encrypted:false
                                                                                SSDEEP:3072:gLkNbBRaz4rQWiG6wMz9/S3en9pHUw06TBfkqI44:rNbB4Mcnv7z6en9pj06TB6
                                                                                MD5:73A76EC257BD5574D9DB43DF2A3BB27F
                                                                                SHA1:2C9248EAE2F9F5F610F6A1DFD799B0598DA00368
                                                                                SHA-256:8F19B1BA9295F87E701C46CB888222BB7E79C6EE74B09237D3313E174AE0154F
                                                                                SHA-512:59ECD5FCF35745BDADCDB94456CB51BB7EA305647C164FE73D42E87F226528D1A53CE732F5EC64CE5B4581FA8A17CFBFDC8173E103AE862D6E92EB3AD3638518
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................6...........0.....=............7....5.....4.....3....Rich............PE..L....PjW...........!...............................o................................Y.....@..........................3..m....*..d....................T..@............................................#..@............................................text...~........................... ..`.rdata...u.......v..................@..@.data....4...@......."..............@....rsrc................6..............@..@.reloc.."............:..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2iexp.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):207424
                                                                                Entropy (8bit):6.630800216665857
                                                                                Encrypted:false
                                                                                SSDEEP:6144:ckZ5ktGCru8e6Y3RhNw0mjs+OBS7n7ACKRAHbW:ciIbS6Y37Nw0/QC
                                                                                MD5:475DD87198F9C48EFB08AAB4ADE8AF5A
                                                                                SHA1:9B657E0837639663D4D721F8C5E25401F11E7BEB
                                                                                SHA-256:32764005FCCE7D0E51801528F6B68C860979E08D027A5220DFEC19B2A8013354
                                                                                SHA-512:0B492B0FBADC14178A6F79A58E47C30D92B59B18414E38A7B119699D0788ACF3713F925CF0EC570BE3E29AB26BDB6B567C38526BC0603BA78ECC3E2952EA3E2B
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D.*...*...*.......*.......*.;....*.......*.......*...+...*.......*.......*.......*.......*.......*.......*.Rich..*.........................PE..L....PjW...........!.........>.....................o.........................P............@.............................................................@......../...................................C..@...............|...........................text.../........................... ..`.rdata..............................@..@.data....,.......&..................@....rsrc...............................@..@.reloc...6.......8..................@..B........................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2launcher.exe

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):82496
                                                                                Entropy (8bit):6.597347722250847
                                                                                Encrypted:false
                                                                                SSDEEP:1536:ez2dfBusTTkMffX+xR5kdt94u+508AqDfJOqsbCkq24maADX:kE5u+kkX+P+dt9O08JJOZXX4nADX
                                                                                MD5:5F85F7F2DFAC397D642834B61809240F
                                                                                SHA1:ECA28E8464208FA11EF7DF677B741CDD561483D9
                                                                                SHA-256:B71E00ADB77D87882D58993A5888955BDD62C57D364F60AAA0FA19D32A69C9DA
                                                                                SHA-512:2BFE9FCE450E57EA93DEEAA85A746CB17BA946EEFF866F10D67C74F7EA038B16910E0D8EF29E9F358AF7DAABD45E3983C370FEF82A9647546819DCDE3AEE45BC
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-..C..C..C.....C..3..C.v...C..3..C..B.X.C.....C..3..C..3...C..3..C..3..C.Rich.C.........PE..L....HjW............................1.............@.................................cE....@.................................\...x....`..H............*..@....p..h.......................................@............................................text............................... ..`.rdata...C.......D..................@..@.data....0... ......................@....rsrc...H....`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2native.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):19008
                                                                                Entropy (8bit):6.372096409611824
                                                                                Encrypted:false
                                                                                SSDEEP:384:PTjlu57T5J5eFeYW7TPVlN3B+ASZQ4NNR7F3qnYPLr7om0:PnUd5eFeDfd5Sj7oC7om0
                                                                                MD5:4023E25F92B5F13E792901BF112A8EA2
                                                                                SHA1:31ADCD411905832B89EA55DEC8B9C83AF3C7D3EA
                                                                                SHA-256:432AEDAC59FA161FED5A5D95CA5F8CFD1D73A35ABE8A7090D137100F727B687B
                                                                                SHA-512:AD0E6F8071EB09E843989E637BACA988DD7706D84FC26DB7C2E18BBE03A78A6C5BFE4F1B28289B5929B2B86C53FB6C3DAE42523DC8EDE8057A8F431AEA77BB20
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~fQ.~fQ.~fQ...Q.~fQ...Q.~fQ...Q.~fQ...Q.~fQ.~gQ.~fQ...Q.~fQ...Q.~fQ...Q.~fQ...Q.~fQ...Q.~fQRich.~fQ................PE..L....PjW...........!.........................0.....o.........................p.......8....@..........................8......43..P....P...............2..@....`.......1..............................P1..@............0.......2..@....................text............................... ..`.rdata..T....0......................@..@.data........@.......&..............@....rsrc........P.......*..............@..@.reloc..J....`......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2ssv.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):186944
                                                                                Entropy (8bit):6.612459610032652
                                                                                Encrypted:false
                                                                                SSDEEP:3072:XsSFQQB7SGWV2xrkvql6QPJD7mGVqjLypDTaDE5zwmFxy7HglbZrdIG:XJ97PxYAPJ/RV0tDCzw+xy0ldOG
                                                                                MD5:E9373908186D0DA1F9EAD4D1FDAD474B
                                                                                SHA1:C835A6B2E833A0743B1E8F6F947CFE5625FE791F
                                                                                SHA-256:E2FBD6C6334D4765FF8DFF5C5FE3DF8B50015D0BF9124142748FADB987B492FF
                                                                                SHA-512:BFDC236D462DAC45FD63C112E40558ED4E11E76FB4D713926A679FD573F67FA16451231A03178926B76BD267F092A33A3B6760CF4812DE2679BB9505B83F8261
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B.+.#.x.#.x.#.x.mGx.#.x..Ax.#.x..ux3#.x.[Lx.#.x.[\x.#.x.#.x #.x.Utx.#.x..tx.#.x..Dx.#.x..Ex.#.x..Bx.#.xRich.#.x................PE..L....PjW...........!................K........ .....o................................,j....@................................. ...d.......................@............"...............................f..@............ ..P...L|.......................text...\........................... ..`.rdata...m... ...n..................@..@.data....5...........z..............@....rsrc...............................@..@.reloc...%.......&..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jpeg.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):145984
                                                                                Entropy (8bit):6.69725055196282
                                                                                Encrypted:false
                                                                                SSDEEP:3072:S2yRKm4/j/dKLnjHy7OMD+MqS1RYio7+oD33GnUV0fem2M:S2ytqlYnjHehDzqiq+oD33OUV8Vx
                                                                                MD5:4294D39CC9E5F23754D41B9DDE710112
                                                                                SHA1:1BAA1E136F18108AB4E31EC005DEC54FC3F23A7C
                                                                                SHA-256:DE3EEDED01B35DC7C29B0B758211BB1DB73CCFFB9298D281DAF56924ED9E93CB
                                                                                SHA-512:E88DFF129DD35445B32A2DBCAB97CF752E9ACDF82FF88B184FA6D3B461D55BD2D195794802C5BA5E7EFFA086DC89E0C2CEF0C8B0BFA29AC70B75CFB1B4B0584C
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........:.j.i.j.i.j.i..5i.j.i..8i.j.i...i.j.i..:i.j.i.j.i.j.i...i.j.i..=i.j.i..<i.j.i..;i.j.iRich.j.i................PE..L....PjW...........!.........P......)..............o.........................`............@.........................."..X.......P....@..............."..@....P..........................................@............................................text...N........................... ..`.rdata...9.......:..................@..@.data........0......................@....rsrc........@......................@..@.reloc..4....P......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsdt.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):16448
                                                                                Entropy (8bit):6.482296988184946
                                                                                Encrypted:false
                                                                                SSDEEP:384:n11I27Bf0jeZy+hiqEyRoPV527rBnYPLr7/U:nrJfYqodYJC78
                                                                                MD5:4BDF31D370F8A893A22820A3B291CC1D
                                                                                SHA1:BD27656B42F881EEE1940CFE15CF84C1938B57BA
                                                                                SHA-256:C98DFAC99CC1E05D5F86B2577031A7624DCC13D0A8344B2855F166335177BC16
                                                                                SHA-512:51623274C13DA71AD01DBAD7950444B512F08C3DC04E27F0321DF02E9F3C4DFB308DEF35F58524CCCCE79ED2A8859D85C16DC0D9BEA378E5538E23602D35AA76
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{.m..d>..d>..d>.b.>..d>...>..d>..e>..d>...>..d>...>..d>...>..d>...>..d>...>..d>...>..d>Rich..d>........................PE..L....PjW...........!.........................0.....o.........................p......n.....@.........................P8..:....4..<....P...............(..@....`.......0...............................3..@............0...............................text............................... ..`.rdata.......0......................@..@.data...`....@....... ..............@....rsrc........P......."..............@..@.reloc.......`.......&..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsound.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):30784
                                                                                Entropy (8bit):6.609051738644882
                                                                                Encrypted:false
                                                                                SSDEEP:384:mk87qhVj8sqgP7CRLMOPfkGo7UdJs0flkg2uG8RPGHTR5ny5pnYPLr7z:mk87qhVjaMOPJdJFflLJR+V03C7z
                                                                                MD5:7BD914407C6D236B27865A8C63147B7F
                                                                                SHA1:9B49E48705341D30E3F92B85652E924C7985E415
                                                                                SHA-256:549849DC910261D817670B192715430395993E811D0FD3103651237D7F18929D
                                                                                SHA-512:624DC95F696BEA311726EAFB0017F363C8703B95A2E08DE984C642867888CF5B9172326C2E2567ED4A2EA28F806B633840552C80BE49EB6CF2A8FC4A0C259117
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.Nu.h &.h &.h &...&.h &...&.h &...&.h &.h!&_h &...&.h &...&.h &...&.h &...&.h &...&.h &Rich.h &........PE..L....PjW...........!.....8...(.......A.......P.....o.................................G....@.........................P^.......V..P....................`..@...........`Q...............................U..@............P..D............................text...66.......8.................. ..`.rdata.. ....P.......<..............@..@.data...$....p.......V..............@....rsrc................X..............@..@.reloc...............\..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsoundds.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):27712
                                                                                Entropy (8bit):6.6264206752006825
                                                                                Encrypted:false
                                                                                SSDEEP:768:hgWe1DWI+mB7JkJKe3xVF2XNbuHEqe8yIGn3zY9pcQ/oGmEsg0sqkgiHmNs2Qd6X:qWbEK1Ms2dYJG
                                                                                MD5:6280201C1918EA3293919BB282D2B563
                                                                                SHA1:3F6F5299A435E2A0C36BE8AAD4CB2FCAACD0897D
                                                                                SHA-256:0711127A297E4CC1927D77013FC040CAA26930C34A4C7B4D7631BCE9C8041B74
                                                                                SHA-512:A4C4507ED4FDEC038FAFA62970161E7B75FF9A2ABBDF854ED55483144DCDC0FC9D21235FDDDF1B38303723F9C615AE388397C4D17B5391D8827A5B40AC52C5FC
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q...q...q.......q.......q.......q...q...q....=..q....<..q.......q.......q.......q..Rich.q..........................PE..L....PjW...........!.....6...$.......?.......P.....o................................p;....@.........................0Y.......S.......p...............T..@.......0....Q...............................R..@............P...............................text...f4.......6.................. ..`.rdata.......P.......:..............@..@.data...L....`.......J..............@....rsrc........p.......L..............@..@.reloc...............P..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\kcms.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):178240
                                                                                Entropy (8bit):6.793245389378621
                                                                                Encrypted:false
                                                                                SSDEEP:3072:gWosiKTxga2KtpdhEnGF5PNyR0BxDxxKF5HkEWnuYsauj9Fom1QB:3RRKAtpdhEn/0BzwFpvYm0z
                                                                                MD5:BF299F73480AF97A750492E043D1FADD
                                                                                SHA1:C93C4A2DAE812F31603E42D70711D3B6822F9E8E
                                                                                SHA-256:0334E3B7AE677116B92516172D0CA905723DAF847D8B3B0DC3FC118EDC703D51
                                                                                SHA-512:7265783F0DD653DBC4693D5EFEB156281620C5421F29910F14C22B75A936233E9E897087E64B641335795484837F28F113EE9F380027698A898F19115FD0F648
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........:..di..di..di.k.i..di.k.i..di...i..di.k.i..di..ei..di.k.i..di.k.i..di.k.i..di.k.i..diRich..di................PE..L...pPjW...........!.....^...F.......g.......p.....o.................................Z....@.............................d....x..P.......h...............@....... ...`q..............................pw..@............p..H............................text....\.......^.................. ..`.rdata.......p.......b..............@..@.data................v..............@....rsrc...h...........................@..@.reloc.. ...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\keytool.exe

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):15936
                                                                                Entropy (8bit):6.474237923131844
                                                                                Encrypted:false
                                                                                SSDEEP:384:Gps45cnQ6DmSHhV8r0eeU4Szi6nYPLr70aG:Gpsnn4S/8rxeUvC7RG
                                                                                MD5:9A4CF09834F086568DF469E3F670BF07
                                                                                SHA1:594C4E0394475A6299C79E3A063C7D5AE49635F3
                                                                                SHA-256:709E9E544434C52285A72F29AD6B99CE1E7668545F10AD385C87ABF34D2052BB
                                                                                SHA-512:CD551E7944461F3288B880B9D161F19F97EB4599A3A46CC93C4172B5112960FB0C040B9996F13CF0761FB85A283E2F20944135EC59660C807A59B29CDDC44586
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......@....@.................................4#..P....@..T............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...T....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\kinit.exe

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):15936
                                                                                Entropy (8bit):6.477340414037824
                                                                                Encrypted:false
                                                                                SSDEEP:384:Gps45cnk6LlmSHhV8i+ceek4SzS+nYPLr7wd:Gpsnn5AS/8jZek7C7wd
                                                                                MD5:4DE6BFE6EA98BC42A5358ED8307107B2
                                                                                SHA1:8F687E60784FD9046A361DC1DC85D43051CBD577
                                                                                SHA-256:7C07D167AA4A23AB64A205301663C87E578FF6B31985DF8B51AF80CA6999176F
                                                                                SHA-512:8091AADEACAD1DAC5191EBB996D1E4BE25A19C10A4E76F79AB7EA2A592711FD39AAD7E89D7DEE09385296AA7A649AABFA7C325C4A627AFE1C009C906709EDB5A
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`............@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\klist.exe

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):15936
                                                                                Entropy (8bit):6.477747126356611
                                                                                Encrypted:false
                                                                                SSDEEP:384:GpsJ5cn66FmSHhV8Teeek4SzSgnYPLr7mpB:GpsUngS/8TDekdC7yB
                                                                                MD5:CA17B8CBD623477C5D1D334B79890225
                                                                                SHA1:2BFC372A28EDE40093286CDA45003951A2CE424F
                                                                                SHA-256:A7AC47AC8518E2D53575E12521B3A766A5E2EE4133C6C6AB9AE1C3C6777F5E77
                                                                                SHA-512:D9DDF3E67B9A4E0197D271243623D4DF8A26A35EC2F5195AB316E910E133BA09C70F6D28E7CA69184E4ABABCF063C014D7A6E6EA48F82382B316864A945175C5
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`....... ....@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ktab.exe

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):15936
                                                                                Entropy (8bit):6.476844183458217
                                                                                Encrypted:false
                                                                                SSDEEP:384:Gpsw5cnL6U0mSHhV89+ee84SzSFnYPLr7KTdK:Gps/nHpS/89je80C7KQ
                                                                                MD5:B4AD335E868693F009B7644E2ED555C1
                                                                                SHA1:ECCB9711CF78BCD5BD78231A838B1852764B301C
                                                                                SHA-256:CCA46A54A1A9CE78F7FFC49D195C4AB970AD540B5FCB2B6D9BF57EEDF38EC28D
                                                                                SHA-512:04A4670345B47C5B256220A85FFC68A1DD6DFE8D44838A4C634EB0EBC469EFC307B0BCF838AA1244634A315F365518B1633586B872C6D459EE80374D14234CA4
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`......{.....@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\lcms.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):185920
                                                                                Entropy (8bit):6.517453559791758
                                                                                Encrypted:false
                                                                                SSDEEP:3072:pmxoFzYbnERrNyf0VCyqp2pswAG8wJfV1cnrQKUCc9rBTq/bKQcUMZ:koFJcQCyuZG8wdKcLgbDcU6
                                                                                MD5:D4246AF96E1FFA5E63C55E6F0A63ED82
                                                                                SHA1:30F319CEBD7BCCCFC3637231D07F45BD5A79B03E
                                                                                SHA-256:84576AAC88D08E864645415D8A81F4B8F04C881B7624973C952BA6BCB94F4C8C
                                                                                SHA-512:92EDFE62BE5BDDC47EC51B01F8FE71C69691423ABECBB358A972766ACCDC8F9365C064FD0A7833C8853EDD5DED51791A7662584DB5F54BE3586AC2787160FA6A
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......AE.m.$z>.$z>.$z>.\.>.$z>...>.$z>...>.$z>...>.$z>.${>T$z>...>"$z>...>.$z>...>.$z>...>.$z>Rich.$z>........................PE..L...pPjW...........!.................%.......0.....o......................................@..........................P..h...LK..d.......................@.......$... 1...............................I..@............0...............................text............................... ..`.rdata..H#...0...$... ..............@..@.data....h...`...\...D..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\management.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):33344
                                                                                Entropy (8bit):6.5580840927675945
                                                                                Encrypted:false
                                                                                SSDEEP:768:5TuVpsEkV3/azbYJHf2ZdCwhxKdv0tCFC7dRb:5YQV3/az8x2HCSScC4dRb
                                                                                MD5:EFF31A13A4A5D3E9A5BD36E7349D028B
                                                                                SHA1:8E47BE8C1CE4DFD73B7041679E96EA4A17DDB4C0
                                                                                SHA-256:307B816892FDD9BAD9E28953E1BBB4BCE35C8F8CA783C369D7EB52A22BCC4229
                                                                                SHA-512:72148C757624868D3866C40B31149CCA171737D82ADBCDF2C8FB03A9D8F3C1CEA2B2FC5137DD11DAAD2328D3AF8FAE43568DCCD843664BC43323F9357B67B6A0
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\j.29.29.29w..9.29...9.29...9.29..9.29...9.29.39..29...9..29...9.29...9.29...9.29Rich.29........PE..L...pPjW...........!.....,...>......H6.......@.....o................................T.....@..........................T.......K.......................j..@...........pA..............................XJ..@............@..P............................text...^+.......,.................. ..`.rdata...-...@.......0..............@..@.data...@....p.......^..............@....rsrc................`..............@..@.reloc...............d..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\mlib_image.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):574528
                                                                                Entropy (8bit):6.508068830472597
                                                                                Encrypted:false
                                                                                SSDEEP:12288:NtKMEr1LBBgPcvhwhtRtL+tKJZetu4zxLukaMevlOjPMat4+8NMutQaLqqiINw3X:NtKMEr1VBgPcvhwhtRtL+tkZezxLuQeS
                                                                                MD5:5E1B7D0ACCB4275DEAB6312AA246CB3E
                                                                                SHA1:488A5CB9D9C0CF27824DF32B9B76D4F67F6FB485
                                                                                SHA-256:9FC49B3F6FD11A2B2B92748C24F21721D1011B1920D092E38AF4021102125543
                                                                                SHA-512:5A875DD4731E862F753EBB987593DC61D39DD3D3D13CDED284DE27DD09AFA946FA96824AC194EC0DD45AA2CE0D56637A5522F49F28F3C89B7F5248D389B1B62E
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Y...8i.8i.8i.@..8i....8i.8h.8i....8i....8i.....8i....8i....8i....8i.Rich.8i.........PE..L...pPjW...........!...............................o.....................................@......................... ..."......<.......................@...........................................p...@............................................text............................... ..`.rdata..B...........................@..@.data...,...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcp120.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):455328
                                                                                Entropy (8bit):6.698367093574994
                                                                                Encrypted:false
                                                                                SSDEEP:12288:uZ/8wcqw2oe+Z3VrfwfNOOoWhUgiW6QR7t5ss3Ooc8DHkC2e77/:W/8wVwHZFTwFOOos3Ooc8DHkC2e77/
                                                                                MD5:FD5CABBE52272BD76007B68186EBAF00
                                                                                SHA1:EFD1E306C1092C17F6944CC6BF9A1BFAD4D14613
                                                                                SHA-256:87C42CA155473E4E71857D03497C8CBC28FA8FF7F2C8D72E8A1F39B71078F608
                                                                                SHA-512:1563C8257D85274267089CD4AEAC0884A2A300FF17F84BDB64D567300543AA9CD57101D8408D0077B01A600DDF2E804F7890902C2590AF103D2C53FF03D9E4A5
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o...+.N+.N+.N.3wN).N+.N..Nm.aN(.Nm.cN#.Nm.]N..Nm.\Ne.Nm.YN-.Nm.`N*.Nm.gN*.Nm.bN*.NRich+.N........................PE..L....|OR.........."!.........................0.......................................x....@..........................W..L...<...<........................>.......D...................................K..@...............<............................text...<........................... ..`.data....^...0...0... ..............@....idata...............P..............@..@.rsrc................j..............@..@.reloc...D.......F...n..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr100.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):773968
                                                                                Entropy (8bit):6.901569696995594
                                                                                Encrypted:false
                                                                                SSDEEP:12288:yMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BV0eAI:dmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV4I
                                                                                MD5:BF38660A9125935658CFA3E53FDC7D65
                                                                                SHA1:0B51FB415EC89848F339F8989D323BEA722BFD70
                                                                                SHA-256:60C06E0FA4449314DA3A0A87C1A9D9577DF99226F943637E06F61188E5862EFA
                                                                                SHA-512:25F521FFE25A950D0F1A4DE63B04CB62E2A3B0E72E7405799586913208BF8F8FA52AA34E96A9CC6EE47AFCD41870F3AA0CD8289C53461D1B6E792D19B750C9A1
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L..."._M.........."!.........................0.....x................................u.....@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr120.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):970912
                                                                                Entropy (8bit):6.9649735952029515
                                                                                Encrypted:false
                                                                                SSDEEP:12288:LBmFyjLAOQaYkxGXPfY7eiWWcpOKnpTVOIxhK765qlRRb6x4pI23IbJQV:dmFyjLF847eiWWcoGZVOIxh/WxIAIbGV
                                                                                MD5:034CCADC1C073E4216E9466B720F9849
                                                                                SHA1:F19E9D8317161EDC7D3E963CC0FC46BD5E4A55A1
                                                                                SHA-256:86E39B5995AF0E042FCDAA85FE2AEFD7C9DDC7AD65E6327BD5E7058BC3AB615F
                                                                                SHA-512:5F11EF92D936669EE834A5CEF5C7D0E7703BF05D03DC4F09B9DCFE048D7D5ADFAAB6A9C7F42E8080A5E9AAD44A35F39F3940D5CCA20623D9CAFE373C635570F7
                                                                                Malicious:false
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S9...XlA.XlA.XlA..A.XlA.XmA.XlAQ..A.ZlAQ..AvXlAQ..A!XlAQ..A.XlAQ..A.XlAQ..A.XlAQ..A.XlARich.XlA........PE..L....|OR.........."!................D............................................... .....@.........................`........R..(....p...................>......d]..@...8...........................H...@............P...............................text............................... ..`.data...4e.......V..................@....idata.......P......................@....rsrc........p.......0..............@..@.reloc..d].......^...4..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\net.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):79936
                                                                                Entropy (8bit):6.675027571633986
                                                                                Encrypted:false
                                                                                SSDEEP:1536:ygRdVzzmTj2iu+wk5eQjBE55W+hYRwZZ3GFjJJ5n5WF:yIfmHsM5j6VqJJ55WF
                                                                                MD5:691B937A898271EE2CFFAB20518B310B
                                                                                SHA1:ABEDFCD32C3022326BC593AB392DEA433FCF667C
                                                                                SHA-256:2F5F1199D277850A009458EDB5202688C26DD993F68FE86CA1B946DC74A36D61
                                                                                SHA-512:1C09F4E35A75B336170F64B5C7254A51461DC1997B5862B62208063C6CF84A7CB2D66A67E947CBBF27E1CF34CCD68BA4E91C71C236104070EF3BEB85570213EC
                                                                                Malicious:false
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!.._e.}.e.}.e.}.~'..d.}.~'..g.}.....f.}.~'..c.}.e.|..}.l...b.}.l...d.}.~'..D.}.~'..d.}.~'..d.}.~'..d.}.Riche.}.................PE..L...pPjW...........!.........l.....................o.........................`......-.....@.............................1............0............... ..@....@...................................... ...@...................l...`....................text............................... ..`.rdata...L.......N..................@..@.data........ ......................@....rsrc........0......................@..@.reloc..*....@......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\nio.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):51264
                                                                                Entropy (8bit):6.565433654691718
                                                                                Encrypted:false
                                                                                SSDEEP:768:a+BEJER/xSW/EoB8VBQZbKYawLysHFhIAqQbQMD8YpwQ+Qi4v8qUYVC7R:a+BEJERvQGbKnwusjIAq08YDi4UqUYoR
                                                                                MD5:95EDB3CB2E2333C146A4DD489CE67CBD
                                                                                SHA1:79013586A6E65E2E1F80E5CAF9E2AA15B7363F9A
                                                                                SHA-256:96CF590BDDFD90086476E012D9F48A9A696EFC054852EF626B43D6D62E72AF31
                                                                                SHA-512:AB671F1BCE915D748EE49518CC2A666A2715B329CAB4AB8F6B9A975C99C146BB095F7A4284CD2AAF4A5B4FCF4F939F54853AF3B3ACC4205F89ED2BA8A33BB553
                                                                                Malicious:false
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J!...@..@..@...@..@...u..@...B..@..@..@..8M..@...t..@...E..@...D..@...C..@.Rich.@.........PE..L...pPjW...........!.....V...Z......9_.......p.....o................................X.....@..............................+..L|..........................@.......t....r...............................{..@............p...............................text...TT.......V.................. ..`.rdata...F...p...H...Z..............@..@.data...(...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\npt.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):17472
                                                                                Entropy (8bit):6.403594687791098
                                                                                Encrypted:false
                                                                                SSDEEP:192:A3PK394shTLHzW8KMw3X+PVR6y/FNdoEUtnYe+PjPriT0fwoBpp6Z:BThTrzPPQOPV5NNdoEwnYPLr7xc
                                                                                MD5:94CAADA66F6316A9415A025C68388A18
                                                                                SHA1:57544E446B2B0CFBA0732F1F46522354F94B7908
                                                                                SHA-256:D1C4FB91296D643AEE6AB9CD66CC70ACBE2667AD572D969A06FFEAA2A8859FAF
                                                                                SHA-512:AC29E7C722A266DCB633953EF2A7E33DF02059AC7876FF94828464B5B74B5BC321C5D2D2851F3CBBFE1328D18F3CD9A49E5EFFE7E4E8AC2BEB3A0E4AAA53AD87
                                                                                Malicious:false
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............w...w...w....@..w..O9K..w....O..w...w...w....M..w....x..w....y..w....H..w....I..w....N..w..Rich.w..........PE..L...qPjW...........!................)........0.....o.........................p......w.....@..........................7.._....3..<....P...............,..@....`.......0...............................2..@............0...............................text...>........................... ..`.rdata..O....0......................@..@.data...X....@......."..............@....rsrc........P.......$..............@..@.reloc.......`.......(..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\orbd.exe

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):16448
                                                                                Entropy (8bit):6.380289288441742
                                                                                Encrypted:false
                                                                                SSDEEP:384:GpsCgvnvId6YmSHhV85AeencGtnYPLr7Vz:GpsDngGS/851ebC7Vz
                                                                                MD5:7DA6AA3CC4763C6F9C20B43E6C9A9547
                                                                                SHA1:3F28CF8E6AAD199DCC621F2A2C8AD50126813B05
                                                                                SHA-256:F7375AD07F0BE6FD75E822A9ECFF5ACA073DB03B95894C05C7657BEC7AF59AF4
                                                                                SHA-512:7948EAA11B4026F9975B6CC4225A4C0B617341299364196F3825EEF4484A6EEB529319BF4F6D19436689083C36BF1F6B9880574764612FC900C8CC1D73EED1BB
                                                                                Malicious:false
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................z........ ....@..........................`......1.....@..................................#..P....@..H............(..@....P....... ..............................h"..@............ ...............................text............................... ..`.rdata..*.... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......&..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\pack200.exe

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):15936
                                                                                Entropy (8bit):6.4779230305378315
                                                                                Encrypted:false
                                                                                SSDEEP:384:Gpsk5Bn46zmSHhV8yYAeeU4Sz5uwnYPLr73ki:GpsungS/8yY1eUuwC79
                                                                                MD5:E9AA62B1696145A08D223E7190785E25
                                                                                SHA1:A9A0CB22A28A3843CF6CCBC9578B1438F0A7B500
                                                                                SHA-256:EA9DF3432EF31B6864112AF1CEC94E6BE33B92A9030369B9F99225113BCA6EF8
                                                                                SHA-512:516FA102922980DF592DD08A840DA9073B6568F5E52847968C59995F2BD067AC6D2668D0272AE017D0C71AF627766A8676AE1EB1BC520B76F1F9C5CEEB4BA840
                                                                                Malicious:false
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......#....@.................................D#..P....@..T............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...T....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\plugin2\msvcr100.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):773968
                                                                                Entropy (8bit):6.901569696995594
                                                                                Encrypted:false
                                                                                SSDEEP:12288:yMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BV0eAI:dmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV4I
                                                                                MD5:BF38660A9125935658CFA3E53FDC7D65
                                                                                SHA1:0B51FB415EC89848F339F8989D323BEA722BFD70
                                                                                SHA-256:60C06E0FA4449314DA3A0A87C1A9D9577DF99226F943637E06F61188E5862EFA
                                                                                SHA-512:25F521FFE25A950D0F1A4DE63B04CB62E2A3B0E72E7405799586913208BF8F8FA52AA34E96A9CC6EE47AFCD41870F3AA0CD8289C53461D1B6E792D19B750C9A1
                                                                                Malicious:false
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L..."._M.........."!.........................0.....x................................u.....@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\plugin2\npjp2.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):172096
                                                                                Entropy (8bit):6.3747906238754855
                                                                                Encrypted:false
                                                                                SSDEEP:3072:1WkHL+UE3r2l5p2WqjgFWcWpPa6QoCzOb/UcODMM4cBqg8UyJNd5uGZzfYtRD+Em:YdNq5YkFuPYzOb/UcODMM4cBqg8UyJNR
                                                                                MD5:FB658E2F5E185FE5762B169A388BA0BD
                                                                                SHA1:386235AB2F7AD35E82CD9AC97E9B56E1E308BC90
                                                                                SHA-256:A91E68C76A90A02D9EDF75E5141C248B3AA5DD612E37883D27065D78A782AF20
                                                                                SHA-512:B0EAB6F2572552298CD221AF9E71CA7C02375D92E14F7EBD783F5DC9247964F72E658DBFC4273BD3C36DF57199171263F1A4969F133823965448C552BB514EEC
                                                                                Malicious:false
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-n.C=.C=.C=...=..C=a..=..C=...=..C=...=..C=.B=..C=...=..C=...=.C=...=.C=...=.C=...=.C=...=.C=Rich.C=........................PE..L...rPjW...........!.....J...@.......-.......`.....o......................................@.............................A............ ...h..............@.......h....c..................................@............`..H............................text....H.......J.................. ..`.rdata..!....`.......N..............@..@.data...X!..........................@....rsrc....h... ...j..................@..@.reloc...".......$...d..............@..B................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\policytool.exe

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):15936
                                                                                Entropy (8bit):6.477211573452372
                                                                                Encrypted:false
                                                                                SSDEEP:384:Gps25Bnb61mSHhV8nOeet4SzvBQnYPLr7D8/:Gpson1S/8nTetJSC7+
                                                                                MD5:ED3F3D8E4C382BF8095B9DE217511E29
                                                                                SHA1:CAE91B9228C99DCC88BAC3293822AC158430778C
                                                                                SHA-256:800F41B877AA792A8469C4DBB99838E7A833B586EC41BD81DA81EAA571F7FAC1
                                                                                SHA-512:023855267C6CC6BD5230E7A922310328E8DC0521C041C038C579035C9B1E70EAC168695B56357793505375E0B134FAD040BB284C6B02B3190EE7F6FCAEC33FE9
                                                                                Malicious:false
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`...........@.................................D#..P....@..h............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...h....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\prism_common.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):52800
                                                                                Entropy (8bit):6.433054716020523
                                                                                Encrypted:false
                                                                                SSDEEP:1536:Rk2X5KQaT9nNrmTTY99ccAlGGzGRulFJWpiDO:RkgUhpmA99ccOGGzGRuPJWpgO
                                                                                MD5:6D05EAD2F6B95C4AFFCFB1B27DC0C188
                                                                                SHA1:0D04A67505D006493F252985AC294B534D271EF2
                                                                                SHA-256:6330591A151E565B5EAB2D174DF8E2F6523A8F403E4E8D8C8DC58D0945881F19
                                                                                SHA-512:DBE98FA16162636039853E9A82CADBE4E6D5A4E6E282A3FBBC122229C314C91E7C445FEB83921EBFE024DC09BC6AA76682F903036A2D2BEA363F1D09DD571B10
                                                                                Malicious:false
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q..D5.w.5.w.5.w..J..7.w.5.v...w.8..6.w.8..6.w.8..9.w.8..7.w.H..2.w.H..4.w.8..4.w.H..4.w.Rich5.w.........................PE..L...pPjW...........!...............................o................................/&....@....................................<.......................@...............................................@............................................text.............................. ..`.rdata..X...........................@..@.data...D...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\prism_d3d.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):116288
                                                                                Entropy (8bit):5.7845827860105885
                                                                                Encrypted:false
                                                                                SSDEEP:3072:UbqmeUF67oaebwU3ta+uHMg9glgFvcfgfgzgG4g9XTXDXp+RuXGXlXdY9vXTXvXQ:8qmeUF67ZeUUVjcIA
                                                                                MD5:5AADADF700C7771F208DDA7CE60DE120
                                                                                SHA1:E9CF7E7D1790DC63A58106C416944FD6717363A5
                                                                                SHA-256:89DAC9792C884B70055566564AA12A8626C3AA127A89303730E66ABA3C045F79
                                                                                SHA-512:624431A908C2A835F980391A869623EE1FA1F5A1A41F3EE08040E6395B8C11734F76FE401C4B9415F2055E46F60A7F9F2AC0A674604E5743AB8301DBADF279F2
                                                                                Malicious:false
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........tm....X...X...X.G.X...X.G.X...X.G.X...X.G.X...XR..X...X...X...X.l.X...X.l.X...X.G.X...X.l.X...XRich...X........PE..L...pPjW...........!................=..............o................................|.....@.........................0...K...|...d.......................@....... ......................................@...............4............................text.............................. ..`.rdata..X...........................@..@.data...............................@....rsrc...............................@..@.reloc.. ...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\prism_sw.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):86592
                                                                                Entropy (8bit):6.686302444148156
                                                                                Encrypted:false
                                                                                SSDEEP:1536:/QsPinZd9lmzFRQnJ9sSpkWgVenAe7C3xWxNO3A4:lPE9lEmtpkj7eqWxNCA4
                                                                                MD5:5E6DDF7CF25FD493B8A1A769EF4C78F7
                                                                                SHA1:42748051176B776467A31885BB2889C33B780F2D
                                                                                SHA-256:B9BEACA57BFF23C953917C0B2037351EF3334E6A9DE447DCA6542FE5C815BF9F
                                                                                SHA-512:C47F742F064B99E5B9C2BDEAC97472D9D8C9466C9071E9799AF79F820199D9B30B198C33EF635F07A972B77475AFEA9E7417AA6335D22A7380E7B0E552869C18
                                                                                Malicious:false
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!3.ueRr&eRr&eRr&...&gRr&eRs&ERr&h..&fRr&h..&oRr&h..&hRr&h..&gRr&.+.&nRr&.+.&dRr&h..&dRr&.+.&dRr&RicheRr&........PE..L...qPjW...........!................~..............o................................O.....@........................../..B...D4..<....p...............:..@.......\...................................0...@...............|............................text...4........................... ..`.rdata..*w.......x..................@..@.data...$....@....... ..............@..._RDATA.......`.......(..............@..@.rsrc........p.......0..............@..@.reloc..\............4..............@..B................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\resource.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):14912
                                                                                Entropy (8bit):6.381906222478272
                                                                                Encrypted:false
                                                                                SSDEEP:192:kNncquU+hyD13XLPVlD6o+N9F5os7USnYe+PjPriT0fwXF27:kNcWp7PVl67/nYPLr7s27
                                                                                MD5:3C9DC0ED8ADD14A0E5B845C1ACC2FF2E
                                                                                SHA1:25C395ADE02199BEDCEE95C65E088B758CD84435
                                                                                SHA-256:367C552FBA3DA5F22791CF8F22B983871639ECD2EF7F5B1880021FE4C4F65EE4
                                                                                SHA-512:4DD5F68180D03B6621E46732F04B47F996B96F91F67845538D1B303E598CCFDB5E4F785A76DE7DFCB8918125FDB06B9068C4EAB06984B5AA9224DCE90190BA1A
                                                                                Malicious:false
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z>Mg._#4._#4._#4.'.4._#4..4._#4..4._#4..4._#4._"4>_#4..4._#4..4._#4..4._#4..4._#4Rich._#4................PE..L...pPjW...........!......................... .....o.........................`.......>....@..........................%......\"..d....@..............."..@....P..D.... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...`....0......................@....rsrc........@......................@..@.reloc.......P....... ..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\rmid.exe

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):15936
                                                                                Entropy (8bit):6.466364086630595
                                                                                Encrypted:false
                                                                                SSDEEP:384:Gpss5cnn6vmSHhV8TI1ee84SzK8nYPLr7HuY:Gps7nnS/8Tte8tC7HuY
                                                                                MD5:12B6E1C3205A8B17AC20E00A889DFC43
                                                                                SHA1:42458CFA7135858ACEF10803B87A208FA7E66413
                                                                                SHA-256:EAEA20A794EC6BB15808EF278376A87CF91F9BE15FE6A7DE92014AC4BF75555D
                                                                                SHA-512:174703820636DED2BA081420A8D1E37D67FDA6C13AC406C2F08E16DCF0C7B7D9642E37BC888802B50ED3438D6029C4FECCD7C151B82CF9A91F13F36C4A0B2019
                                                                                Malicious:false
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`......r.....@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\rmiregistry.exe

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):15936
                                                                                Entropy (8bit):6.475930674615241
                                                                                Encrypted:false
                                                                                SSDEEP:384:GpsFG5BnK6xmSHhV8TCeeX4SzREnYPLr7Ggp:Gpsen0S/8TveXUC7jp
                                                                                MD5:31C0CED43A07A2DFF3AFC557EBABBE0F
                                                                                SHA1:9100A7393B919EB35C79CE16A559D783219E2F20
                                                                                SHA-256:B93D0D62436D89C84C66ABBDCF817084A6BA01F7E10053C8F343DF5D53D37536
                                                                                SHA-512:716818BBF6E4F21C2A627259F1D35E8375EFEF9C3B197B3AF6E10A4A1735CC643141C32270DF7F6FE25733517BE38CAA09205B98119996237E8EAE6A7D0825A7
                                                                                Malicious:false
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`......84....@.................................D#..P....@..h............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...h....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\servertool.exe

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):15936
                                                                                Entropy (8bit):6.475447140204412
                                                                                Encrypted:false
                                                                                SSDEEP:384:Gps85BnF26emSHhV8QM1eet4SzvBonYPLr7I:GpsGnFjS/8QBetJWC7I
                                                                                MD5:43C1D1D0E248604CB3B643C0BDF4EC9A
                                                                                SHA1:7BEE9DEB1E43F0FECF0FC57BDFD3F79CF048151F
                                                                                SHA-256:165BFF317674BE33F2920320F3EF0957539E5BF149B673C2073DF48FF93A6D94
                                                                                SHA-512:CAA9B14DF20FFF92CFC4F9A8557804FBD4CC02831824CD53AEAC7D0EE7918BBD50E22A69AB5FFC9E92A468A5201DF263707D373D60378817DC5FEFDE1ABC48BF
                                                                                Malicious:false
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......t....@.................................D#..P....@..h............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...h....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\splashscreen.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):177216
                                                                                Entropy (8bit):6.909590121652277
                                                                                Encrypted:false
                                                                                SSDEEP:3072:L9Wyo+Jyru3w8WqWnJjOUrI7vh+Dug9PVWU+kmaVE9TBfQiJ8:BWyPsi34i+DugFj+kmaVE9TB4/
                                                                                MD5:8DC2356E3FF3A595AEDE81594A2D259A
                                                                                SHA1:A05E05E9EA8FB0C8928112CA931EB4F5E977B92A
                                                                                SHA-256:B9DE5D3ABBC0AC956E7F590E4C8507FF570B6C353374BB80F413B5846CE322FE
                                                                                SHA-512:D5C83EBDB7192DD361856B236A07AFD4FF95E68E0036396D68A3407ED680D4A36EC857AB101DBA5F583AA67CC45A2835178DAC84A68472C7F619EFA674FE51F0
                                                                                Malicious:false
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................8h....z.l.....8j.....8_......_......g.......h....8^......8o.....8n.....8i....Rich...........................PE..L...pPjW...........!...............................o......................................@.........................`...........P.......................@...........`...................................@...............D...|...@....................text............................... ..`.rdata..]...........................@..@.data....1..........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ssv.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):473152
                                                                                Entropy (8bit):5.475991416072106
                                                                                Encrypted:false
                                                                                SSDEEP:6144:ngmgmb+p19k+j4QJKFDSha+IJ6NyLu/wtAWvrMZp5WMuBzj:n17bsj4QJlha+XNyLu/iAWvhBzj
                                                                                MD5:79CFE207E05F771E29847573593F6DE1
                                                                                SHA1:34DFA813802C6F5A57A557BF72B2B306F8042E90
                                                                                SHA-256:AEB27727F428116069944BB92B477D7487C9DEB3921E1005814536459E35222F
                                                                                SHA-512:2C71A827BB156BD012BE20B30D701D5123D8B6C7889D4F4A47A483D3477C25BF224E7F205CA9FCCB08DA0A2EF28AF6433D018A0E555BCE911C31A5F462F41578
                                                                                Malicious:false
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@.....@..@..@..4@..@.u2@..@.u.@..@../@..@..?@..@..@:.@k..@..@.u.@\.@.u7@..@.u6@..@.u1@..@Rich..@........PE..L...pPjW...........!.....^..........r .......p.....o.........................p............@.........................@D.......+...........s........... ..@.... ..H6...t..................................@............p.......).......................text...\\.......^.................. ..`.rdata.......p.......b..............@..@.data....I...P...*...8..............@....rsrc....s.......t...b..............@..@.reloc...H... ...J..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ssvagent.exe

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):52800
                                                                                Entropy (8bit):6.367562931371078
                                                                                Encrypted:false
                                                                                SSDEEP:768:0UD9dxWf4b4UoY6sUsaJ2sQ7O+phclByW3T9KMDbgz2dN6lDb/9/YMw0c3D6QsTY:0IofovBbS9KMvHR0cz6QsTPOXm2BT9j7
                                                                                MD5:F434A8AC7F1C8C0E2587B9A9F30E397B
                                                                                SHA1:BD62E10E44117A60EB4180412112593D9460299D
                                                                                SHA-256:6A994B389B8F7109238DE6F230B1B540186ED2EC8D081C7601C6996863AA4DC8
                                                                                SHA-512:9896DAC36BD4F7289C7701B75AD8EB9F7ACD233384075A3FBA6E6F2F38E420F37C1A29317EEEA3C4DDBA1791F6F17187DD5BDFDD9F98F095E7D4DF20C0D5EA3E
                                                                                Malicious:false
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Hi.m...>...>...>..u>...>.Fq>...>..w>...>..C>...>.pj>...>.pz>...>...>...>c~B>...>..B>...>..s>...>..t>...>Rich...>........PE..L....HjW.................f...R.......i............@.................................._....@.....................................x.......................@.......X...@...............................P...@...................`........................text....e.......f.................. ..`.rdata...5.......6...j..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\sunec.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):123968
                                                                                Entropy (8bit):6.699694377005066
                                                                                Encrypted:false
                                                                                SSDEEP:1536:jWi/SLhxEJKv0O4+zwtKg3HquHB2u0YUdRXGCDilgKptxG0ULtt1vtxgl0IlgqA2:+vdtg6ZYUniPe5vtxgl0IlgqA2
                                                                                MD5:0BAB62A0CF67481EA2A7F3CAFD7C5144
                                                                                SHA1:D6B010C815F4D9C675DF918B615FE0AAE45249EA
                                                                                SHA-256:FC57682FDBCA50FAEBFC6B4F5D199FC407A541C110C15F0C850503006D32301A
                                                                                SHA-512:0128813DE247246BF4AECE1B222B6611E5AE1EDE01A1B339CFE0F98184739D7A066DAE4F1A271F544BB39F9B79F053F4B96F2E471B9444C29855CF52FB7835CB
                                                                                Malicious:false
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......y..@=..=..=..4.1.?....:.<..&G>.>..=.....&G<.:..&G..>..&G.....&G9.<..&G8.<..&G?.<..Rich=..................PE..L...qPjW...........!.........................0.....p......................................@.........................p...:...\...<.......................@............0..................................@............0...............................text............................... ..`.rdata.......0......................@..@.data...............................@....rsrc...............................@..@.reloc..>...........................@..B................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\sunmscapi.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):25664
                                                                                Entropy (8bit):6.488681310308951
                                                                                Encrypted:false
                                                                                SSDEEP:384:GxZ2v7Oc56lspQEgde9M3z27lFOJIjkzIPV5yKlWFKbKwnYPLr7Wo5L:Xr5PQEOe9MD4lFhjk8ddeKWwC7dL
                                                                                MD5:039AD8A7A4B14C321F156878838A2340
                                                                                SHA1:6AD9D2FBA988193D16E7B3278C0D0757AB99B3EF
                                                                                SHA-256:ED3AD7EBA989FB31C2ABC3220694D1446D33659782CB1B333318EC54A577389D
                                                                                SHA-512:7D5B8C191A7D0C4FEDB831DE197A3CB5DC0564AD3F2E57EEE8C506B2308B656D2F0FE086D508FAB8F03CA0E1B0574E708728373DFA3116C9B9FC5DFDB72FEE46
                                                                                Malicious:false
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........O.............................;......V...............:..........................Rich....................PE..L...rPjW...........!.....(..."......h2.......@.....p.................................3....@.........................`O.......G..d....p...............L..@...........PA..............................8D..@............@..4............................text....&.......(.................. ..`.rdata..8....@.......,..............@..@.data...`....`.......B..............@....rsrc........p.......D..............@..@.reloc..^............H..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\t2k.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):195136
                                                                                Entropy (8bit):6.80727029211823
                                                                                Encrypted:false
                                                                                SSDEEP:3072:fmtIwyq6lFq857zCYLFYEVothL10xYOXjV5qECVTHLy71vJ2qIcWYEfQQxIYh5t+:mIwyqM7qYLVVIqhfqfTm1W+Tws
                                                                                MD5:E1904A4B2D6F657B9FEF053893FE3C41
                                                                                SHA1:59AC965A1029AE936DDD5AE623A9A025D49737EC
                                                                                SHA-256:5929E3510F67FEAE073B8995BFC542FD7A0626F57D2FBC829EFC95206DF8F85F
                                                                                SHA-512:C0A60928299EA2E6DC8AD1E3DE9CEF77C8E520585F8D73BD7F56E33705D1A2AEC04AE9C01A8069AE5A0D71F28AEF42F4A260CF4D5BB44A95DCEB70E5C8DB8FEA
                                                                                Malicious:false
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`.zS$...$...$...-..&...?>..'...?>..!...$.......?>.. ...?>......?>..%...?>..%...?>..%...Rich$...................PE..L...pPjW...........!.....f...........p.............p......................... .......]....@.............................f...\...P.......................@...............................................@............................................text....e.......f.................. ..`.rdata..v[.......\...j..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\tnameserv.exe

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):16448
                                                                                Entropy (8bit):6.392776971200692
                                                                                Encrypted:false
                                                                                SSDEEP:384:GpssZwnvNmc6DDmSHhV8Ogee1cGPnYPLr7fl:GpssqnFm16S/8OVeLC7fl
                                                                                MD5:7624A9B769CDCF3A75FE5A9FEAADD61F
                                                                                SHA1:9269968968CD63D6E1ECC14F78B9A630FCC26FBE
                                                                                SHA-256:41F9A804C888A58DECDE2B63A544DBFF536B40D87CECED197E1A14050858C0DA
                                                                                SHA-512:1AF7BB30E1FC7600AD0A209DB4E077DAB9CEAA5C4332F8B1353ED0DB7EA71B4A9B7D126E756B634D3FB22618E39AFC5ED52263C88E9F7646EAABB0D9240E382B
                                                                                Malicious:false
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................z........ ....@..........................`......n.....@..................................#..P....@..\............(..@....P....... ..............................."..@............ ...............................text............................... ..`.rdata..J.... ......................@..@.data........0......................@....rsrc...\....@......................@..@.reloc.......P.......&..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\unpack.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):65600
                                                                                Entropy (8bit):6.461111208462538
                                                                                Encrypted:false
                                                                                SSDEEP:1536:lVeogiQWo3IzLIoDY9p6K/sdDAZ5e1x3afX:veDib4oDu4K/sdDAZ5CxEX
                                                                                MD5:806580640A68234A711D3BB0642130A7
                                                                                SHA1:1EDF20DAAC15FE90E9891E95130D0DD70D005B62
                                                                                SHA-256:CCCC2A9F54E4F5961DD45DAA1F6C97ECFB156EA8E0DF82277A2C109EA4D2E036
                                                                                SHA-512:0AAC087449DEECBB1CFAEE5C3144500CDC4C1D209D1F1F7D8EB41DD7870504BF71D0CC9AE7761BFC609F42273B7FB3CA7801AA54FB0E92BC71C41CC5CAECD31C
                                                                                Malicious:false
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D.H%..H%..H%..A]).J%...k".I%..S.$.L%..S...D%..S.&.O%..H%..w%..S...A%..S.!.I%..S. .I%..S.'.I%..RichH%..........PE..L...pPjW...........!.........L.....................p......................... .......<....@.........................`...........d.......................@...........................................P...@............................................text............................... ..`.rdata..q-..........................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\unpack200.exe

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):159296
                                                                                Entropy (8bit):6.019927381236816
                                                                                Encrypted:false
                                                                                SSDEEP:3072:9vFy5zbJEQFFB9AYeb11tzTQrTBfYEaf9zQ6NlUlh5:7iFry3b11twTBgEaf9zQ6Nc
                                                                                MD5:C15F0FE651B05F4288CBC3672F6DC3CE
                                                                                SHA1:FFCE84FE532B41F31CDDC41C84024FAFE6BC30E6
                                                                                SHA-256:869DC4D40444F10325057B0CC3BB7EA48942DD712DF8A1AE331A554FF0397F1A
                                                                                SHA-512:E9E27C4C68972E3250B380C1A5D5EB02BEC03028D389234A44A7D56974BFA233D177173F929BDB6FF877AE17A529D85D384684B0037E260A0143F7A95A0204C6
                                                                                Malicious:false
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ar.:%..i%..i%..i,kKi'..i.]@i&..i>.Di&..i%..in..i>.Fi ..i>.ri8..i>.si,..i>.Bi$..i>.Ei$..iRich%..i........PE..L....DjW..........................................@..................................c....@..................................p..<....................V..@........... ...............................@6..@............q...............................text............................... ..`.rdata.............................@..@.data........P.......(..............@....idata..D....p.......8..............@....rsrc................B..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\verify.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):39488
                                                                                Entropy (8bit):6.751057397220933
                                                                                Encrypted:false
                                                                                SSDEEP:768:Okt1MVMrA9/Klzwz9UyCgMUt9onPs3h3nVt83OndMY7dmMpAnC70N:Oo1oMQ/CrPa3VWO+gdmMW6q
                                                                                MD5:DE2167A880207BBF7464BCD1F8BC8657
                                                                                SHA1:0FF7A5EA29C0364A1162A090DFFC13D29BC3D3C7
                                                                                SHA-256:FD856EA783AD60215CE2F920FCB6BB4E416562D3C037C06D047F1EC103CD10B3
                                                                                SHA-512:BB83377C5CFF6117CEC6FBADF6D40989CE1EE3F37E4CEBA17562A59EA903D8962091146E2AA5CC44CFDDDF280DA7928001EEA98ABF0C0942D69819B2433F1322
                                                                                Malicious:false
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W.d....]...]...]...]...].H.]...].H.]...].H.]...]...]_..].H.]...].H.]...].H.]...].H.]...]Rich...]........................PE..L...pPjW...........!.....N...4.......W.......`.....p................................*k....@.................................<x..P.......................@...........Pa...............................v..@............`..<............................text....L.......N.................. ..`.rdata..e!...`..."...R..............@..@.data...(............t..............@....rsrc................v..............@..@.reloc...............z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\w2k_lsa_auth.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):21568
                                                                                Entropy (8bit):6.4868701533420925
                                                                                Encrypted:false
                                                                                SSDEEP:384:uVI9/tEAHVvfiqiW9LEiGTHb6hVXbS7fLsD5bGGNET7T7T7T7JyFoynPV5hgGLVt:uVI9/yA9f1iW9LEiGTHb6hVXbS7QbGG9
                                                                                MD5:7C2959F705B5493A9701FFD9119C5EFD
                                                                                SHA1:5A52D57D1B96449C2B40A82F48DE2419ACA944C3
                                                                                SHA-256:596F89E7E5D9AC2B1F97FA36A20A7405C1CC41A9FCBA96DB089ADA4550131B24
                                                                                SHA-512:B7B48BD14701F75B9018BEDEE5A4CFCEBDAC342F83339FB3F1EFB7855598474C9D1CC993B5D4ADD3326140435087D2BD7CBBC18BC76C64EAD6234A9A7D57C552
                                                                                Malicious:false
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D..3..`..`..`.E.`..`.E.`..`.E `..`...`..`..`2.`.E!`..`.E.`..`.E.`..`.E.`..`Rich..`........................PE..L...pPjW...........!.........".......#.......0.....p.................................h....@.........................@B.......<..x....`...............<..@....p.......0...............................;..@............0...............................text............................... ..`.rdata..6....0......................@..@.data........P.......2..............@....rsrc........`.......4..............@..@.reloc..&....p.......8..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\wsdetect.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):163904
                                                                                Entropy (8bit):6.508553433039132
                                                                                Encrypted:false
                                                                                SSDEEP:3072:onzJtwzsrYx6cY+90AiVrM5muIqltkt7maRoM/X1fJqO0NJT:onttwzsrYxTaVVY5muIq3mx/X1fcb
                                                                                MD5:A63387A1BFDF760575B04B7BFD57FF89
                                                                                SHA1:9384247599523D97F40B973A00EE536848B1D76F
                                                                                SHA-256:5DF5B7E6EFCC345DDC8448AFC707B666F5F696F554B00ACA64D8E23EDBC176BF
                                                                                SHA-512:CB3A6A394424345FFA076E0BE58F284A0E4DB6FBFCE02D93FB4871D350A7FA1E673175AE988C26453DB1C983C0D06A01DD413DE47031BB4BF308CAAF3513C36F
                                                                                Malicious:false
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5...T.^.T.^.T.^..)^.T.^../^.T.^...^&T.^.".^.T.^.,2^.T.^.,"^.T.^.T.^MT.^...^.T.^..*^.T.^..+^.T.^..,^.T.^Rich.T.^................PE..L...rPjW...........!...............................p......................................@.................................D........p..P............h..@.......d...................................P...@.......................@....................text............................... ..`.rdata...d.......f..................@..@.data...`@... ..."..................@....rsrc...P....p.......(..............@..@.reloc..~/.......0...8..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\zip.dll

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):69696
                                                                                Entropy (8bit):6.89860109289213
                                                                                Encrypted:false
                                                                                SSDEEP:1536:ZCghp1EJqcGdjandlraksIOwIOpVnToIft4tpgO6:/142jUhimp9TBft4tqO6
                                                                                MD5:CB99B83BBC19CD0E1C2EC6031D0A80BC
                                                                                SHA1:927E1E24FD19F9CA8B5191EF3CC746B74AB68BCD
                                                                                SHA-256:68148243E3A03A3A1AAF4637F054993CB174C04F6BD77894FE84D74AF5833BEC
                                                                                SHA-512:29C4978FA56F15025355CE26A52BDF8197B8D8073A441425DF3DFC93C7D80D36755CC05B6485DD2E1F168DF2941315F883960B81368E742C4EA8E69DD82FA2BA
                                                                                Malicious:false
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........H....................2.................4.....................5.............................Rich............PE..L...pPjW...........!.........h.....................p.........................0......V.....@.................................L...d.......................@.... ..X...0...................................@............................................text............................... ..`.rdata..wV.......X..................@..@.data...............................@....rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\dn-compiled-module.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Java archive data (JAR)
                                                                                Category:dropped
                                                                                Size (bytes):812078
                                                                                Entropy (8bit):7.990410724135471
                                                                                Encrypted:true
                                                                                SSDEEP:12288:RkKUxqdkCp8UydDyzg5T3pYyMJTh+S8nNh+iz9QUfXdGnu5+RTCmuD:RRUxwkCp5y9y05TpJkgSyNh1zXtD5WuD
                                                                                MD5:C7F4B29600C2353F7599DD4DA851DAE4
                                                                                SHA1:CFD3A61067E1982A56E1C5C77E53BBD523AD1DCC
                                                                                SHA-256:95371359A009DD7102E05AA36BC395C391772FC6066E95B46CBCEADFF1B6A58D
                                                                                SHA-512:E51BD0C5FFD5DB1746B2D928F4610B7BD186A392652B5CAC06200C226C69516933491E8DCB171E27BE53FB9B7C5A28B8CD8F0C7BD6D1AAAC3211BD5BA2FDAF06
                                                                                Malicious:false
                                                                                Preview:PK........6.CY................META-INF/....PK........5.CYc..\...h.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%-..y...R.KRSt.*A.-......u....4....sR......K..h.r.r..PK........5.CY.................packages/PK........5.CY................action/PK........5.CY................behaviour/PK........5.CY................behaviour/custom/PK........5.CY................bundle/PK........5.CY................bundle/jurl/PK........5.CY................bundle/windows/PK........5.CY................bundle/windows/api/PK........5.CY................bundle/windows/result/PK........5.CY................bundle/zip/PK........5.CY................facade/PK........5.CY................installer/PK........5.CY................installer/forms/PK........5.CY................installer/modules/PK........6.CY................php/PK........6.CY................php/compress/PK........5.CY................php/framework/PK........6.CY................php/gui/PK........6.CY................php/gui/framework/PK.....

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\dn-php-sdk.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                Category:dropped
                                                                                Size (bytes):13202
                                                                                Entropy (8bit):7.737712617961208
                                                                                Encrypted:false
                                                                                SSDEEP:192:LhR1Ygxt7I20RiT2dI03cIH8W6Bc4/kyOLZAy0ZH6AfkA8sFayhbD3D3KRe:1RNRI24AKBcW6BIyYreXf/iyhPD3KU
                                                                                MD5:3E5E8CCCFF7FF343CBFE22588E569256
                                                                                SHA1:66756DAA182672BFF27E453EED585325D8CC2A7A
                                                                                SHA-256:0F26584763EF1C5EC07D1F310F0B6504BC17732F04E37F4EB101338803BE0DC4
                                                                                SHA-512:8EA5F31E25C3C48EE21C51ABE9146EE2A270D603788EC47176C16ACAC15DAD608EEF4FA8CA0F34A1BBC6475C29E348BD62B0328E73D2E1071AAA745818867522
                                                                                Malicious:false
                                                                                Preview:PK........3.\K................META-INF/..PK........3.\K................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........3.\K................JPHP-INF/..PK........3.\K................JPHP-INF/sdk/..PK........3.\K..e.....\... ...JPHP-INF/sdk/ArithmeticError.phpe..j.0...@.Ac...n]..C..+8....)Xr....t.`cI.......i.K..t.V..F..)@...l.[B...G^b.E=I.a.2J..'..%.b. ^.......z........S ........v......d.h4...1NN]..,..t...~..yo&...G.....<@A...5. .\..ET.w;.S...w.....a..61...[.O....k....PK........3.\K.J.......... ...JPHP-INF/sdk/array-functions.php.Y]o.0.}G.?..M....M[.U.j.h.=F&..q2.0.u.}Nb ....:.@7p....p...Y...\]^v;.e.)C.....z.z.G...z1.P....h...U..H...jc.O..@4..U.._..K..C....6...q;..v.t;.})q....Q..eE..5wg+.l.c..V.......T{qJ..(53.cXn..<..#.k.....RI.A..8...D$..0..0]os...|...OR...p......]..`0.f.8.q....p...H....E..4>{...5.Xf.....5...Wms...>....LH..$,`C......T..#.#K..4".....f.-!h..MAle.m.a..2.....AZ......iT.Z.....Vu.J.a......p..4.6B..I..D9GY....}.L"Mh.....$...M.

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\gson.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                Category:dropped
                                                                                Size (bytes):231952
                                                                                Entropy (8bit):7.8987047381149225
                                                                                Encrypted:false
                                                                                SSDEEP:3072:2DiL6hR+wm60gqZjJhqo2M04r7bv1XMrMxw1rl1rwj+Bmd6dYBmkW1eIjEmFdbl6:bq0jSi2Qi1B1Cay6dYBUwmPxLe3
                                                                                MD5:5134A2350F58890FFB9DB0B40047195D
                                                                                SHA1:751F548C85FA49F330CECBB1875893F971B33C4E
                                                                                SHA-256:2D43EB5EA9E133D2EE2405CC14F5EE08951B8361302FDD93494A3A997B508D32
                                                                                SHA-512:C3CDAF66A99E6336ABC80FF23374F6B62AC95AB2AE874C9075805E91D849B18E3F620CC202B4978FC92B73D98DE96089C8714B1DD096B2AE1958CFA085715F7A
                                                                                Malicious:false
                                                                                Preview:PK...........H................META-INF/PK...........H..Q?....p.......META-INF/MANIFEST.MF.R]..0.|...`....$.8...SQ.C.....Kp... ..u>0.U..9.....Y....M..J3)2.....+A9..A..M.x.R.....q.SD].l{)w.......\..........=...N.n36..F.FM.../.b.6.A.D...l.Z].x4M'.t<.R7z..w.k}._.S@.g.z..81%E..dh.l.a.G.."'........n......Je.h6lM.(..r.{_.T&.....[....Z...N_. G.c............T6.z.z]m...N.s+..........R.Zg.`.Qg.a...a+e.J..W..%.P....7.I...$..wi.{...*...{...=.N......Q@.`v..$..G..........M./m3.....6.O.9...T.P.[X........~Lc.{Q$.QXHe=k...D.pE.nH...PK...........H................com/PK...........H................com/google/PK...........H................com/google/gson/PK...........H................com/google/gson/annotations/PK...........H................com/google/gson/internal/PK...........H................com/google/gson/internal/bind/PK...........H............#...com/google/gson/internal/bind/util/PK...........H................com/google/gson/reflect/PK...........H................com/google/g

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\jphp-app-framework.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                Category:dropped
                                                                                Size (bytes):106006
                                                                                Entropy (8bit):7.823795646704166
                                                                                Encrypted:false
                                                                                SSDEEP:1536:CPj4aLCBcnn4xGrpR7H30x4VTNVNM43QHt0msLiWzO5SQJn4494m75CYl3U:ETCBmnoCptBNNVNzQ6e5SQW494mlZ2
                                                                                MD5:0C8768CDEB3E894798F80465E0219C05
                                                                                SHA1:C4DA07AC93E4E547748ECC26B633D3DB5B81CE47
                                                                                SHA-256:15F36830124FC7389E312CF228B952024A8CE8601BF5C4DF806BC395D47DB669
                                                                                SHA-512:35DB507A3918093B529547E991AB6C1643A96258FC95BA1EA7665FF762B0B8ABB1EF732B3854663A947EFFE505BE667BD2609FFCCCB6409A66DF605F971DA106
                                                                                Malicious:false
                                                                                Preview:PK........3.\K................META-INF/..PK........3.\K................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........3.\K.................packages/..PK........3.\KpS..v............packages/framework.pkg.W.n.8.}....}..,.:m....c3.&.(Hr;....k..V..h.sH../.\..h... w.T6j....k.o..;L.....dBR.{/.I.P.t.H.:s...X.......#...-..CPm.....lT;..u........P..o.L.j..a.h...@.@..6`J....D9..IfT..U....d.B.]..........T.<.......nfs..k....P`..,..g........T[+@.em.cY...F.k.h..T.M.1....{.eg@+Q.._a.....(O.Z..y.UPu....;.M.......8O..d$....)...MlMc/..;.|....N.(.s.......1.c.n..... T+..._.g*@R9.. ...F...../...lg..>.....W...J.6.<.VT..iY.l....}......M.J.?.........YS....H.9rG.I.;....ZK...d'|....Ix....c.....ve._s......JOu..s....Z...)g........j.K.W.7.o .^....:!m...n...........*9Q'..8.<..3!.\.8.j...z.mn.....6.....].N/...x]..Ke....:.A.Z.......l..AaG3~..y.K8R..<#J?..P..._..k.H........ .]L8.......j......lYq..).......(.hCf...$$..l.....K...M3...Ll9....-.1.%.......v.....m...

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\jphp-core.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                Category:dropped
                                                                                Size (bytes):475905
                                                                                Entropy (8bit):7.8713354167151675
                                                                                Encrypted:false
                                                                                SSDEEP:12288:pyfuv+DnikW2IfqFXKzNGNyyRmfD4vCgdiRST:pLWDnid2IfZGAyAfczdig
                                                                                MD5:7E5E3D6D352025BD7F093C2D7F9B21AB
                                                                                SHA1:AD9BFC2C3D70C574D34A752C5D0EBCC43A046C57
                                                                                SHA-256:5B37E8FF2850A4CBB02F9F02391E9F07285B4E0667F7E4B2D4515B78E699735A
                                                                                SHA-512:C19C29F8AD8B6BEB3EED40AB7DC343468A4CA75D49F1D0D4EA0B4A5CEE33F745893FBA764D35C8BD157F7842268E0716B1EB4B8B26DCF888FB3B3F4314844AAD
                                                                                Malicious:false
                                                                                Preview:PK..........[K................META-INF/..PK.........rNK................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK..........[K................org/..PK..........[K................org/develnext/..PK..........[K................org/develnext/jphp/..PK..........[K................org/develnext/jphp/core/..PK..........[K................org/develnext/jphp/core/common/..PK..........[K0:..).......G...org/develnext/jphp/core/common/ObjectSizeCalculator$ObjectWrapper.class.RMo.@.}k;q.\....o.$....F.@.*".p.*.'6.*qp.`;.EH........%.$...q...B.V..r.....{o.....o...* ..yh8"..:..p.'u.b....pb.rk...q.g.H.K...._f.....1h..+.f[./........OH......]Y.....af..V.G#.2.M..a..Q$..h.a..u...~l.F......0..~..v........ \..)..{c.E..~.A...K;...U>J-..<.o..VkM.,..Fi...CG.....^..I%.y,..3p.gt.e...#....d(..'.J?#..q.E..jmj....\...;...Q,...]..n.qm{[{.............T..(P.G.......3.i}..*....t.xD...'..ja.6.J@.IV.?(c..|.r.....6.~..>A-ko.Q'..(.whtlB..AS'./#..P|J..1?... ....mRWj.S.CF7X.t.......I)[/..T...ze.k.WT..,.L.

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\jphp-desktop-ext.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                Category:dropped
                                                                                Size (bytes):17374
                                                                                Entropy (8bit):7.682654493549437
                                                                                Encrypted:false
                                                                                SSDEEP:384:Paj1PXNyyQwsCxm7VXh3il27I8pdo63XNrqlY3ylWn4iczt3Z:e1/BQwsCxIVXhuF8pKaXNdXn4icz9Z
                                                                                MD5:B50E2C75F5F0E1094E997DE8A2A2D0CA
                                                                                SHA1:D789EB689C091536EA6A01764BADA387841264CB
                                                                                SHA-256:CF4068EBB5ECD47ADEC92AFBA943AEA4EB2FEE40871330D064B69770CCCB9E23
                                                                                SHA-512:57D8AC613805EDADA6AEBA7B55417FD7D41C93913C56C4C2C1A8E8A28BBB7A05AADE6E02B70A798A078DC3C747967DA242C6922B342209874F3CAF7312670CB0
                                                                                Malicious:false
                                                                                Preview:PK........3.\K................META-INF/..PK........3.\K................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........3.\K................org/..PK........3.\K................org/develnext/..PK........3.\K................org/develnext/jphp/..PK........3.\K................org/develnext/jphp/ext/..PK........3.\K................org/develnext/jphp/ext/gui/..PK........3.\K............#...org/develnext/jphp/ext/gui/desktop/..PK........3.\K............+...org/develnext/jphp/ext/gui/desktop/classes/..PK........3.\K.|wk.......6...org/develnext/jphp/ext/gui/desktop/classes/Mouse.class.SmO.A.~...^O....J..P..QQ.."&M*.0|2!.c)...n..../&F.....(..-.A..}f.yff......2..0e.&.m.B!....ha..<C.#..~..P....0VZ.+T.]W....&.^.r.b.....r.|.E....m..Z.+...R...V..k^.......<.....z_F.K. ....!|%..{`.Q.%..[..].(..}..XeHQ........h...S.i.!....*.a.i.(..F6..m.I...R...Yp.2[....C..))%.f...]..Mt7..Sm6...D.D......'.K3);i{.7..ER..5..'N'..73ip?&^.hoZ.up.....,.e.wq..}.W..`.+..g.%....|...S.....*......&t.

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\jphp-gui-ext.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                Category:dropped
                                                                                Size (bytes):704689
                                                                                Entropy (8bit):7.834558665203789
                                                                                Encrypted:false
                                                                                SSDEEP:12288:sSn9gd/GXLtKb+Ozu5idmEfcHOPJZ7bw1kXn0yZLJZsDDpJSWB5qSEhQ:sMw/GXUb+euCVIOxRQIZOnuK
                                                                                MD5:6696368A09C7F8FED4EA92C4E5238CEE
                                                                                SHA1:F89C282E557D1207AFD7158B82721C3D425736A7
                                                                                SHA-256:C25D7A7B8F0715729BCCB817E345F0FDD668DD4799C8DAB1A4DB3D6A37E7E3E4
                                                                                SHA-512:0AB24F07F956E3CDCD9D09C3AA4677FF60B70D7A48E7179A02E4FF9C0D2C7A1FC51624C3C8A5D892644E9F36F84F7AAF4AA6D2C9E1C291C88B3CFF7568D54F76
                                                                                Malicious:false
                                                                                Preview:PK........gt]K................META-INF/..PK........0.\K................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK......../.\K................org/..PK......../.\K................org/develnext/..PK......../.\K................org/develnext/jphp/..PK......../.\K................org/develnext/jphp/ext/..PK........gt]K................org/develnext/jphp/ext/javafx/..PK........gt]K............#...org/develnext/jphp/ext/javafx/bind/..PK........gt]K....V.......>...org/develnext/jphp/ext/javafx/bind/BoundsMemoryOperation.class.V[W.U..N..a....B[.Z...h-.....E.h.-.j..$.Hf..$....|...P}.k.e.k..\.33..&..b......g_f.....K.w..a.3.f..).W.0.va._(.R.....).5.......$.Z.#).*V.\U.&..)S*6.|....V..$.S..0.cKAZA..s.-1.......3N.3.IX6_.....bn.h%.p.fa.t-....[e........k....K...U3[3.,;c<p*v......\.),.`8..g.f...|,.8!.......:.w%..m..K./.0..."+%..U...l,!..Vla....1gW-.....ol..f./.Y.....x".(."..^.....i.k'zc.........e.9.@..0hs.4/.\...UW..?.m.X..%..O.s...N..S..{....0.;.f).owu.....yZ...[.h....

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\jphp-json-ext.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                Category:dropped
                                                                                Size (bytes):17135
                                                                                Entropy (8bit):7.7352982443766
                                                                                Encrypted:false
                                                                                SSDEEP:384:fSw3uFslDvQGOoqdoUFKgvXj9jmHo5+FejOcEDffWPvy:KwJlrQGOdoUFKgvTmn6y
                                                                                MD5:FDE38932B12FC063451AF6613D4470CC
                                                                                SHA1:BC08C114681A3AFC05FB8C0470776C3EAE2EEFEB
                                                                                SHA-256:9967EA3C3D1AEE8DB5A723F714FBA38D2FC26D8553435AB0E1D4E123CD211830
                                                                                SHA-512:0F211F81101CED5FFF466F2AAB0E6C807BB18B23BC4928FE664C60653C99FA81B34EDF5835FCC3AFFB34B0DF1FA61C73A621DF41355E4D82131F94FCC0B0E839
                                                                                Malicious:false
                                                                                Preview:PK........K.\K................META-INF/..PK.........rNK................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK..........[K................org/..PK..........[K................org/develnext/..PK..........[K................org/develnext/jphp/..PK........K.\K................org/develnext/jphp/json/..PK........K.\K............ ...org/develnext/jphp/json/classes/..PK........K.\K........5...5...org/develnext/jphp/json/classes/JsonProcessor$1.class..[S.@.....B..E.^.A..\B.C..Uf..":.8!Y.t..$...|.M?./:.....x...C.H3._.....nv......,6...(C"..$.R.c.......*..C.a.a.a.a.a.a.a.a.a.!.eXaXU.5m.?..H.1....i...r..v`.%.wt...Y...#^.t...6.9Ks]N.t..E......O-.......%..M^.G...tFA[.,....../k..{.....U..e.....d..kq.o{f....jf.......o.A..M..P.Om.r\..ns....k1..]._...c.+.;...u.,)R...u...6.!-.Q...h_.C....(,..O..!.M.r...;.... ....io.)^....5*".F!6L[..Fe.J....C..yuO....H............#.uE..}..;.W.\,..5rn=.|&......#<...C..Z..Ok...T..r".L\).]1.a(.J.9..[.$.1E.Y/j?.^:..{4.@S`....%.o...

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\jphp-runtime.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                Category:dropped
                                                                                Size (bytes):1177648
                                                                                Entropy (8bit):7.91949701328009
                                                                                Encrypted:false
                                                                                SSDEEP:24576:cP4MBZrpGi4exQ9qdXVd/F/3yy7mgviLzIM:czHMi4eKCd/BzaLcM
                                                                                MD5:D5EF47C915BEF65A63D364F5CF7CD467
                                                                                SHA1:F711F3846E144DDDBFB31597C0C165BA8ADF8D6B
                                                                                SHA-256:9C287472408857301594F8F7BDA108457F6FDAE6E25C87EC88DBF3012E5A98B6
                                                                                SHA-512:04AEB956BFCD3BD23B540F9AD2D4110BB2FFD25FE899152C4B2E782DAA23A676DF9507078ECF1BFC409DDFBE2858AB4C4C324F431E45D8234E13905EB192BAE8
                                                                                Malicious:false
                                                                                Preview:PK..........\K................META-INF/..PK.........rNK................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK..........[K................php/..PK..........\K................php/runtime/..PK..........\K................php/runtime/annotation/..PK..........\K.~..........0...php/runtime/annotation/Reflection$Abstract.class.PMK.@...W.Xm...b...s..h..%FA<m..l7!....<...Q.[D.P....y..........8h:.u.'.>..4..H.@.WE..b}>..)p...f..e.XQW..H.g..;....O...O..E...Ts6n...b..Knp....?....n.d:!....|O.=.eB,*..#...z......@'yK..'..]~..u.Ieh..9.....J.,#.....S....._&p.vv[@....{.(q-....-F.sUB..6,|A.P.-[.a.....v...PK..........\K.RG=........+...php/runtime/annotation/Reflection$Arg.class.S[SRQ......./].L-%..X.[N..M.8........l.a....C?........p8k}.Z....?~.x...v-.-....W.`X..x...].<..o..JZ.....?...U.....6.W....=.....;P....P$.....:.-a..5.*.J8..N.z........1......m.e}...Z..Y.N...6...N.2..\4.CZS..Q..,..*......*W...i"S5.$...........Qz.r...Cf(. .fo....dZ.lH.M\.q?`.............vh

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\jphp-xml-ext.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                Category:dropped
                                                                                Size (bytes):20151
                                                                                Entropy (8bit):7.765220504812666
                                                                                Encrypted:false
                                                                                SSDEEP:384:dti5BMxSo4LgAAsJilYcmwPbEM0Av7wGkJXbhS1OaVKD6U2:DqoCgqyIMZwRJLQO5eU2
                                                                                MD5:0A79304556A1289AA9E6213F574F3B08
                                                                                SHA1:7EE3BDE3B1777BF65D4F62CE33295556223A26CD
                                                                                SHA-256:434E57FFFC7DF0B725C1D95CABAFDCDB83858CCB3E5E728A74D3CF33A0CA9C79
                                                                                SHA-512:1560703D0C162D73C99CEF9E8DDC050362E45209CC8DEA6A34A49E2B6F99AAE462EAE27BA026BDB29433952B6696896BB96998A0F6AC0A3C1DBBB2F6EBC26A7E
                                                                                Malicious:false
                                                                                Preview:PK.........tVK................META-INF/..PK.........rNK................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........wkVK................org/..PK........wkVK................org/develnext/..PK........wkVK................org/develnext/jphp/..PK........wkVK................org/develnext/jphp/ext/..PK........wkVK................org/develnext/jphp/ext/xml/..PK........wkVK............#...org/develnext/jphp/ext/xml/classes/..PK........wkVKmw.>........@...org/develnext/jphp/ext/xml/classes/WrapDomDocument$Methods.class.R]S.@.=......R...!y!3.}..L...;".5.iS...f..O.....r.l...f$.9{..~.....'.W.q...9...}.NS.U/a...y......e.D".,.%h.pk....|.`BOh.P>..J.|.N...>...C..H...4./....E\.t....M.g..<...|..yC..`...1..k;.l.Vu.u..+.P...ro....N~...g..>..#..X.%...U.........n.fB.C..yw.KQ..;.g}..4..UmW.*E.d...T..P.|....Li..g..2..........8.5.%..Ez..[dw.M.H....pv..I6..p.&A..<gypE......r...i..9.{.@?...?|..Pw.........U.s..h...A....,..cp.K........W,...m..cp...........c<.....cK..;$x.....PK........w

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\jphp-zend-ext.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                Category:dropped
                                                                                Size (bytes):97358
                                                                                Entropy (8bit):7.9345189846943915
                                                                                Encrypted:false
                                                                                SSDEEP:1536:yZwgOueuKZ4THgWvLnhgmmJFgVn+nhEA1ODIrSrUricEDMrV+LAB:yZwgwuKmTDFgmmoVn+mAUhrUicRoAB
                                                                                MD5:4BC2AEA7281E27BC91566377D0ED1897
                                                                                SHA1:D02D897E8A8ACA58E3635C009A16D595A5649D44
                                                                                SHA-256:4AEF566BBF3F0B56769A0C45275EBBF7894E9DDB54430C9DB2874124B7CEA288
                                                                                SHA-512:DA35BB2F67BCA7527DC94E5A99A162180B2701DDCA2C688D9E0BE69876ACA7C48F192D0F03D431CCD2D8EEC55E0E681322B4F15EBA4DB29EF5557316E8E51E10
                                                                                Malicious:false
                                                                                Preview:PK.........tVK................META-INF/..PK.........rNK................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........bkVK................org/..PK........bkVK................org/develnext/..PK........bkVK................org/develnext/jphp/..PK........bkVK................org/develnext/jphp/zend/..PK........ckVK................org/develnext/jphp/zend/ext/..PK........bkVK............!...org/develnext/jphp/zend/ext/json/..PK........bkVK.l.R........4...org/develnext/jphp/zend/ext/json/JsonConstants.class..]o.0......c]...k....!..@..u.4).[mWQ.F,S.Ti:!..K\!q...G!.M.^............;...j.2.8.O..@....dG.....A`...$......A...5..;B[.._.c.B......B`].u...[.J.D.,...f.A=.d..pv.lJ..h...t.s.cX.y...8?...b.g.[..Z.z..<...&..z....j...xiX..s...,...0J.\c..$PQ$..ym.m...x.;&.GwD....u.........".L .:.......~.@....f...tt.$.?..R6.?..I(x&f..pB...'..Ap....c...O.. .h.&q..p........O.~P.e..n..?..p....._a..E".Fi8.dh2...$...h..i..8I}.e.....C..YX....<....._F.*..|E.5.....zW..@.Tx.....+..@..

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\jphp-zip-ext.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                Category:dropped
                                                                                Size (bytes):13213
                                                                                Entropy (8bit):7.627776815487544
                                                                                Encrypted:false
                                                                                SSDEEP:192:yXmigootuYzXKKk6BL8UUJY0eP6nHY2AJ4qxivXRp2gFyjSonqKLRM7RbEZ:Km0WzX7k6eJB06HZYwRzFyj0uRM7RbEZ
                                                                                MD5:20F6F88989E806D23C29686B090F6190
                                                                                SHA1:1FDB9A66BB5CA587C05D3159829A8780BB66C87D
                                                                                SHA-256:9D5F06D539B91E98FD277FC01FD2F9AF6FEA58654E3B91098503B235A83ABB16
                                                                                SHA-512:2798BB1DD0AA121CD766BD5B47D256B1A528E9DB83ED61311FA685F669B7F60898118AE8C69D2A30D746AF362B810B133103CBE426E0293DD2111ACA1B41CCEA
                                                                                Malicious:false
                                                                                Preview:PK........1.\K................META-INF/..PK........1.\K................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........1.\K................org/..PK........1.\K................org/develnext/..PK........1.\K................org/develnext/jphp/..PK........1.\K................org/develnext/jphp/ext/..PK........1.\K................org/develnext/jphp/ext/zip/..PK........1.\K............#...org/develnext/jphp/ext/zip/classes/..PK........1.\K..tp....B...6...org/develnext/jphp/ext/zip/classes/PZipException.class.SMo.@.}...../Z.@.iC(.X.....B....*U.....6[.k.vL......B.:.JPER.ffg.}3+....'.....5k....l.f^k..7.W.n.D.7...P&....84.2i.=....4.b..._.Z...R;<T.9W.....T.ok.E7......d)......cq.2..u...{...:../.D%b...:...R.........I....../TMx7a..b..|.Y..m.u8.~.G/.......P...cO...v.{fu.V...].hV..0...8x.......Qq{.%..,.G..i.FVP....w;h..,"....S..pf.1....Q....2f..'<..#.....6....fD.CBs:...K.B.OD..".?.+..l.>ms...y...;.[........YT8Z..8.5.qP.*..,..h./.-.K.....i..S....{...8Z....wpo...-.X..4p

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\accessibility.properties

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):155
                                                                                Entropy (8bit):4.618267268558291
                                                                                Encrypted:false
                                                                                SSDEEP:3:nSkoZgZLXnuWxVEsTwVAAiuKIn7IRAdSPGGzJ0vwQAnfMaAHCRyvy:nBcAPWEwVAkIiSPhwwpkaAHCIa
                                                                                MD5:9E5E954BC0E625A69A0A430E80DCF724
                                                                                SHA1:C29C1F37A2148B50A343DB1A4AA9EB0512F80749
                                                                                SHA-256:A46372B05CE9F40F5D5A775C90D7AA60687CD91AAA7374C499F0221229BF344E
                                                                                SHA-512:18A8277A872FB9E070A1980EEE3DDD096ED0BBA755DB9B57409983C1D5A860E9CBD3B67E66FF47852FE12324B84D4984E2F13859F65FABE2FF175725898F1B67
                                                                                Malicious:false
                                                                                Preview:#..# Load the Java Access Bridge class into the JVM..#..#assistive_technologies=com.sun.java.accessibility.AccessBridge..#screen_magnifier_present=true....

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\calendars.properties

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):1438
                                                                                Entropy (8bit):5.214662998532387
                                                                                Encrypted:false
                                                                                SSDEEP:24:QVDpdQYHLOVhl86bePCkHUMCLC9TFcgg+DR+Oby:MQ4LOVh2WGfUMCLC9Zcgg2Ru
                                                                                MD5:92BA2D87915E6F7F58D43344DF07E1A6
                                                                                SHA1:872BC54E53377AAC7C7616196BCCE1DB6A3F0477
                                                                                SHA-256:68F0CF30429A42A6FE78B1DE91970E5C78FD03D1599BEB080C1C196D5C59E4C0
                                                                                SHA-512:A964E2CEB4D601FAF28ECF13FB11777B70708C21CF9EA23721E462B6E911051108B8A42EBF6447FA49CB61D7FA2D79475F50EE791F1121616371E2B02FAB71B6
                                                                                Malicious:false
                                                                                Preview:# Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....#..# Japanese imperial calendar..#..# Meiji since 1868-01-01 00:00:00 local time (Gregorian)..# Taisho since 1912-07-30 00:00:00 local time (Gregorian)..# Showa since 1926-12-25 00:00:00 local time (Gregorian)..# Heisei since 1989-01-08 00:00:00 local time (Gregorian)..calendar.japanese.type: LocalGregorianCalendar..calendar.japanese.eras: \...name=Meiji,abbr=M,since=-3218832000000; \...name=Taisho,abbr=T,since=-1812153600000; \...name=Showa,abbr=S,since=-1357603200000; \...name=Heisei,abbr=H,since=600220800000....#..# Taiwanese calendar..# Minguo since 1911-01-01 00:00:00 local time (Gregorian)..calendar.taiwanese.type: LocalGregorianCalendar..calendar.taiwanese.eras: \...name=MinGuo,since=-1830384000000....#..# Thai Buddhist calendar..# Buddhist Era since -5

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\charsets.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Java archive data (JAR)
                                                                                Category:dropped
                                                                                Size (bytes):3091908
                                                                                Entropy (8bit):6.633254981822853
                                                                                Encrypted:false
                                                                                SSDEEP:49152:puZi4j4TQkgaSOHEhjy2twRYEc1sJzlbguMuD:puZiW4smxGocuJlbgq
                                                                                MD5:0B3923ABB0D48FDAE7A2306717967B39
                                                                                SHA1:0882294FFEC2769023AA36FF9CC53562F8E26020
                                                                                SHA-256:E88AEC2A49F07CAC9471D9E4C113FA189600B57245685814D043C20EA8A8B471
                                                                                SHA-512:CF622081B290140CE8419B30FB25442F7204C9A37E1490030A4D656F66C509946F48C50CC7794DA51007EFB202805605FE3C2AC3534D63FBF928EA35CE16A040
                                                                                Malicious:false
                                                                                Preview:PK........s..H................META-INF/....PK........s..H<:S1D...D.......META-INF/MANIFEST.MFManifest-Version: 1.0..Created-By: 1.7.0_07 (Oracle Corporation)....PK...........HUi..............sun/nio/cs/ext/Big5.class.......4."..........t....t............................................................................................................................................................................................................................................................................................................................................................................~.........b2cSBStr...Ljava/lang/String;...ConstantValue...b2cStr...[Ljava/lang/String;...b2c...[[C...b2cSB...[C...b2cInitialized...Z...c2b...c2bIndex...c2bInitialized...<init>...()V...Code...LineNumberTable...historicalName...()Ljava/lang/String;...contains...(Ljava/nio/charset/Charset;)Z...StackMapTable...newDecoder..#()Ljava/nio/charset/CharsetDecoder;...newEncoder..#()Ljava/nio/charset/Ch

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\classlist

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):84355
                                                                                Entropy (8bit):4.927199323446014
                                                                                Encrypted:false
                                                                                SSDEEP:1536:4X/nxfn5rxLyMznYolTzlff5OK3COHoHNG5rb/cxNwmCX1g86K2oWdAqNqc+KMjD:qxn5rxLyMzbf5OK3CJNG51g86A
                                                                                MD5:7FC71A62D85CCF12996680A4080AA44E
                                                                                SHA1:199DCCAA94E9129A3649A09F8667B552803E1D0E
                                                                                SHA-256:01FE24232D0DBEFE339F88C44A3FD3D99FF0E17AE03926CCF90B835332F5F89C
                                                                                SHA-512:B0B9B486223CF79CCF9346AAF5C1CA0F9588247A00C826AA9F3D366B7E2EF905AF4D179787DCB02B32870500FD63899538CF6FAFCDD9B573799B255F658CEB1D
                                                                                Malicious:false
                                                                                Preview:java/lang/Object..java/lang/String..java/io/Serializable..java/lang/Comparable..java/lang/CharSequence..java/lang/Class..java/lang/reflect/GenericDeclaration..java/lang/reflect/AnnotatedElement..java/lang/reflect/Type..java/lang/Cloneable..java/lang/ClassLoader..java/lang/System..java/lang/Throwable..java/lang/Error..java/lang/ThreadDeath..java/lang/Exception..java/lang/RuntimeException..java/lang/SecurityManager..java/security/ProtectionDomain..java/security/AccessControlContext..java/security/SecureClassLoader..java/lang/ClassNotFoundException..java/lang/ReflectiveOperationException..java/lang/NoClassDefFoundError..java/lang/LinkageError..java/lang/ClassCastException..java/lang/ArrayStoreException..java/lang/VirtualMachineError..java/lang/OutOfMemoryError..java/lang/StackOverflowError..java/lang/IllegalMonitorStateException..java/lang/ref/Reference..java/lang/ref/SoftReference..java/lang/ref/WeakReference..java/lang/ref/FinalReference..java/lang/ref/PhantomReference..sun/misc/Cleaner

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\cmm\CIEXYZ.pf

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Sun KCMS color profile 2.0, type KCMS, XYZ/XYZ-spac device, 51236 bytes, 2-12-1997 18:50:04, dependently, PCS X=0xf6b3 Z=0xd2f8 "XYZ to XYZ Identity Profile"
                                                                                Category:dropped
                                                                                Size (bytes):51236
                                                                                Entropy (8bit):7.226972359973779
                                                                                Encrypted:false
                                                                                SSDEEP:1536:2Qnt0y7xFNksbeCqY39JJ8GmaNo68GmaNo68GmaNoW:JOy7xXjtqYNfHxNo6HxNo6HxNoW
                                                                                MD5:10F23396E21454E6BDFB0DB2D124DB85
                                                                                SHA1:B7779924C70554647B87C2A86159CA7781E929F8
                                                                                SHA-256:207D748A76C10E5FA10EC7D0494E31AB72F2BACAB591371F2E9653961321FE9C
                                                                                SHA-512:F5C5F9FC3C4A940D684297493902FD46F6AA5248D2B74914CA5A688F0BAD682831F6060E2264326D2ECB1F3544831EB1FA029499D1500EA4BFE3B97567FE8444
                                                                                Malicious:false
                                                                                Preview:...$KCMS....spacXYZ XYZ .........2..acspSUNW....KODA.ODA............................................................................A2B0.......4B2A0.......4cprt.......Gwtpt...T....desc...h....K070........K071........mft2................................................................................................................ !!""##$$%%&&''(())**++,,--..//00112233445566778899::;;<<==>>??@@AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ[[\\]]^^__``aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~.................................................................................................................................................................................................................................................................................................................................. !!""##$$%%&&''(())**++,,--..//00112233445566778899::;;<<==>>??@@AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ[[\\]]^^__``aabbccddeeffgghhiijjkkllmm

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\cmm\GRAY.pf

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Sun KCMS color profile 2.0, type KCMS, GRAY/XYZ-mntr device, KODA/GRAY model, 632 bytes, 27-7-95 17:30:15, embedded, relative colorimetric, PCS Z=0xd32b "KODAK Grayscale Conversion - Gamma 1.0"
                                                                                Category:dropped
                                                                                Size (bytes):632
                                                                                Entropy (8bit):3.7843698642539243
                                                                                Encrypted:false
                                                                                SSDEEP:12:51AP3fJgXQ531yqQac/lkgz42WlHlYujlOl9Fhl:vA2XQCqpUlkgzulHiXl3hl
                                                                                MD5:1002F18FC4916F83E0FC7E33DCC1FA09
                                                                                SHA1:27F93961D66B8230D0CDB8B166BC8B4153D5BC2D
                                                                                SHA-256:081CAAC386D968ADD4C2D722776E259380DCF78A306E14CC790B040AB876D424
                                                                                SHA-512:334D932D395B46DFC619576B391F2ADC2617E345AFF032B592C25E333E853735DA8B286EF7542EB19059CDE8215CDCEA147A3419ED56BDD6006CA9918D0618E1
                                                                                Malicious:false
                                                                                Preview:...xKCMS....mntrGRAYXYZ ._..........acspSUNW....KODAGRAY.......................+....................................................cprt.......?desc........dmnd.......`wtpt........kTRC........dmdd.......dtext....COPYRIGHT (c) 1997 Eastman Kodak, All rights reserved...desc.......'KODAK Grayscale Conversion - Gamma 1.0..................@...............~.......................~.......~..............desc........KODAK..................@..................................................,...,....XYZ ...............+curv............desc........Grayscale..................@..................................................,...,....

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\cmm\LINEAR_RGB.pf

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:color profile 2.0, type KCMS, RGB/XYZ-mntr device by KODK, 1044 bytes, 2-2-1998, PCS Z=0xd32c "linear sRGB"
                                                                                Category:dropped
                                                                                Size (bytes):1044
                                                                                Entropy (8bit):6.510788634170065
                                                                                Encrypted:false
                                                                                SSDEEP:6:zwuau/7De0/q98EAsBIMD/WvaKIV4R0/lCAEdD0WlV9AEdwKKt/n3knR3lfR/NHD:zw7ePB/rEAsBIkVuUlAYKu/nUnKw
                                                                                MD5:A387B65159C9887265BABDEF9CA8DAE5
                                                                                SHA1:7913274C2F73BAFCF888F09FF60990B100214EDE
                                                                                SHA-256:712036AA1951427D42E3E190E714F420CA8C2DD97EF01FCD0675EE54B920DB46
                                                                                SHA-512:359D9B57215855F6794E47026C06036B93710998205D0817C6E602B2A24DAEB92537C388F129407461FC60180198F02A236AEB349A17430ED7AC85A1E5F71350
                                                                                Malicious:false
                                                                                Preview:....KCMS....mntrRGB XYZ ............acsp........KODK...........................,KODK................................................cprt.......Hdesc...8....rXYZ........gXYZ........bXYZ........rTRC........gTRC........bTRC........wtpt........text....Copyright (c) Eastman Kodak Company, 1998, all rights reserved..desc........linear sRGB............l.i.n.e.a.r. .s.R.G.B.....linear sRGB........................................................XYZ ......m...6.....XYZ ......e........!XYZ ......#B...^...Kcurv........................................................................ !!""##$$%%&&''(())**++,,--..//00112233445566778899::;;<<==>>??@@AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ[[\\]]^^__``aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~..........................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\cmm\PYCC.pf

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Sun KCMS color profile 2.0, type KCMS, 3CLR/Lab-spac device, 274474 bytes, 6-11-1996 7:50:04, PCS X=0xf6b3 Z=0xd2f8 "Std Photo YCC Print"
                                                                                Category:dropped
                                                                                Size (bytes):274474
                                                                                Entropy (8bit):7.843290819622709
                                                                                Encrypted:false
                                                                                SSDEEP:6144:nJleRNRyAnAqNaADEJHeeeeevoAuaiqwV6sg0pUjRVgYgI:nJleRNRpN0j3qhjRC9I
                                                                                MD5:24B9DEE2469F9CC8EC39D5BDB3901500
                                                                                SHA1:4F7EED05B8F0EEA7BCDC8F8F7AAEB1925CE7B144
                                                                                SHA-256:48122294B5C08C69B7FE1DB28904969DCB6EDC9AA5076E3F8768BF48B76204D0
                                                                                SHA-512:D23CE2623DE400216D249602486F21F66398B75196E80E447143D058A07438919A78AE0ED2DDF8E80D20BD70A635D51C9FB300E9F08A4751E00CD21883B88693
                                                                                Malicious:false
                                                                                Preview:..0*KCMS....spac3CLRLab .........2..acspSUNW....KODAnone............................................................................A2B0... ...4B2A0...T..f4cprt..-....Gdmnd..-....ndmdd...@...zwtpt........desc.......nK013../@....K019../L....K030../.....K031..0.....K070..0.....K071..0 ....mft2.....................................................K.S.8.....l.....0...3.........U.. .!h".$.%\&.'.)5*y+.,..5/o0.1.3.4E5v6.7.8.:*;S<z=.>.?.A.B,CLDkE.F.G.H.I.K.L!M7NLO`PsQ.R.S.T.U.V.W.X.Y.[.\.].^._%`,a2b8c=dAeEfHgJhLiMjMkMlLmKnIoFpCq@r;s7t1u,v%w.x.y.z.z.{.|.}.~...............p.b.S.C.3.#..............~.j.U.@.+.............t.\.C.*...........r.W.;...........p.R.3..........w.V.6.........l.J.'........v.R.-.......t.N.(.......f.?........v.N.%........U.+.......U.*......z.N."......n.@.......Z.+......o.@.........P. .......\.+.......d.1...........................z.p.f.[.Q.G.=.3.). ........................ .!.".#.$.%.&{'s(k)d*]+U,N-G.@/9021,2%3.4.5.6.7.8.8.9.:.;.<.=.>.?.@.A.B.C.D.E.F.

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\cmm\sRGB.pf

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Microsoft color profile 2.1, type Lino, RGB/XYZ-mntr device, IEC/sRGB model by HP, 3144 bytes, 9-2-1998 6:49:00 "sRGB IEC61966-2.1"
                                                                                Category:dropped
                                                                                Size (bytes):3144
                                                                                Entropy (8bit):7.026867070945169
                                                                                Encrypted:false
                                                                                SSDEEP:48:+FflsXlf/lulel4wlwx+6MjnNsvIYWiR5QkyTJbZPHXZ9u6gbVwyKzJgWjU:aN26MT0D5MdtbZPAVwzV0
                                                                                MD5:1D3FDA2EDB4A89AB60A23C5F7C7D81DD
                                                                                SHA1:9EAEA0911D89D63E39E95F2E2116EAEC7E0BB91E
                                                                                SHA-256:2B3AA1645779A9E634744FAF9B01E9102B0C9B88FD6DECED7934DF86B949AF7E
                                                                                SHA-512:16AAE81ACF757036634B40FB8B638D3EBA89A0906C7F95BD915BC3579E3BE38C7549EE4CD3F344EF0A17834FF041F875B9370230042D20B377C562952C47509B
                                                                                Malicious:false
                                                                                Preview:...HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................view.........._.....

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\content-types.properties

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):5824
                                                                                Entropy (8bit):5.074440246603207
                                                                                Encrypted:false
                                                                                SSDEEP:96:6M5VfH+uEMmPDkZeujdJfZUB8BB/+PhPXsOQ71GAXf5lZuU1EbWF7Ycx/AQ12a8T:6M6p4ZeWd1ZUB8BBGPhPXsOQ71GAXBly
                                                                                MD5:95AE170D90764B3F5E68C72E8C518DDC
                                                                                SHA1:1939B699D16A5DB3E3F905466222099D7C29285A
                                                                                SHA-256:A2B31E9CBCEAB296A5E1CF056EFD953CED23B888CD929B0BBE6EB6B53D2BF861
                                                                                SHA-512:87E970BEAC8141C757D622FC8B6D84FE173EA4B134AFD8E2F979714C1110C3D92F3CE5F2B9DC74804DD37D13AB2A0EDF0FCA242F61CF8ED065AE81B7331F8816
                                                                                Malicious:false
                                                                                Preview:#sun.net.www MIME content-types table..#..# Property fields:..#..# <description> ::= 'description' '=' <descriptive string>..# <extensions> ::= 'file_extensions' '=' <comma-delimited list, include '.'>..# <image> ::= 'icon' '=' <filename of icon image>..# <action> ::= 'browser' | 'application' | 'save' | 'unknown'..# <application> ::= 'application' '=' <command line template>..#....#..# The "we don't know anything about this data" type(s)...# Used internally to mark unrecognized types...#..content/unknown: description=Unknown Content..unknown/unknown: description=Unknown Data Type....#..# The template we should use for temporary files when launching an application..# to view a document of given type...#..temp.file.template: c:\\temp\\%s....#..# The "real" types...#..application/octet-stream: \...description=Generic Binary Stream;\...file_extensions=.saveme,.dump,.hqx,.arc,.obj,.lib,.bin,.exe,.zip,.gz....application/oda: \...description=ODA Document;\...file_extens

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\currency.data

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):4122
                                                                                Entropy (8bit):3.2585384283455134
                                                                                Encrypted:false
                                                                                SSDEEP:48:BlWxFFGFSupi94blATFxjGph5vLC6/w37ZXQTbVm/eVzOBJ:BlWJEi94blAT+ph5vLkApmGqr
                                                                                MD5:F6258230B51220609A60AA6BA70D68F3
                                                                                SHA1:B5B95DD1DDCD3A433DB14976E3B7F92664043536
                                                                                SHA-256:22458853DA2415F7775652A7F57BB6665F83A9AE9FB8BD3CF05E29AAC24C8441
                                                                                SHA-512:B2DFCFDEBF9596F2BB05F021A24335F1EB2A094DCA02B2D7DD1B7C871D5EECDA7D50DA7943B9F85EDB5E92D9BE6B6ADFD24673CE816DF3960E4D68C7F894563F
                                                                                Malicious:false
                                                                                Preview:CurD..........................@C..,M...................... K...C..PF..4@...........R...........C......TF...........M..DL...C.......S..........<M...c...................C...C...A..........hK...C...M.......... O......8...PC...C..........@E...............E..............`.......pX...O...........B...C.......O...D..............,J..........................................@J..............XO..........................................0C...........................O...........................................M.......A...............................................................C...O...................................................................O..........TK...........R...O..............8C...........................P.................. C..............................................`C..........PK...............J......0F..pE...................................Q...............................R.......Q...........c...Q...................................................................................C

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\deploy.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Java archive data (JAR)
                                                                                Category:dropped
                                                                                Size (bytes):2282861
                                                                                Entropy (8bit):7.951223313727943
                                                                                Encrypted:false
                                                                                SSDEEP:49152:ABSxAmHHJwEu4l3Dyz7oQHeNHJJ2aAvfZc:ABEtHHaEuI3Dy3oQH2pFAvW
                                                                                MD5:2388C4C8D5F95E0379A8997C7C2492F4
                                                                                SHA1:906BF87EB1D8881ABADBF93A3C4BBA7887CA2A01
                                                                                SHA-256:A1FD508EACF76645EB0885B243B5DD14239F1E039E8B53ED038226DF91A30539
                                                                                SHA-512:2CCE11A5F97DF842964B55408FCF1EC84C0CD561E664ABA3A51275EAFE59D7C920FCFD954C527DA4D53ACB191200CC64BF8150A33BCB9B038F36ADB2CC69B1A1
                                                                                Malicious:false
                                                                                Preview:PK...........H................META-INF/....PK...........H...7Z...e.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%...y...R.KRSt.*...L....u....4....sR......K..5y.x..PK...........H................com/PK...........H................com/oracle/PK...........H................com/oracle/deploy/PK...........H................com/oracle/deploy/update/PK...........H................com/sun/PK...........H................com/sun/applet2/PK...........H................com/sun/applet2/preloader/PK...........H............ ...com/sun/applet2/preloader/event/PK...........H................com/sun/deploy/PK...........H................com/sun/deploy/appcontext/PK...........H................com/sun/deploy/association/PK...........H............#...com/sun/deploy/association/utility/PK...........H................com/sun/deploy/cache/PK...........H................com/sun/deploy/config/PK...........H................com/sun/deploy/jardiff/PK...........H................com/sun/deploy/model/PK.....

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\deploy\ffjcext.zip

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                Category:dropped
                                                                                Size (bytes):14156
                                                                                Entropy (8bit):5.649187440261259
                                                                                Encrypted:false
                                                                                SSDEEP:48:E84SHTDIbZI+R9ufdITe3MPu20DguN9P5YOinvYrJJ0JKP/U8HtK8NJO8lJi8VJb:kld6uQZ9P5dTC7IjZUkPmpaemFqKs8n
                                                                                MD5:91052ADB799AEF68EA76931997C40CE4
                                                                                SHA1:19255B8E335C22A171C26148099191708C99EE7A
                                                                                SHA-256:61D1382375238F90E2E4EE2AF985D978F1409E01B38080E710DF4ACB2897E63B
                                                                                SHA-512:39BAA49A1CEF533E5D3FFF1A86BC72CB346A6BF1928A9D8B505EBA09A4AB1506400234DE78BDFD925821F0A690B8887BD004A18CC64337DEB666CC2509DEE5DA
                                                                                Malicious:false
                                                                                Preview:PK........$..H............'...{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/UT....GjW.GjWux.............PK........#..H................{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/UT....GjW.GjWux.............PK........#..H............6...{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/content/UT....GjW.GjWux.............PK........#..H............>...{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/content/ffjcext/UT....GjW.GjWux.............PK........#..H...V........H...{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/content/ffjcext/ffjcext.jsUT....GjW.GjWux.............const gJavaConsole1_8_0_101 = {...id.: "javaconsole1.8.0_101",...mimeType: "application/x-java-applet;jpi-version=1.8.0_101",...install.: function() {...window.addEventListener("load",this.init,false);..},...init.: function() { ...if (navigator.mimeTypes[gJavaConsole1_8_0_101.mimeType]) {....var toolsPopup = document.getElementById("menu_ToolsPopup");.....toolsPopup.addEventListener("popupshowing",gJavaConsole1_8_0_101.enable,false)

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\deploy\messages.properties

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):2917
                                                                                Entropy (8bit):4.838706790124659
                                                                                Encrypted:false
                                                                                SSDEEP:48:KaDMJ9TmsHDmDDCDP2un8YzgKe1E13Tstub22tTeF/Qi/WRtAXikTzgaENZzT3JI:KaD+9TmAe29vBotubbt2Oz+ENlbJI
                                                                                MD5:2EB9117D147BAA0578E4000DA9B29E12
                                                                                SHA1:3D297ECF3D280D4AA3D1423E885994495243F326
                                                                                SHA-256:B8D9C69FF7F4832A9B365D4A43CF66DFF9847051752B13EEDF024CAA9C1EF46B
                                                                                SHA-512:C3F7730767941B3C8F6F53D4686E9F898D1907D978F6D1FA35BA02C3FCD8306335406A5F9ABAA844F27F7AFD9E548810BECB9EC3E6B84888EA5EAC57B6ED6FDB
                                                                                Malicious:false
                                                                                Preview:#..# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=internal error, unknown message..error.badinst.nojre=Bad installation. No JRE found in configuration file..error.launch.execv=Error encountered while invoking Java Web Start (execv)..error.launch.sysexec=Error encountered while invoking Java Web Start (SysExec) ..error.listener.failed=Splash: sysCreateListenerSocket failed..error.accept.failed=Splash: accept failed..error.recv.failed=Splash: recv failed..error.invalid.port=Splash: didn't revive a valid port..error.read=Read past end of buffer..error.xmlparsing=XML Parsing error: wrong kind of token found..error.splash.exit=Java Web Start splash screen process exiting .....\n..# "Last WinSock Error" means the error message for the last operation that failed...error.winsock=\tLast WinSock Error: ..error.winsock.load=Couldn't load winsock.dll..error.winsock.start

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\deploy\messages_de.properties

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with very long lines (1345), with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):3338
                                                                                Entropy (8bit):4.919780187496773
                                                                                Encrypted:false
                                                                                SSDEEP:48:WvaqyL1nlrDtzh5+VN9JrnjXyv6jq/YgKe1h/KZkCUdr5pAvA1t2CPTOsdIamy:txrj5Snk6+wuir25pAvAv2ITOsd9
                                                                                MD5:FF9CFEE1ACFCD927253A6E35673F1BB7
                                                                                SHA1:957E6609A1AF6D06A45A6F7B278BE7625807B909
                                                                                SHA-256:E130FBD5FA378A380F46F42981F2C97BC152059C27120204AB4DA47079D31513
                                                                                SHA-512:F42601092436D7AF30CCD81126185232D9D643B195D3D4619AEC451E3E2A60E33E6378E770DD1A4CDF7AB20CB749371665A992CA73D2842A7102F3FB34B6B9EB
                                                                                Malicious:false
                                                                                Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=interner Fehler, unbekannte Meldung..error.badinst.nojre=Ung\u00FCltige Installation. Keine JRE in Konfigurationsdatei gefunden..error.launch.execv=Fehler beim Aufrufen von Java Web Start (execv) aufgetreten..error.launch.sysexec=Fehler beim Aufrufen von Java Web Start (SysExec) aufgetreten..error.listener.failed=Startbildschirm: sysCreateListenerSocket nicht erfolgreich..error.accept.failed=Startbildschirm: accept nicht erfolgreich..error.recv.failed=Startbildschirm: recv nicht erfolgreich..error.invalid.port=Startbildschirm: Reaktivierung eines g\u00FCltigen Ports nicht m\u00F6glich..error.read=\u00DCber Pufferende hinaus gelesen..error.xmlparsing=XML-Parsefehler: Falscher Tokentyp gefunden..error.splash.exit=Prozess f\u00FCr Startbildschirm von Java Web Start wird beendet.....\n..# "Last WinSock Error" mean

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\deploy\messages_es.properties

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with very long lines (1475), with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):3632
                                                                                Entropy (8bit):4.776451902180833
                                                                                Encrypted:false
                                                                                SSDEEP:96:KHelXJn5woLUosi30hrleaRSfvlBY0CQ1Z:KHelNTAxFtlE/71Z
                                                                                MD5:72BDAE07C5D619E5849A97ACC6A1090F
                                                                                SHA1:9FC8A7A29658AC23A30AB9D655117BB79D08DC3B
                                                                                SHA-256:821A3452ECB9F29BCEC16C0B39FB668C2CC30C7F7283B34BFC5400040723892B
                                                                                SHA-512:67F0D1D60012B5598864B68612AA488AF1B5876FF5F347CD98ABCF1E3C0D267CF0354D5085BF12B0A09C6EF124FD0117CD16FCC032DA2B195D45BAB19740BB78
                                                                                Malicious:false
                                                                                Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=Error interno, mensaje desconocido..error.badinst.nojre=Instalaci\u00F3n incorrecta. No se ha encontrado JRE en el archivo de configuraci\u00F3n..error.launch.execv=Se ha encontrado un error al llamar a Java Web Start (execv)..error.launch.sysexec=Se ha encontrado un error al llamar a Java Web Start (SysExec) ..error.listener.failed=Pantalla de Presentaci\u00F3n: fallo de sysCreateListenerSocket..error.accept.failed=Pantalla de Presentaci\u00F3n: fallo de accept..error.recv.failed=Pantalla de Presentaci\u00F3n: fallo de recv..error.invalid.port=Pantalla de Presentaci\u00F3n: no se ha activado un puerto v\u00E1lido..error.read=Lectura m\u00E1s all\u00E1 del final del buffer..error.xmlparsing=Error de an\u00E1lisis de XML: se ha encontrado un tipo de token no v\u00E1lido..error.splash.exit=Saliendo del proceso d

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\deploy\messages_fr.properties

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with very long lines (1575), with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):3441
                                                                                Entropy (8bit):4.832330268062187
                                                                                Encrypted:false
                                                                                SSDEEP:48:KE2CXpRLJDNXQC6tNaEGBlu9hUv5//zEvDiwkISAyHgKe1p6KF/uoYuh1LNRtS0f:KERXlp6tN1VHq1Kt1S4x8Xi
                                                                                MD5:FFE3CC16616314296C3262B0A0E093CD
                                                                                SHA1:198DD1C6E6707C10AE74A1C42E8A91C429598F3B
                                                                                SHA-256:3941736BEF6A8E53D002B6B67ECE4793C2F3F34BCC1ECB271684EB3F73FC4103
                                                                                SHA-512:CD3A9329F405CA14E11CDBB74D467B31A31530CBF00537B16FB23AEBC6C07EB268E9624FDBC997AA0CF4852DAC288E1D011E2FC392D71E25DBDF52E359BA9D4E
                                                                                Malicious:false
                                                                                Preview:#..# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=erreur interne, message inconnu..error.badinst.nojre=Installation incorrecte. JRE introuvable dans le fichier de configuration..error.launch.execv=Erreur lors de l'appel de Java Web Start (execv)..error.launch.sysexec=Erreur lors de l'appel de Java Web Start (SysExec) ..error.listener.failed=Accueil : \u00E9chec de sysCreateListenerSocket..error.accept.failed=Accueil : \u00E9chec d'accept..error.recv.failed=Accueil : \u00E9chec de recv..error.invalid.port=Accueil : impossible de r\u00E9activer un port valide..error.read=Lecture apr\u00E8s la fin de tampon..error.xmlparsing=Erreur d'analyse XML : type incorrect de jeton..error.splash.exit=Le processus d'affichage de l'\u00E9cran d'accueil de Java Web Start est en cours de fermeture...\n..# "Last WinSock Error" means the error message for the last operation that

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\deploy\messages_it.properties

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with very long lines (1392), with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):3255
                                                                                Entropy (8bit):4.7050139579578145
                                                                                Encrypted:false
                                                                                SSDEEP:48:KTi+qOaVUVVMsD/B0FN5+eADELDHxhdpHgKe1uo265eLaqMQ6URhmwgFs+ur60:KJBa2VtzeDLDRhd5A26+7RhZgR0
                                                                                MD5:BF5E5310B2DCF8E8B3697B358AD4446D
                                                                                SHA1:C746AC1F46F607FA8F971BEA2B6853746A4FB28D
                                                                                SHA-256:CC9AD73957535011EE2376C23DE2C2597F877ACEBA9173E822EE79AAD3C4E9E6
                                                                                SHA-512:B6C61D38B0ACC427B9B2F4C19DABD7EACBE8EEA6B973FD31B3555C4C5B3FFAF1CA036B730359346F57223B44CCE79E04A6D06BBC13C6F7DD26ED463776BB6DCC
                                                                                Malicious:false
                                                                                Preview:#..# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=errore interno, messaggio sconosciuto..error.badinst.nojre=Installazione errata. Impossibile trovare il JRE nel file di configurazione..error.launch.execv=Errore durante la chiamata di Java Web Start (execv)..error.launch.sysexec=Errore durante la chiamata di Java Web Start (SysExec) ..error.listener.failed=Apertura: sysCreateListenerSocket non riuscito..error.accept.failed=Apertura: accept non riuscito..error.recv.failed=Apertura: recv non riuscito..error.invalid.port=Apertura: impossibile identificare una porta valida..error.read=Tentativo di lettura dopo la fine del buffer..error.xmlparsing=Errore durante l'analisi XML: trovato un tipo di token errato..error.splash.exit=Uscita dal processo di schermata iniziale di Java Web Start in corso...\n..# "Last WinSock Error" means the error message for the last oper

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\deploy\messages_ja.properties

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with very long lines (2924), with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):6381
                                                                                Entropy (8bit):4.5983590678211135
                                                                                Encrypted:false
                                                                                SSDEEP:96:Mu7cepcgD8do+O2D+k8/RJFGQcHGqo72hzEflA44CAmIbIC3j5pN/o8woJe:PctgYqhTYzG2O
                                                                                MD5:D830FC76BDD1975010ECE4C5369DADF8
                                                                                SHA1:D8CC3F54325142EFA740026E2BC623AFE6F3ACB5
                                                                                SHA-256:11E886336BA51A9044AB1A87C60CEEE34C29BB724E06A16968D31531A7001064
                                                                                SHA-512:7B867A50A811FBD7FFDAD0B729CA4501E16386EE5C4940A4CF9A805767CC0D10F7E3BDFD6A60204D79292D778D93E3BD915368AC0E9453BBB1010ADFD9655F0F
                                                                                Malicious:false
                                                                                Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\u5185\u90E8\u30A8\u30E9\u30FC\u3001\u4E0D\u660E\u306A\u30E1\u30C3\u30BB\u30FC\u30B8..error.badinst.nojre=\u30A4\u30F3\u30B9\u30C8\u30FC\u30EB\u304C\u6B63\u3057\u304F\u3042\u308A\u307E\u305B\u3093\u3002\u69CB\u6210\u30D5\u30A1\u30A4\u30EB\u5185\u306BJRE\u304C\u3042\u308A\u307E\u305B\u3093..error.launch.execv=Java Web Start\u306E\u547C\u51FA\u3057\u4E2D\u306B\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F(execv)..error.launch.sysexec=Java Web Start\u306E\u547C\u51FA\u3057\u4E2D\u306B\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F(SysExec) ..error.listener.failed=\u30B9\u30D7\u30E9\u30C3\u30B7\u30E5: sysCreateListenerSocket\u306B\u5931\u6557\u3057\u307E\u3057\u305F..error.accept.failed=\u30B9\u30D7\u30E9\u30C3\u30B7\u30E5: accept\u306B\u5931\u6557\u3057\u307E\u3057\u305F..error.recv.fai

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\deploy\messages_ko.properties

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with very long lines (2601), with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):5744
                                                                                Entropy (8bit):4.781504394194986
                                                                                Encrypted:false
                                                                                SSDEEP:96:GhymCk3kjLqgz9RkfrsEW/p9M32i0HkZr+ywc8b8+/moD7yct070DL70Dm:Dm5kLfIErMbT/44in
                                                                                MD5:64DE22212EE92F29BCA3ACED72737254
                                                                                SHA1:C4DBC247043578CCF9CD8DAB652D096703D5B26E
                                                                                SHA-256:292696C94D5FD0BF2FF4AF9E4D363BFCBE888D2E65BD18A20CF71081FB1C9B0D
                                                                                SHA-512:CA33C75B66D8B5316B1C3ED41A9A14DD8611A3BB9B26EFDC7F468250696D515CF1E966831975C9ABDC33E9A1C59167FE79BA547592D2A04997E1342433E7B628
                                                                                Malicious:false
                                                                                Preview:#..# Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\uB0B4\uBD80 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4. \uC54C \uC218 \uC5C6\uB294 \uBA54\uC2DC\uC9C0\uC785\uB2C8\uB2E4...error.badinst.nojre=\uC124\uCE58\uAC00 \uC798\uBABB\uB418\uC5C8\uC2B5\uB2C8\uB2E4. \uAD6C\uC131 \uD30C\uC77C\uC5D0\uC11C JRE\uB97C \uCC3E\uC744 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4...error.launch.execv=Java Web Start(execv)\uB97C \uD638\uCD9C\uD558\uB294 \uC911 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4...error.launch.sysexec=Java Web Start(SysExec)\uB97C \uD638\uCD9C\uD558\uB294 \uC911 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4. ..error.listener.failed=\uC2A4\uD50C\uB798\uC2DC: sysCreateListenerSocket\uC744 \uC2E4\uD328\uD588\uC2B5\uB2C8\uB2E4...error.accept.failed=\uC2A4\uD50C\uB798\uC2DC: \uC2B9\uC778\uC744 \uC2E4\uD328\uD588\uC2B5\uB2C8\uB2E4...error.r

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\deploy\messages_pt_BR.properties

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with very long lines (1319), with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):3317
                                                                                Entropy (8bit):4.869662880084367
                                                                                Encrypted:false
                                                                                SSDEEP:48:3c6BeKTDcUsLYg9tStwmx+supWBxKy0HgKe1u6K0NCMc6MTNTjtA7NZdlw7ZHAW:3c6fbEf1mxPuUBxKy4va+mZdlw7Z7
                                                                                MD5:4078691AB22C4F0664856BE0C024A52F
                                                                                SHA1:6247FC05DE429F65DC4E1356C4715DC51F43B98F
                                                                                SHA-256:6869B27B12B99C9D169B3E018284BE0F7631DBDF2DDD5F4EA5B1A458736FDFDF
                                                                                SHA-512:BB02765F69E23C732C790EB994800C83BB8EFE7FF8CE0BCDC475EC5A29CEF5A33A5513AB1A7DC9F0F066B807A0980C41EC0037710873A32BD2952DBED79D24CA
                                                                                Malicious:false
                                                                                Preview:#..# Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=erro interno, mensagem desconhecida..error.badinst.nojre=Instala\u00E7\u00E3o incorreta. Nenhum JRE encontrado no arquivo de configura\u00E7\u00E3o..error.launch.execv=Erro encontrado ao chamar Java Web Start (execv)..error.launch.sysexec=Erro encontrado ao chamar Java Web Start (SysExec) ..error.listener.failed=Tela Inicial: falha em sysCreateListenerSocket..error.accept.failed=Tela Inicial: falha na fun\u00E7\u00E3o accept..error.recv.failed=Tela Inicial: falha na fun\u00E7\u00E3o recv..error.invalid.port=Tela Inicial: n\u00E3o reativou uma porta v\u00E1lida..error.read=Ler ap\u00F3s o final do buffer..error.xmlparsing=Erro durante o parsing de XML: tipo incorreto de token encontrado..error.splash.exit=Saindo do processamento da tela inicial do Java Web .....\n..# "Last WinSock Error" means the error message

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\deploy\messages_sv.properties

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with very long lines (1386), with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):3441
                                                                                Entropy (8bit):4.927824210480987
                                                                                Encrypted:false
                                                                                SSDEEP:96:KYD1QNsQZ/lmo8ZuLgdBGpv3JRJ/7coh91XlK7Q/vm2QAfO:9D1+sCmapce1KGm2QIO
                                                                                MD5:81BBDEA4DC9803A6EB78CE7D5CA018ED
                                                                                SHA1:9AAF012276AD89CE7273CF5F0BE4C95B72D906AB
                                                                                SHA-256:565B8FF1F31784378884D9D7468FFDFDDA5B001ACB5BB393A5006AC19BE4E67A
                                                                                SHA-512:310017DD27C91C492188737494DA04CAB241D0BF4E91326AFB4A3F98CBFF78A6C0BBC14EC7E883597E9D506FAA80BA4E9A25B5F46BFD2543850323061E829A84
                                                                                Malicious:false
                                                                                Preview:#..# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=internt fel, ok\u00E4nt meddelande..error.badinst.nojre=Felaktig installation. Ingen JRE har hittats i konfigurationsfilen..error.launch.execv=Ett fel intr\u00E4ffade under starten av Java Web Start (execv)..error.launch.sysexec=Ett fel intr\u00E4ffade under starten av Java Web Start (SysExec) ..error.listener.failed=V\u00E4lkomstsk\u00E4rm: sysCreateListenerSocket utf\u00F6rdes inte..error.accept.failed=V\u00E4lkomstsk\u00E4rm: kunde inte accepteras..error.recv.failed=V\u00E4lkomstsk\u00E4rm: kunde inte mottaga..error.invalid.port=V\u00E4lkomstsk\u00E4rm: \u00E5terskapade inte en giltig port..error.read=L\u00E4ste f\u00F6rbi slutet av bufferten..error.xmlparsing=XML-tolkningsfel: fel typ av igenk\u00E4nningstecken hittades..error.splash.exit=Java Web Start - v\u00E4lkomstsk\u00E4rmen avslutas .....\n..# "Last

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\deploy\messages_zh_CN.properties

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with very long lines (1857), with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):4104
                                                                                Entropy (8bit):5.04197285715923
                                                                                Encrypted:false
                                                                                SSDEEP:96:Me7R8zl0Zf4z3X4Gv2hEpeStEKADydYL1WfK0eSm91j7:1R8pOfWHJvOJT1WPtK1j7
                                                                                MD5:823D1F655440C3912DD1F965A23363FC
                                                                                SHA1:50B941A38B9C5F565F893E1E0824F7619F51185C
                                                                                SHA-256:86663DED105B77261C0556468A93BC8666A094B918299A61AF0A8E30F42019C7
                                                                                SHA-512:1EBF989D2121CF05FFC912B9B228C4D4523763EB1A689EC74568D811C88DCF11032FFC8007BB24DAF7D079B580662B77D94B4B8D71A2E891EF27979FF32CD727
                                                                                Malicious:false
                                                                                Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\u5185\u90E8\u9519\u8BEF, \u672A\u77E5\u6D88\u606F..error.badinst.nojre=\u9519\u8BEF\u5B89\u88C5\u3002\u914D\u7F6E\u6587\u4EF6\u4E2D\u627E\u4E0D\u5230 JRE..error.launch.execv=\u8C03\u7528 Java Web Start (execv) \u65F6\u9047\u5230\u9519\u8BEF..error.launch.sysexec=\u8C03\u7528 Java Web Start (SysExec) \u65F6\u9047\u5230\u9519\u8BEF..error.listener.failed=\u542F\u52A8\u5C4F\u5E55: sysCreateListenerSocket \u5931\u8D25..error.accept.failed=\u542F\u52A8\u5C4F\u5E55: \u63A5\u53D7\u5931\u8D25..error.recv.failed=\u542F\u52A8\u5C4F\u5E55: recv \u5931\u8D25..error.invalid.port=\u542F\u52A8\u5C4F\u5E55: \u672A\u6062\u590D\u6709\u6548\u7AEF\u53E3..error.read=\u8BFB\u53D6\u8D85\u51FA\u7F13\u51B2\u533A\u7ED3\u5C3E..error.xmlparsing=XML \u89E3\u6790\u9519\u8BEF: \u53D1\u73B0\u9519\u8BEF\u7684\u6807\u8BB0\u7C7B\u578B..error.s

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\deploy\messages_zh_HK.properties

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with very long lines (1729), with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):3784
                                                                                Entropy (8bit):5.17620120701776
                                                                                Encrypted:false
                                                                                SSDEEP:96:wMWzQq8x9i7zO/JOFtUtQzy+gawZFomWdYQCfQ/ydQCyA:LWzQqms7S/JDtQcJoHWQaQ/6QCH
                                                                                MD5:4287D97616F708E0A258BE0141504BEB
                                                                                SHA1:5D2110CABBBC0F83A89AEC60A6B37F5F5AD3163E
                                                                                SHA-256:479DC754BD7BFF2C9C35D2E308B138EEF2A1A94CF4F0FC6CCD529DF02C877DC7
                                                                                SHA-512:F273F8D501C5D29422257733624B5193234635BD24B444874E38D8D823D728D935B176579D5D1203451C0CE377C57ED7EB3A9CE9ADCB3BB591024C3B7EE78DCD
                                                                                Malicious:false
                                                                                Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\u5167\u90E8\u932F\u8AA4\uFF0C\u4E0D\u660E\u7684\u8A0A\u606F..error.badinst.nojre=\u5B89\u88DD\u932F\u8AA4\u3002\u5728\u7D44\u614B\u6A94\u4E2D\u627E\u4E0D\u5230 JRE..error.launch.execv=\u547C\u53EB Java Web Start (execv) \u6642\u9047\u5230\u932F\u8AA4..error.launch.sysexec=\u547C\u53EB Java Web Start (SysExec) \u6642\u9047\u5230\u932F\u8AA4..error.listener.failed=Splash: sysCreateListenerSocket \u5931\u6557..error.accept.failed=Splash: \u63A5\u53D7\u5931\u6557..error.recv.failed=Splash: recv \u5931\u6557..error.invalid.port=Splash: \u6709\u6548\u7684\u9023\u63A5\u57E0\u5C1A\u672A\u56DE\u5FA9..error.read=\u8B80\u53D6\u8D85\u51FA\u7DE9\u885D\u5340\u7D50\u5C3E..error.xmlparsing=XML \u5256\u6790\u932F\u8AA4: \u627E\u5230\u932F\u8AA4\u7684\u8A18\u865F\u7A2E\u985E..error.splash.exit=Java Web Start \u9583\u73FE\u87A2

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\deploy\messages_zh_TW.properties

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with very long lines (1729), with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):3784
                                                                                Entropy (8bit):5.17620120701776
                                                                                Encrypted:false
                                                                                SSDEEP:96:wMWzQq8x9i7zO/JOFtUtQzy+gawZFomWdYQCfQ/ydQCyA:LWzQqms7S/JDtQcJoHWQaQ/6QCH
                                                                                MD5:4287D97616F708E0A258BE0141504BEB
                                                                                SHA1:5D2110CABBBC0F83A89AEC60A6B37F5F5AD3163E
                                                                                SHA-256:479DC754BD7BFF2C9C35D2E308B138EEF2A1A94CF4F0FC6CCD529DF02C877DC7
                                                                                SHA-512:F273F8D501C5D29422257733624B5193234635BD24B444874E38D8D823D728D935B176579D5D1203451C0CE377C57ED7EB3A9CE9ADCB3BB591024C3B7EE78DCD
                                                                                Malicious:false
                                                                                Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\u5167\u90E8\u932F\u8AA4\uFF0C\u4E0D\u660E\u7684\u8A0A\u606F..error.badinst.nojre=\u5B89\u88DD\u932F\u8AA4\u3002\u5728\u7D44\u614B\u6A94\u4E2D\u627E\u4E0D\u5230 JRE..error.launch.execv=\u547C\u53EB Java Web Start (execv) \u6642\u9047\u5230\u932F\u8AA4..error.launch.sysexec=\u547C\u53EB Java Web Start (SysExec) \u6642\u9047\u5230\u932F\u8AA4..error.listener.failed=Splash: sysCreateListenerSocket \u5931\u6557..error.accept.failed=Splash: \u63A5\u53D7\u5931\u6557..error.recv.failed=Splash: recv \u5931\u6557..error.invalid.port=Splash: \u6709\u6548\u7684\u9023\u63A5\u57E0\u5C1A\u672A\u56DE\u5FA9..error.read=\u8B80\u53D6\u8D85\u51FA\u7DE9\u885D\u5340\u7D50\u5C3E..error.xmlparsing=XML \u5256\u6790\u932F\u8AA4: \u627E\u5230\u932F\u8AA4\u7684\u8A18\u865F\u7A2E\u985E..error.splash.exit=Java Web Start \u9583\u73FE\u87A2

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\deploy\splash.gif

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:GIF image data, version 89a, 320 x 139
                                                                                Category:dropped
                                                                                Size (bytes):8590
                                                                                Entropy (8bit):7.910688771816331
                                                                                Encrypted:false
                                                                                SSDEEP:192:91m4OqvVyG+LMIcBc2qPjHmxJCCG/h97dIYhOX:9/OqdivcqzjH3tfDE
                                                                                MD5:249053609EAF5B17DDD42149FC24C469
                                                                                SHA1:20E7AEC75F6D036D504277542E507EB7DC24AAE8
                                                                                SHA-256:113B01304EBBF3CC729A5CA3452DDA2093BD8B3DDC2BA29E5E1C1605661F90BE
                                                                                SHA-512:9C04A20E2FA70E4BCFAC729E366A0802F6F5167EA49475C2157C8E2741C4E4B8452D14C75F67906359C12F1514F9FB7E9AF8E736392AC8434F0A5811F7DDE0CB
                                                                                Malicious:false
                                                                                Preview:GIF89a@................................................FFF...T..W..V..Is.Kv.W..W..U..Hr.P|.O{.Mx.Gq.Jt.Fo.Fp.V..U..Gp.T..Lw.P|.R..Q~.S..S..Nz.Lw.Hq.Ju.X..V..Lx.It.U..Hs.Ny.Nz.P}.R~.S..R~.R..Q}.Q}.My.Lv.It.O{.Ku.My.Oz.Gp.Gq.Hr.....................WWW.........Ry.uuu............i......ggg...]..................{..y..d..........Sz................s............i...............c............v.....X........r...........]........^........p.....z.........r..Y..l..m...............]................Mu........Qw.Nw.........v.....b..j.......V}.]........d.....k........v........Lu....S|.U{.Oy................W........Lv.U..R}.....Nv.Gp.Nx.Ks....Jr....Hq......V~.T..S~.Z.....Gq.O{.......W..Qz.......Lw.Z.....T...........S~....Lt.Kv....V.................Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="ht

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\deploy\splash@2x.gif

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:GIF image data, version 89a, 640 x 278
                                                                                Category:dropped
                                                                                Size (bytes):15276
                                                                                Entropy (8bit):7.949850025334252
                                                                                Encrypted:false
                                                                                SSDEEP:192:onqkbSDLFgIBL0IgyZCE/oIuuemXclVO/HemZ8GbRdziHm6tIclW3ZYvvebtssZn:lKMLWkpgy8sdsnOmEyPLaYoauAdI
                                                                                MD5:CB81FED291361D1DD745202659857B1B
                                                                                SHA1:0AE4A5BDA2A6D628FAC51462390B503C99509FDC
                                                                                SHA-256:9DD5CCD6BDFDAAD38F7D05A14661108E629FDD207FC7776268B566F7941E1435
                                                                                SHA-512:4A383107AC2D642F4EB63EE7E7E85A8E2F63C67B41CA55EBAE56B52CECFE8A301AAF14E6536553CBC3651519DB5C10FC66588C84C9840D496F5AE980EF2ED2B9
                                                                                Malicious:false
                                                                                Preview:GIF89a..............................................FFF...W..V..Is.Hr.W..W..U..P|.T..Kv.O{.V..Mx....S..Fp.Jt.Lw.Gp.Gq.Lw.U..T..R..Q~.Fo.Nz.R~.R..Q}.My.Ju.It.Oz.Gp.Nz.Gq.V..Ny.Hq.P|.P}.S..S..S..Q}.Ku.Ku.Hr.Lx.X..Mx.It.U..Is.Hs.T..O{.R~.T..O{.Kv.My.Lv..........i...........]..WWWu...........ggguuut.......................................Ry.......{..............b..........................^..l.................X}....a..{.....c..................v..m........T{.f.....l........X.........................j..U|...........`........j..g..U~........^.....Qz.Jr.Nw.p.....v.....p.....Gp....r..Mt.......y..q.....]..Nv............Tz.Y.....[.....Pw....Ox..............X.....Y..X..W..V..S|............Mx....Mv.Kt.U..Hq.Lv.W.....Mu.i..Q{.Gq.Lt.S~.T..U..Kv................Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="ht

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\deploy\splash_11-lic.gif

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:GIF image data, version 89a, 320 x 139
                                                                                Category:dropped
                                                                                Size (bytes):7805
                                                                                Entropy (8bit):7.877495465139721
                                                                                Encrypted:false
                                                                                SSDEEP:96:S88k2wenvMs3iHrSI3yy73VWOcaJpGvrrXqJBcqgbf5bD0jmzDBoqCN2IWsyh:SFHhs73n73V4airrXq41Ll3vBmN2YU
                                                                                MD5:9E8F541E6CEBA93C12D272840CC555F8
                                                                                SHA1:8DEF364E07F40142822DF84B5BB4F50846CB5E4E
                                                                                SHA-256:C5578AC349105DE51C1E9109D22C7843AAB525C951E312700C73D5FD427281B9
                                                                                SHA-512:2AB06CAE68DEC9D92B66288466F24CC25505AF954FA038748D6F294D1CFFB72FCC7C07BA8928001D6C487D1BF71FE0AF1B1AA0F35120E5F6B1B2C209BA596CE2
                                                                                Malicious:false
                                                                                Preview:GIF89a@...................................{...........c.....P|.l.....].............Ry.........S{.i.....U~........................uuuV..b........T.....WWW}..R~.......Hr.v..T|.It..........n.............e..f.....].........Hq.`........Y.....i..r.._..l...........]..Y.....v..................s..f.....z.....\........Jr.r.....................i..e.....p.....Y..m........Z..Sz.Ow....Y..Nx.{..w..Jr.T..R}....Pw.Lt.s..`..W..W..Lv...........................................FFF...W..V..Is.Kv.W..W..U..Hr.O{.Mx.Jt.Gq.Fp.Gp.Lw.Fo.U..T..Q~.R..P|.Lw.S..S..Ju.Nz.V..X..V..U..Ny.Hs.My.Ku.My.Q}.R~.P}.Q}.R..S..S..O{.Oz.Lx.Nz.Lv.It.Gp.Gq....ggg.....................S...............S|....Gp........Mw.S~.Px.Nz.Pz.......Lt.Kv.a.....V.....r.................Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="ht

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\deploy\splash_11@2x-lic.gif

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:GIF image data, version 89a, 640 x 278
                                                                                Category:dropped
                                                                                Size (bytes):12250
                                                                                Entropy (8bit):7.901446927123525
                                                                                Encrypted:false
                                                                                SSDEEP:192:Zzv4QPei/ueMFJ2M4xSGb/xGEyddpTa7Kv9I1BDc3KR3q6xmwJePYueHjAPZKGMr:5vTWvmxSGbkpTaYe1dc3KR3q7wJsOHmu
                                                                                MD5:3FE2013854A5BDAA488A6D7208D5DDD3
                                                                                SHA1:D2BFF9BBF7920CA743B81A0EE23B0719B4D057CA
                                                                                SHA-256:FC39D09D187739E580E47569556DE0D19AF28B53DF5372C7E0538FD26EDB7988
                                                                                SHA-512:E3048E8E0C22F6B200E5275477309083AA0435C0F33D1994C10CE65A52F357EE7CF7081F85C00876F438DFA1EE59B542D602287EC02EA340BFDF90C0C6ABD548
                                                                                Malicious:false
                                                                                Preview:GIF89a.......{.....k......{...........P|.b..V......................Hr.Hq.......................]...........X...........f.............i............R~....u..It.u.....l..T~.......Qz.......^..Q~....i.......b.............Qx.Y..Y.....q..p.....v..............a..U|......T..Y........................^..n........f.....Tz.e..j..f..Ox.p..Y~.Ov.......y..Z..h.....l.....W.....w.....R|.p.....X~.a........Pw.Ks.Ir.......^.....Kt.FFF\........Ox...........W..U..Nw.Mu.W..V..Is.V..Hr.R~.W..W..U..T..O{.Kv.Gp.S..Mx.Lw.Fp.Lw.U..T..Jt.R..Gq.Fo.Ju.My.R..Q}.R~.Nz.Oz.It.Nz.V..V..Gp.Ny.Ku.P|.Ku.Gq.P}.S..Q}.S..S..Is.Lx.U..O{.Hs.T..O{.My.Mx.Kv.Lv............iii...YYY.............xxx........._.....U..Gp.U..Lv.Mw....Oz......S|.S}.Hq.\..Kv....Mv.P{.W..T........Mw.T.....Nz.q..Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="ht

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\ext\access-bridge-32.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Java archive data (JAR)
                                                                                Category:dropped
                                                                                Size (bytes):187736
                                                                                Entropy (8bit):7.79606817499301
                                                                                Encrypted:false
                                                                                SSDEEP:3072:9Mxm+j7ZPrDuryFpqOv2xHamAIGiDZDo81qnI/vs7O04OvwFgBgvH6:ONduOJv29amxGiDtonI87aGBgva
                                                                                MD5:13794986CA59819F6AF7BD70022D7F8F
                                                                                SHA1:6C5609CD023EB001DC82F1E989D535CD7AD407EE
                                                                                SHA-256:AF555DD438214DCD68D55EBDDCC0A05BF47DEF0EFD9920E3955D11CC2623628E
                                                                                SHA-512:2E3C4E76FD911EFF5F6983D6D7FBB0F998E5FB0BFE11921A83AC9F19BFB0C28B157354F1AC790094C354845025AB42F5A921FDDF2A780497431F3912D7D3E518
                                                                                Malicious:false
                                                                                Preview:PK........z..H................META-INF/......PK..............PK........{..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............/...com/sun/java/accessibility/AccessBridge$1.class.S.n.@.=.........6.....BU.D.T..CQ.x.8+...F.u...$...>..B.....5.....9.gfg......St....,........sp....z*. ......".e........MG.|N..(...a.=..9!Tz.@..GJ.W./...s<..8&t.9...m......8..Jt.`..:....Q.?.a....H......y.$.Y..a.....m.c5...K.....'.....Y.`^.5..|..z_.q.*....]2p....[..P..b.A.C...W..j..(H3.....a.~...;.Z.^,.T...6QB..L.+g...%l_R....H.V..el&..#F.~6.1.9.C.g$M.+.vn..&........k 8 ...._..."G=.6P.#._@.o(}.........s`..Oy..A.Q&|...._a...c...2.....g$.+..k..:n.s7q..x....?PK....&.........PK...........H............0...com/sun/java/accessibility/AccessBridge$10.class.TYO.Q...e`.. ..X.j;...W.Z*j.u.....7ep.!3w._.1&...&....>.....q..m.s.{..l...._...n..0(IN.!...VajH`D.(.v.$.U....v....$g%9.!....N..T.Wq.!.d..e.Vj.

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\ext\access-bridge.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Java archive data (JAR)
                                                                                Category:dropped
                                                                                Size (bytes):187727
                                                                                Entropy (8bit):7.7958934328326075
                                                                                Encrypted:false
                                                                                SSDEEP:3072:aMxm+j7ZPrDuryFpqOv2xHamAIGiDZDo81qnI/vs7O04OvwFgBPlHl:nNduOJv29amxGiDtonI87aGBPlF
                                                                                MD5:82C16750374D5CCA5FDAA9434BAF8143
                                                                                SHA1:9B49F07BFB6F4AE73EB9B2FADCAE46E02E31F023
                                                                                SHA-256:1F0966EBD65544669395E9F490A3D397DCF122D5261566734BB422C68CFE64B8
                                                                                SHA-512:12A32FBE2A0A824EC33BD6D0A22066C0CB74D13EEBC16622FFE420CD48B4EB5878C981384DEBE30285D6231B3224E5CD2380C22D8C18624E52E5C74B62221661
                                                                                Malicious:false
                                                                                Preview:PK........{..H................META-INF/......PK..............PK........{..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............/...com/sun/java/accessibility/AccessBridge$1.class.S.n.@.=.........6.....BU.D.T..CQ.x.8+...F.u...$...>..B.....5.....9.gfg......St....,........sp....z*. ......".e........MG.|N..(...a.=..9!Tz.@..GJ.W./...s<..8&t.9...m......8..Jt.`..:....Q.?.a....H......y.$.Y..a.....m.c5...K.....'.....Y.`^.5..|..z_.q.*....]2p....[..P..b.A.C...W..j..(H3.....a.~...;.Z.^,.T...6QB..L.+g...%l_R....H.V..el&..#F.~6.1.9.C.g$M.+.vn..&........k 8 ...._..."G=.6P.#._@.o(}.........s`..Oy..A.Q&|...._a...c...2.....g$.+..k..:n.s7q..x....?PK....&.........PK...........H............0...com/sun/java/accessibility/AccessBridge$10.class.TYO.Q...e`.. ..X.j;...W.Z*j.u.....7ep.!3w._.1&...&....>.....q..m.s.{..l...._...n..0(IN.!...VajH`D.(.v.$.U....v....$g%9.!....N..T.Wq.!.d..e.Vj.

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\ext\cldrdata.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Java archive data (JAR)
                                                                                Category:dropped
                                                                                Size (bytes):3860522
                                                                                Entropy (8bit):7.9670916513081735
                                                                                Encrypted:false
                                                                                SSDEEP:98304:PI1SwP9utPgTIb0bxSxwF1nNZVdEILeH9IIyYNO4Inwz:PI1HYgkoxSxI9fs4UVIwz
                                                                                MD5:AE86774D28F1C8270A9BCBD12A9A1865
                                                                                SHA1:7806C70550F435C2C87D2D15E427E5A9F97774E4
                                                                                SHA-256:0402FBCB23D381DEDE4DF4228F2D100D8693C5B3BAB885AB5EB98BCC0A269786
                                                                                SHA-512:2EA1E0372A087915FFFCCA2DEFC817C37BD038B02824BFEC1DA4E881A4C908A93AEB37DAA38840F75BCEAFD02EC09088FE648B0305DA0407E93407EAC770BE63
                                                                                Malicious:false
                                                                                Preview:PK........s..H................META-INF/......PK..............PK........s..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.q.B........E..%.).N. e.z.......E..9....E..E.%@...\.\.PK...n..N...Z...PK...........H................sun/text/resources/cldr/aa/FormatData_aa.classmPMO.@.}........(.@..xB....!b,1i8..6X..I.5._.'.....(..".9.yy3.f?..?..`?...*6T.5l....aG......=...mqN.......t...:6g.;`^....d.L..\0.|.b...w&.....c.;...8%H...........RqA.......b. ..p./G......B0..K.Sx6...>4\....Zy.!..".R.N....T....=..c~d.7...3(5.<.....a;F....\....a8@..a.@..d^.]YV"k....U...2'#...rX.K...ue...O....bZ.:CB...jZ.]3...2M.s....3}.ct%.GV..PK...]..d.......PK...........H................sun/text/resources/cldr/af/FormatData_af.classuV.x[W.>...a[y......R.+-..K].I.4..(...b.=....a.h...({..B!...{.U......w../...y...?.;w>.u..w..A.......xE.nFxe.nAx...^.p+.k.^..z.7 ...M.oFx..[...v.3..!.....Bx7.{.nGx/....@x?...."..A..!|....G.>..1..#|....B......A.,...>..../"|...._A.*........o"|.....A...........".

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\ext\dnsns.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Java archive data (JAR)
                                                                                Category:dropped
                                                                                Size (bytes):8286
                                                                                Entropy (8bit):7.790619326925194
                                                                                Encrypted:false
                                                                                SSDEEP:192:tX5jIgU7WbMCc0XmHTEIWB7EH+mqcEb+wYtvEmkbKdG:tXZU7WbMoWTFWBAH+BCrEmkh
                                                                                MD5:7FA7F97FA1CC0CC8ACC37B9DAE4464AE
                                                                                SHA1:C143646A6DBE2EBDB1FBF69C09793E7F07DBC1F5
                                                                                SHA-256:36820223C5B9A225DC3FF7C1C3930BDB112F1D9AAB2BEE954FF1A1C1828E2C54
                                                                                SHA-512:AD9A0E358BE7A765B4A554E6BBE35BDD61A52BCAC9F21915D84C2A1929780150DFDCF0E43121D0E844082B1BB92873ED848ACF9B38FF3C7D826E5D0F5D32C26C
                                                                                Malicious:false
                                                                                Preview:PK........s..H................META-INF/......PK..............PK........s..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............2...sun/net/spi/nameservice/dns/DNSNameService$1.class.S]O.A.=......./@."e.,(>AH.` )..g.......l../j....LD..F_.M.xw.j.....s.{g.~.........d.n...9.0e.N..i.E.......~A.&.H..7....[<.7|....]f_.....r.)W....*~(B....nM..F.Z!.z.....Ye.(...B.3..2.AM0......pO..x.!.#.0U.I.G..Tu.&..L.......e.![.U..;...-.2.6.<.02P..9...R.......la...*.H....!.."-..H..E].Z.k^.W:p.J^s. .x .c..7j>.A..T...TfG...f....!.6zm.p.F..-.q.K.....1.!.w.C+,2..J....0.!C...0Lw...@..s[.cmp%I-.5..o...1.D].]q..4..-.t1...m.q.3.;\....D.+/..../...N....uv...R.|<<.2M...4...O.yz.F*A...).3{.....7....]..g.i..9&m.[.......K_.}.,;)}F..VR.w........|I.+..B.a...F.-C....h......Y...N...t..D.:.<..d..u`..r..B...PK..K.".u.......PK...........H............2...sun/net/spi/nameservice/dns/DNSNameService$2.class.

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\ext\jaccess.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Java archive data (JAR)
                                                                                Category:dropped
                                                                                Size (bytes):44516
                                                                                Entropy (8bit):7.905075370162141
                                                                                Encrypted:false
                                                                                SSDEEP:768:2YVL1eqfgKbWnXuZ/QvfBPJr+A6tkZQnWn109KqM9jE4z:2KL1eWgfnXuEfJQAdQnWn10kqg3z
                                                                                MD5:1A33FF1FDD789E655D5E2E99E9E719BD
                                                                                SHA1:AE88E6000EBD7F547E3C047FC81AE1F65016B819
                                                                                SHA-256:A23A9A653A261C640703B42839137F8C4BF7650665E62DBDD7D538171BD72516
                                                                                SHA-512:0451393D805414D6633824F3D18B609F7495324FAB56DF4330E874A8995BD9E0DA567D77DB682D7FD1544CD7E6A3D10745C23DB575035E391B02D6EE4C4362FD
                                                                                Malicious:false
                                                                                Preview:PK........{..H................META-INF/......PK..............PK........{..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............Z...com/sun/java/accessibility/util/AccessibilityEventMonitor$AccessibilityEventListener.class.Wkp.........5..5..A6`l..C\j.A...eb)..)dm....J+..h...I.&&...L.4.3.$.aH.q.....M...i..m......KNf4.y..~.9g.>.....[p.:....n..p....(........#.D'".ta/.>.D7.|.s.!..f.o......#\w?o...;q..]x....B...~.....t..4>?.#N.1$Aw........;..#j.HJ0%..p...M.5...V[.. ...*......P...).qZ)......a-i...H2.EM..H.2l.H.eX_.>..(..J_..Lj.Z\3G...,...C|.....T..$,.q.OX...[.u..Qg..6..:...iz.q.-.*...:sD@9j.2[..w..I3a.r....cXM..m..}P..J.WU.d`o.nhD.3.=).)..o2..F*...8^k...f)t.........G...e|.....C*K."#.F...,.m.q..I8)....$..x^......e..?..c.D..8..e..7...U..8..dl...rc.s.7d..3...x.....E`.....n/.8.qY......i.~BQ..\.1.K2~.K...s.C.YN...@.Lh...i....PwwW.W...2.z....<%..F..+..xW.e...K.W0...3......J..)S.

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\ext\jfxrt.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Java archive data (JAR)
                                                                                Category:dropped
                                                                                Size (bytes):18192143
                                                                                Entropy (8bit):5.977388717447885
                                                                                Encrypted:false
                                                                                SSDEEP:49152:ZxJ9lXlkEhZWLyyQSgxv1/FGfnIWkRXe2p0F7tjRozGfVgMS55pU13JbL5xli3d6:ZhLk2bBSgnFGfnhAXLzAeylvi3dGT
                                                                                MD5:042B3675517D6A637B95014523B1FD7D
                                                                                SHA1:82161CAF5F0A4112686E4889A9E207C7BA62A880
                                                                                SHA-256:A570F20F8410F9B1B7E093957BF0AE53CAE4731AFAEA624339AA2A897A635F22
                                                                                SHA-512:7672D0B50A92E854D3BD3724D01084CC10A90678B768E9A627BAF761993E56A0C6C62C19155649FE9A8CEEABF845D86CBBB606554872AE789018A8B66E5A2B35
                                                                                Malicious:false
                                                                                Preview:PK...........H................META-INF/....PK...........H..>.g...g.......META-INF/MANIFEST.MFManifest-Version: 1.0..Ant-Version: Apache Ant 1.8.2..Created-By: 1.8.0_40-b27 (Oracle Corporation)....PK..........H................com/PK..........H................com/sun/PK........j..H................com/sun/deploy/PK........j..H................com/sun/deploy/uitoolkit/PK........j..H................com/sun/deploy/uitoolkit/impl/PK...........H............!...com/sun/deploy/uitoolkit/impl/fx/PK...........H............$...com/sun/deploy/uitoolkit/impl/fx/ui/PK...........H................com/sun/deploy/uitoolkit/impl/fx/ui/resources/PK...........H............4...com/sun/deploy/uitoolkit/impl/fx/ui/resources/image/PK........}..H................com/sun/glass/PK...........H................com/sun/glass/events/PK...........H................com/sun/glass/ui/PK...........H................com/sun/glass/ui/delegate/PK...........H................com/sun/glass/ui/win/PK..........H................com/su

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\ext\localedata.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Java archive data (JAR)
                                                                                Category:dropped
                                                                                Size (bytes):1178848
                                                                                Entropy (8bit):7.964832897711047
                                                                                Encrypted:false
                                                                                SSDEEP:12288:qLvFVMHxMyEg7+dYmx0nqEdgq2C942bjAHcOveMdDLtHHicwqJM5SznKMWKdk/H2:cF9rYmxQ5tOcOdFwqSYzn0DfYHs4jOBK
                                                                                MD5:24857AD811CEDA70BD0F087FD28B5B6E
                                                                                SHA1:707305EB10B1464D40BDEABADE77B80B984A621A
                                                                                SHA-256:321D646AD29A5B180CA98BB49E81C2C732523B7E5145A3C568766CEC06B2B1CD
                                                                                SHA-512:A10A340BDB2DE2D0D14ED804F04313D1D4CBD64EF0513A9E54B7FA95FFB05F2123C9095A4B2BFFA4DDF3ADEA9A67E978D26D115A8F5677AE1BD0EE67C416FA5A
                                                                                Malicious:false
                                                                                Preview:PK........u..H................META-INF/......PK..............PK........u..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............,...sun/text/resources/ar/CollationData_ar.classm..O.A...Y[("...E..Q.....z....M.1A.f....m.n.G|._.WP@.R^T.D._.......b.N.H.....<..!._....!...j...#bCD.U..*.1"6ED.#*[..xp....;.:"....Q..O.'..:....3..5.~.J.~2.8.a.......e/....S....A.#.c.l...<n.ljM%.^.O%.y.w.K.;jD.X...._......,.B'\.;'.K.{...x.G..cL...9^`..x.W..0F....!...P.8&0.)..[..+.e.T.\.+w."g.YW.E...]....[....c....}.(.b..m1n..<`..[,..-&m...C.....W....}..k>y..x.....X K.fY..1.1..L.z.;.K.....n}..4...f0..|6.}..0..X."..+=.........n...6.Y.............l.o..%..w.8Ks..gq......3t/8C.........~<..<.3<....%....0F...(r..1..\5s..UO..jf..L..f...........................!.!.!.!.!.!.a..............................n&..... ..3.76.....#....l.OD......G.../..J.W..*...k5.V..........?.V..6...F...t.....X...X.

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\ext\meta-index

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):1511
                                                                                Entropy (8bit):5.142622776492157
                                                                                Encrypted:false
                                                                                SSDEEP:24:EV677x6CFRf08P86xX+4jz98ht4QLlJVzDOFw5DOFFVzDOFvVzDOFz5qlV/FRARV:EE796OfT0OZjzGs6lDitfitigXFqX6Kp
                                                                                MD5:77ABE2551C7A5931B70F78962AC5A3C7
                                                                                SHA1:A8BB53A505D7002DEF70C7A8788B9A2EA8A1D7BC
                                                                                SHA-256:C557F0C9053301703798E01DC0F65E290B0AE69075FB49FCC0E68C14B21D87F4
                                                                                SHA-512:9FE671380335804D4416E26C1E00CDED200687DB484F770EBBDB8631A9C769F0A449C661CB38F49C41463E822BEB5248E69FD63562C3D8C508154C5D64421935
                                                                                Malicious:false
                                                                                Preview:% VERSION 2..% WARNING: this file is auto-generated; do not edit..% UNSUPPORTED: this file and its format may change and/or..% may be removed in a future release..! access-bridge-32.jar..com/sun/java/accessibility/..! access-bridge.jar..com/sun/java/accessibility/..! cldrdata.jar..sun/text..sun/util..# dnsns.jar..META-INF/services/sun.net.spi.nameservice.NameServiceDescriptor..sun/net..! jaccess.jar..com/sun/java/accessibility/..# localedata.jar..sun/text..sun/util..# nashorn.jar..jdk/nashorn..META-INF/services/javax.script.ScriptEngineFactory..jdk/internal..# sunec.jar..sun/security..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# sunjce_provider.jar..com/sun/crypto/..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# sunmscapi.jar..sun/security..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# sunpkcs11.jar..sun/security..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# zipfs.jar..META-INF/services/java.nio.file.spi.FileSystemProvider..com/sun/nio/..# jfxrt.jar..META-INF/INDEX.LIST..com/sun

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\ext\nashorn.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Java archive data (JAR)
                                                                                Category:dropped
                                                                                Size (bytes):2018860
                                                                                Entropy (8bit):7.9328569913001905
                                                                                Encrypted:false
                                                                                SSDEEP:49152:fBkB7GOrPDSz0fHaIU1KDWtHkLs0amlyYu:fBkoOruSHa/4y/FmA
                                                                                MD5:F3E3E7769994C69DFF6E35EF938443CA
                                                                                SHA1:758F42C0A03121AD980DC98BE82DCAF790679E79
                                                                                SHA-256:CF0268FF39D19876BD42BF59E2CE93BB9AA57E5EE98C212BAE0184BD87F2D35A
                                                                                SHA-512:AB4801E8538B9B84124D2B8C36E64232F16DA686C5FA565C5DE2091C910806A850464F5CCC79C9320DF6F8CB943633FC38FEA63F9E0593A44E3541F15F126951
                                                                                Malicious:false
                                                                                Preview:PK........o..H................META-INF/......PK..............PK........o..H................META-INF/MANIFEST.MFm....0.E.&...:..q.0.....W.g(>Z.v..E4,...{o..>1&y...w.0JsV....<..A..M.bs.. ......F|.Y... .Bt.K9...N%.).s.D.qVC.......c?......'..B,k...&.......i?^0...o...PK..\K:x........PK........i..H............6...jdk/internal/dynalink/beans/AbstractJavaLinker$1.class.S.N.Q..N[.mY.".....T......7.%....A...t..n..m........k51.....2..H.51....o..|..9?~~;....9..J.Y.g...5......M%.4......z....=..v.OF"..7.#....-.e......nU...G^ K.a/.BF.....y.....*C.C.^..!.R.eH.....j....aK.M...3].....=..;'.;]j*..>C....#*.:..Z.(.N...JvEX.I.e..A..."j...C....t.C.q..:..>.J1}...z`..v...[.. .QTa..kXeX..'.1O.c..1...x..W..a.....3.Gl.VG8.C.tE5P...rN.&.v.....F.V.{.say.0^~m.....e....VW.B..x.h..u.i.K..F..j.[;;..Z.z.^f.8.q~.nR.n....Q.2..$.)B.$..|.;.....'.&. .j|@.E....FP#....A-..."...b.n.".H/c..Ho..s.I./.X..p...}..]F....SP.L.u."@..$o.9.b.'.!.;X~6..PK..]./.<...H...PK........i..H............K...jdk/internal

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\ext\sunec.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                Category:dropped
                                                                                Size (bytes):39771
                                                                                Entropy (8bit):7.92713480980539
                                                                                Encrypted:false
                                                                                SSDEEP:768:ah0EOq/w9b3jpSo40ROLB2CUrQbNVkJBtw6pcZWztpQeA4Uz7NWnZVNB3gX083/z:aJOyw9b3joo4hLB2CUr2yBw6pcMtpS44
                                                                                MD5:A269905BBB9F7D02BAA24A756E7B09D7
                                                                                SHA1:82A0F9C5CBC2B79BDB6CFE80487691E232B26F9C
                                                                                SHA-256:E2787698D746DC25C24D3BE0FA751CEA6267F68B4E972CFC3DF4B4EAC8046245
                                                                                SHA-512:496841CF49E2BF4EB146632F7D1F09EFA8F38AE99B93081AF4297A7D8412B444B9F066358F0C110D33FEA6AE60458355271D8FDCD9854C02EFB2023AF5F661F6
                                                                                Malicious:false
                                                                                Preview:PK.........r.F................META-INF/MANIFEST.MF..I..H....Q..C.f.X..*b......lz..$..dK6..7U....N.5...... .GT.......[.{a...8#(FI......%Ao==...U%%.QOIjL....'.o../..q.q.!....k..)}..4...@J..~\....@..z0._.*....L....=..z.=?)..%... n......HoY.>?........]....Nz..,..c./........6$.@....1.2.X...`:G.j.S..IP.-X...0..8jk...|.....YF.b..u.9...F\.j......y.*Q.'..2.i.S.D...z.j...a..a..L.o..+v. .!.h..8H...d..R.d1a...A.9........zC..Z_.p.`...).t. ...q.1.......\...RS."..11.C.Y..I...J.(.(x.m..N..('[..C.o....H..].<#.%....CZ....[....Y......g..=.2...........I....qm.-....(..BZF.r8=.C(F...I.."...$W....]...9..0b......]...5.M.....`"."k...k....T\....WZQ.>.8..KF..g[Y.c5.s...U..-c....!v..$.rG......1T....bb.s>..R.w....&8.*NX@o+...~,K..2..yI..._f^.l@..|.....U...^...#.P.u!.#..g@/d.<.../..:..V.[.6B.TG....>.D..R\.k....E.E.O4K..Z....f.,..f......hRW...) X......\M.#!)..H..b..f...w..R....w.=.........PC.#...K..|..d.S..Ms.]4q.....c..f......}.NF^.7d...|.*..^\n.l.D..V......

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\ext\sunjce_provider.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                Category:dropped
                                                                                Size (bytes):279427
                                                                                Entropy (8bit):7.90277234368113
                                                                                Encrypted:false
                                                                                SSDEEP:3072:E/Ieog0SgEOU8pqHbQpr16jWun5bT1aReAaTFMzpx2Xcpll+PrA3YaRBlLi:E/m9eJsppCLJTURe9TFMrQ0fkUK
                                                                                MD5:B04074A9FC78DC1409168E1E2D139647
                                                                                SHA1:54182C904A48364FC572E3A2631DF14823C29CEF
                                                                                SHA-256:BFAD3FB11E7115AAF34719488551BF3205B2FAFFB38681C7F6BDAD19BB7568C2
                                                                                SHA-512:E97CA3D53E867E957BF467688F83C53B2FD6FF1EA001B19F03A23096581DC8ADCEC7C1403D164D063B1A437E4BF6FA98E1543626849D4E17E31156CB012F9599
                                                                                Malicious:false
                                                                                Preview:PK........aZ.H................META-INF/MANIFEST.MF.|I..V..".?xP...p.#..7.G D.N.......~...)....ic.;..[.k.../3...5.5........O....x....6c4>...].u....h.~2.f,n.O|3.}.|<..._}..o........K..Z.=.$m....>...'....O?...G.>&..)no.......Z=...k..~...O.z....c.|(..9.=..|....q.vc....}..i.3.~.}x...~.?.+..._...}.......|..,.,..&`.s..=.....h...%.g.'~..i......p.;A..B..99{....E..k........)......^IW!.._....+..)....d._0...s......v..R.c.*]..0.C..Z}.....j..O%.I.....J.%..).Q..=..0.J.J...A......%T...$..h.#.N%N.e.ne...=DV.......+.....(..f...yn.P..-...f.ON..d=8-....B.^......S.+........$V`..uz....US..h.8.4^Y-;4.M.+i...dw.9.x..k.]...\u..j{<.....r.....y}.E.....X.~%....zF;.<....+-...X.I.I..]..N`.2.G....c~..J.r.o@..My.(.H,...b.e...5'e./...b;D~.%....};....J....1k5CrO..6....n.....>.t..0a.......,.J./;.q.y...w...J.t&s.2.sYk....1...5..._x.....Q..M.J...N.y3{....R..~.F..V......'z...{|..j5..../.;.NCGG\.....!M...Pfe/l..).zL..9.4....?..o.....}.F..M....~.L.q.] ..x.v..d.]G[...q$.E.o...r.(..

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\ext\sunmscapi.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                Category:dropped
                                                                                Size (bytes):32699
                                                                                Entropy (8bit):7.878192531974338
                                                                                Encrypted:false
                                                                                SSDEEP:768:iLy1giOqjU0jNVmOTuDQJD/RpAczsikFfg0y+7aBTS73dyPoXvvKv2PtvHubyKhi:i4giOaU0jNVmOCADZpVsiUf3yua5S7t7
                                                                                MD5:2249EAC4F859C7BC578AFD2F7B771249
                                                                                SHA1:76BA0E08C6B3DF9FB1551F00189323DAC8FC818C
                                                                                SHA-256:A0719CAE8271F918C8613FEB92A7591D0A6E7D04266F62144B2EAB7844D00C75
                                                                                SHA-512:DB5415BC542F4910166163F9BA34BC33AF1D114A73D852B143B2C3E28F59270827006693D6DF460523E26516CAB351D2EE3F944D715AE86CD12D926D09F92454
                                                                                Malicious:false
                                                                                Preview:PK........)..H................META-INF/MANIFEST.MF....X.........ad2....@..%E..M.^.x.. O_dW.5Qi..8.....).aY=.!.Q....g..AM..&0....d.*./#..yM+......g.[.O..$....I?>X9..G......h.]...".y....do.O..2.Y.\^...}+....p2..u.]...V0}....&..a.C...-.....n.....M...M.F..,.....v@...>>|..["J...U7")..#b.oV.a...l.g..e.s..L.D..={.-gLEt.....!/... q....z.J...0.2e...=.....[]{..N...1....Z.....2...I.k...Sy..Qm...{....;.On..!.@..S.IZ..=......Lo.N4..|.j...!.l..G..}.Q....u....ADh.z.w.-..@%.@...!.".R.nHE.P]..J!..E.9Sw.LM7.&...[v..~.P...bp;.....:id.e..o.h..8.C....l...70..].gp..7.<.P.....Zj.....M......-.(@~...M^.....asJ.Y.1.e...(qW..h.c.Iu...-.A..?.5.Ex.S.oc6.).Qkr..+....|..._..H..!7..hs.r.;.z=.....*#.c....6...O+q.I.....|.4.V....Y.T.....4XO..4.>..1.$h..lu..l0..?...w.......o.u....6..)BG'..f......d.v...........<.i..Bj..d..L.....G.r@1.....0..d......'...........*.rK....5x..8.V..9(..Y.`'.k.N....3b.rx.p..c...M_j%..U.z.|Y.1\....d...-I.<g........-.h.*.F...me.F..p.c.o..

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\ext\sunpkcs11.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                Category:dropped
                                                                                Size (bytes):250826
                                                                                Entropy (8bit):7.951088517189604
                                                                                Encrypted:false
                                                                                SSDEEP:6144:dKtThM4XbBG7v3jUAbE0MEIynrI25ENN/kv1Pv:dKphM4X1G7PjlbE0MxHLbC
                                                                                MD5:2E33D8F1FBEB9239C6FFC0D36DE772D1
                                                                                SHA1:3F881E3B34693A96CD3D9E20D6AEABAE98757359
                                                                                SHA-256:938C497E97E893D0B9325522475AD9FB2C365A4AF832ED180B570C3E4E6FD559
                                                                                SHA-512:DB9A5B0F269BBFC9CB712D8BF170414D649CD72F0DEECCDC3A4D742430E2E29E203F7E462D2DF8F9EC2C82723A8A56FF8FD409CDCBE66547C798B15370B8DB65
                                                                                Malicious:false
                                                                                Preview:PK........mS.F................META-INF/MANIFEST.MF.{.........3.. l@ .G...D.#49A/...........Z.jTUj.{g.\.r..4y...n2.y.........s.UI.4S0=_...*....,..sn..N.p..m..C.....F|{..%Q.....m.v...6.Q.|a.k.?....}...../Q[.6..?.....*..v..P....>..O.:%.E..........o.uS..O..S..Jo....}../.........z.b.....?}_..%pL.y....h.aP.a...1....)..$..IH....v.-..q|..D.z8b..y.<...x..M.K]b=.+.0nSt.co(.-.............C.u..2.W..3...+.....9.d.......L..</..P..z+n..JR;V..K....>...D.....<.....=..+e....>L..`......g.....Os..Ly..T..a.`.}.......Z...R..S...c..z......x.U..)...J.........e..=rr..^K.....hY2.U....e........N.9..r).#!V[..`...B.......CW.}o.q......u7..h0?6.P.14N.-J.\.!u`....H..l...1'J=[.+.-.....X.9.@.......a{C.).Z..P(W.}O...%./..XG=...^..N.enV.F<..oW.|....CJ.....\x..g;v.L.Wf...N.#..*..!.L..:.MD.Vy.z.0.L..72...|.=..eB6(z....#:8D..ig....U....SO.t......0_...>S...}.L.ze....=...k&.[...U^p.$...(........m.z.....~.F..........h......z3<LO.y..4.......w.3.......,W8(..3UF.R.....J)J..q.....Z.d.;

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\ext\zipfs.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Java archive data (JAR)
                                                                                Category:dropped
                                                                                Size (bytes):68923
                                                                                Entropy (8bit):7.950933538093809
                                                                                Encrypted:false
                                                                                SSDEEP:1536:YNSe2yN5DbD630l1MIeEfqjGWb2LU2j6rnbisZp/u:Ne2yNhDVl1leEP/qn2sZk
                                                                                MD5:4D507E8D7BBF5ECEC8791CBA57B1CE17
                                                                                SHA1:A66C0D4648A06B9078252D090D596C91C591AA50
                                                                                SHA-256:C3993DF765AFF1068A656B28A7A4EDFFE7710AE3B6AA2EA056A6F9C3EDBDC210
                                                                                SHA-512:21B4E729B16947B31657DC5F7F5C75DCDA9F94B4A0ED414E11A6D02951137AC266D605855DDDA7C21BE0200EA07530962D1ECE2FAE009EAE5F2A1A365195C995
                                                                                Malicious:false
                                                                                Preview:PK........b..H................META-INF/......PK..............PK........b..H................META-INF/MANIFEST.MF..;..0...@...uhI.J6-...E.U..-..(I,..m.|Up=..;.B.:.19...Y.Y*8+M.....p,m...F.....?..zRQ..........l....C..]....cO..T.......ds...(.9,...[.~...;.....>....Y.*T6)4. .3..PK.../.?....L...PK........I..H............-...com/sun/nio/zipfs/JarFileSystemProvider.class.U]S.U.~NH.a.@..B.\.!.$.U[.X..J..H..G...$,Mv.....z....9...........Z.d..a.1.y...<..s.y...~....x&c......q..B.`B.......'b.4...'e.1%......i!f../aV.L......B,.XD..KX.......V..^..@....`SD..`[.C._0.'..p.2.EF...SV.3t-.&OW.Yn....i....vx..=..]}O.J.Y.2.m..q.Tmc.Z.....H.arW[[I.7.L...F.k.E&...../.z.J...,U. QD...%....v...".+s.-f.....e..3....."..bvu[..b..Ag.<I7U*.^J..j....~.W\.2....i.j..1C7..:..U.QM.UG.d.c`4.8.Pf..MA.E.;0...1.r..bX..$l>h..%..,h.*..."^=m.90]}.T.}'.&...B;m.-.9.\T....x.p.laD.....#..U.r..P..o...(.a.....`.E.....*1..4-......fT......H.*kN..1....r.Z"7.J+d....B5.'U...e.).!...rt...^.p3..k.8.j.:..k5T....".

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\flavormap.properties

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):4005
                                                                                Entropy (8bit):4.909684349537555
                                                                                Encrypted:false
                                                                                SSDEEP:96:5Th0S7zmtRUioj/DUXBZZjM8mcWoe+YfVktH:5h0Iz6Uioj/YXLZjnmdoeDktH
                                                                                MD5:B0CE9F297D3FEC6325C0C784072908F1
                                                                                SHA1:DD778A0E5417B9B97187215FFC66D4C14F95FEF0
                                                                                SHA-256:6DA00C1CBE02909DCD6A75DA51D25DBF49BFD1D779C0B8E57B12E757229FC4A8
                                                                                SHA-512:4C774BCB9ADE996569C86DD46B3BDB046771AD1BCF9AABB9DB86854C83E18015CBE5DF73DA86EE98E26BA0393F548B1CC09DE60BDA4248EACC4FC833E23B8AB4
                                                                                Malicious:false
                                                                                Preview:#..# This properties file is used to initialize the default..# java.awt.datatransfer.SystemFlavorMap. It contains the Win32 platform-..# specific, default mappings between common Win32 Clipboard atoms and platform-..# independent MIME type strings, which will be converted into..# java.awt.datatransfer.DataFlavors...#..# These default mappings may be augmented by specifying the..#..# AWT.DnD.flavorMapFileURL ..#..# property in the appropriate awt.properties file. The specified properties URL..# will be loaded into the SystemFlavorMap...#..# The standard format is:..#..# <native>=<MIME type>..#..# <native> should be a string identifier that the native platform will..# recognize as a valid data format. <MIME type> should specify both a MIME..# primary type and a MIME subtype separated by a '/'. The MIME type may include..# parameters, where each parameter is a key/value pair separated by '=', and..# where each parameter to the MIME type is separated by a ';'...#..# Because SystemFla

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\fontconfig.bfc

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:raw G3 (Group 3) FAX
                                                                                Category:dropped
                                                                                Size (bytes):3670
                                                                                Entropy (8bit):4.40570512634857
                                                                                Encrypted:false
                                                                                SSDEEP:96:IRsY7hGbXWvaBKvKY5csW4BxciETBT5Bxrws+LW/B56JF:At/vaBKvKY5fxci8jMWY
                                                                                MD5:E0E5428560288E685DBFFC0D2776D4A6
                                                                                SHA1:2AE70624762C163C8A1533F724AA5A511D8B208E
                                                                                SHA-256:AAE23ACC42F217A63D675F930D077939765B97E9C528B5659842515CA975111F
                                                                                SHA-512:C726CC2898399579AFA70ACACE86BEC4369D4541112243E51721568B4D25DCC6C66FA64AC475AFF9BA9DE07A630B24A9F221FA00426AD36845203BA809219E3C
                                                                                Malicious:false
                                                                                Preview:...%.........6.Y.j.{.........+...........6.=.:.-.9.;.<.3...0.4./.2.8.1.5.7......................................................................................................................................... ............... .........................................................................................................................D.C.I.F.A.G.E.B.?.@.>.H...........................................................................................!.".#.$.%.&.'.(.).*.+.+.+.+.+.J.M.U.^.f.e.X.W.d.V.R.\._.`.a.Y.O.Z.P.S.K.Q.N.[.c.L.T.].b.g.j.}...r.q.l.{.z.....p.o.|.s.k.w.~.t.x.v.y.........h.u.i.m.........n.................................................................................................................................................!......."........... .................#.(.-.2.7.<.A.F.K.P.U.[.a.g.m.s.y......................................................... .(.5.;.H.U.d.v...............................*.4.?.H.T.].i.s.~.............................".7.@.J.R.R.^.i

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\fontconfig.properties.src

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):10779
                                                                                Entropy (8bit):5.217016051711063
                                                                                Encrypted:false
                                                                                SSDEEP:192:Pj2TlKg7RzPc/mOHUFN5HX/rS8QbWZjjfVpMbtxp8lcR9NN:Pj6Y8NcFzXbWZjj9pSMlcz
                                                                                MD5:0C1DB7410938A3634BD9928BA2F284CB
                                                                                SHA1:7EE31F22136E73A2A3D0AAB279199778BAAB06F5
                                                                                SHA-256:818A718788E5506EBB84F26DE82B6C60E08861876400E9ED3931346174D5D7FB
                                                                                SHA-512:EE267E59564A077713856A307382D40D0D8DF8E7EC2EF930723B076F5E38446D3B2600D10AC192262F9A3A86D9973CF13A9E90D180818C05A6C7896A5BD7AD19
                                                                                Malicious:false
                                                                                Preview:#..# ..# Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....# Version....version=1....# Component Font Mappings....allfonts.chinese-ms936=SimSun..allfonts.chinese-ms936-extb=SimSun-ExtB..allfonts.chinese-gb18030=SimSun-18030..allfonts.chinese-gb18030-extb=SimSun-ExtB..allfonts.chinese-hkscs=MingLiU_HKSCS..allfonts.chinese-ms950-extb=MingLiU-ExtB..allfonts.devanagari=Mangal..allfonts.dingbats=Wingdings..allfonts.lucida=Lucida Sans Regular..allfonts.symbol=Symbol..allfonts.thai=Lucida Sans Regular..allfonts.georgian=Sylfaen....serif.plain.alphabetic=Times New Roman..serif.plain.chinese-ms950=MingLiU..serif.plain.chinese-ms950-extb=MingLiU-ExtB..serif.plain.hebrew=David..serif.plain.japanese=MS Mincho..serif.plain.korean=Batang....serif.bold.alphabetic=Times New Roman Bold..serif.bold.chinese-ms950=PMingLiU..serif.bold.chinese-ms9

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\fonts\LucidaBrightDemiBold.ttf

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc. Pat. Des 289,422.Lucida BrightDemiboldLucida Bright Dem
                                                                                Category:dropped
                                                                                Size (bytes):75144
                                                                                Entropy (8bit):6.849420541001734
                                                                                Encrypted:false
                                                                                SSDEEP:768:H8Jwt1GIlZ6l0/9tRWhc0x/YxvsTjyIDXCrGU/tlDaKAgKrTLznvzDJIZmjFA0zG:Mwtze9xQcQ/LDaKAgK3LLvzFogbFt5WD
                                                                                MD5:AF0C5C24EF340AEA5CCAC002177E5C09
                                                                                SHA1:B5C97F985639E19A3B712193EE48B55DDA581FD1
                                                                                SHA-256:72CEE3E6DF72AD577AF49C59DCA2D0541060F95A881845950595E5614C486244
                                                                                SHA-512:6CE87441E223543394B7242AC0CB63505888B503EC071BBF7DB857B5C935B855719B818090305E17C1197DE882CCC90612FB1E0A0E5D2731F264C663EB8DA3F9
                                                                                Malicious:false
                                                                                Preview:...........pLTSH$....#.....OS/2p.{........Vcmap.U.z...T...jcvt 8.E.........fpgm..1.........glyf@>.7...l....hdmx..(:...t..1.head.?....T...6hhea.U........$hmtx..ys...... loca..\4........maxp.8......... name..#.........postM.IA.......prepbM.h.......W.............).......).....d. ............................B&H.. . .3.D.\...... ................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~......................................................................................................P...T.@.....~.............&.. . . . . " & 0 : D t .!"!&"."."."."."."+"H"`"e%................3..... .............&.. . . . . & 0 9 D t .!"!&"."."."."."."+"H"`"d%................3.........W.......M...d...............1.....j.y........t.q._./.0.......v.t.r.p.g.T.....R..........................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\fonts\LucidaBrightDemiItalic.ttf

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc.Lucida BrightDemibold ItalicLucida Bright Demibold Itali
                                                                                Category:dropped
                                                                                Size (bytes):75124
                                                                                Entropy (8bit):6.805969666701276
                                                                                Encrypted:false
                                                                                SSDEEP:1536:lww80sTGzcKHwxWL0T+qHi/sbA06PoNORsr5sOnD0OyuusGa7bs4J:lwL0i97WL0T+qHA9cOR05FD0Oyup74w
                                                                                MD5:793AE1AB32085C8DE36541BB6B30DA7C
                                                                                SHA1:1FD1F757FEBF3E5F5FBB7FBF7A56587A40D57DE7
                                                                                SHA-256:895C5262CDB6297C13725515F849ED70609DBD7C49974A382E8BBFE4A3D75F8C
                                                                                SHA-512:A92ADDD0163F6D81C3AEABD63FF5C293E71A323F4AEDFB404F6F1CDE7F84C2A995A30DFEC84A9CAF8FFAF8E274EDD0D7822E6AABB2B0608696A360CABFC866C6
                                                                                Malicious:false
                                                                                Preview:...........pLTSH.....#.....OS/2k.{........Vcmap.U.z...T...jcvt =jC.........fpgm..1.........glyf.......h...Jhdmx.......`..1.head..X.......6hhea...;.......$hmtx.b......... loca..\....0....maxp...:...D... name .7]...d....postM..A........prep.C.f....................).......).....d. ............................B&H..!. .3.D.\...... ................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~......................................................................................................P...T.@.....~.............&.. . . . . " & 0 : D t .!"!&"."."."."."."+"H"`"e%................3..... .............&.. . . . . & 0 9 D t .!"!&"."."."."."."+"H"`"d%................3.........W.......M...d...............1.....j.y........t.q._./.0.......v.t.r.p.g.T.....R..........................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\fonts\LucidaBrightItalic.ttf

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc. Pat. Des 289,773.Lucida BrightItalicLucida Bright Itali
                                                                                Category:dropped
                                                                                Size (bytes):80856
                                                                                Entropy (8bit):6.821405620058844
                                                                                Encrypted:false
                                                                                SSDEEP:1536:jw9ESkPFybxWj1V7zbPUoOPjp85rFqXpLboVklDNTc2Wt:jwZO0xWPTU7l85rFYpLbott
                                                                                MD5:4D666869C97CDB9E1381A393FFE50A3A
                                                                                SHA1:AA5C037865C563726ECD63D61CA26443589BE425
                                                                                SHA-256:D68819A70B60FF68CA945EF5AD358C31829E43EC25024A99D17174C626575E06
                                                                                SHA-512:1D1F61E371E4A667C90C2CE315024AE6168E47FE8A5C02244DBF3DF26E8AC79F2355AC7E36D4A81D82C52149197892DAED1B4C19241575256BB4541F8B126AE2
                                                                                Malicious:false
                                                                                Preview:...........pLTSH...2..:L....OS/2p.|y.......Vcmap.U.z...T...jcvt F.;.........fpgm..1.........glyf.}.....@....hdmx?..p......1.head.A![.......6hhea.......P...$hmtx3..9...t... loca6..........maxp.......... name...p.......~postM..A...H....prep.......................).......).6...d. ............................B&H.... .3.D.\...... ................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~......................................................................................................P...T.@.....~.............&.. . . . . " & 0 : D t .!"!&"."."."."."."+"H"`"e%................3..... .............&.. . . . . & 0 9 D t .!"!&"."."."."."."+"H"`"d%................3.........W.......M...d...............1.....j.y........t.q._./.0.......v.t.r.p.g.T.....R..........................................................................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\fonts\LucidaBrightRegular.ttf

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc. Pat. Des 289,421.Lucida BrightRegularLucida Bright Regu
                                                                                Category:dropped
                                                                                Size (bytes):344908
                                                                                Entropy (8bit):6.939775499317555
                                                                                Encrypted:false
                                                                                SSDEEP:6144:oBfQeUG2CCTufrmOufymM8hvFHp277tS9iZFYSATxNm:oNQ3vCCTcaFNJw7tSgYS82
                                                                                MD5:630A6FA16C414F3DE6110E46717AAD53
                                                                                SHA1:5D7ED564791C900A8786936930BA99385653139C
                                                                                SHA-256:0FAAACA3C730857D3E50FBA1BBAD4CA2330ADD217B35E22B7E67F02809FAC923
                                                                                SHA-512:0B7CDE0FACE982B5867AEBFB92918404ADAC7FB351A9D47DCD9FE86C441CACA4DD4EC22E36B61025092220C0A8730D292DA31E9CAFD7808C56CDBF34ECD05035
                                                                                Malicious:false
                                                                                Preview:...........pLTSHN..U..=....~OS/2...S.......Vcmap..tO...T....cvt =|t>.......tfpgm..1....`....glyf.J.........Jhdmx]......D....head.WD...h...6hhea.j.........$hmtxW.6|........loca............maxp......4.... nameJO....4....rpost..g...8,..M.prep.].O.......T.............).......).....d. .............."....`........B&H..@. ...D.]...... ................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~......................................................................................................|...........~.............&.u.z.~.......................O.\.....................:.R.m.......... . . . . " & 0 : D t .!"!&!.".%....................3.b.r.t....... .............&.t.z.~.........................Q.^...................!.@.`.p........ . . . . & 0 9 D t .!"!&!.".%....................3.^.p.t.v.........W.......M......................................................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\fonts\LucidaSansDemiBold.ttf

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:TrueType Font data, 15 tables, 1st "LTSH", 19 names, Macintosh, Copyright (c) 1999, 2001 by Bigelow & Holmes Inc. Pat. Des. 289,420.Lucida SansDemiboldLucida Sa
                                                                                Category:dropped
                                                                                Size (bytes):317896
                                                                                Entropy (8bit):6.869598480468745
                                                                                Encrypted:false
                                                                                SSDEEP:6144:R5OO1ZjNDE7/MsTJ30otegK4zJwz3UhG5jXsrg2HLzYv7cf0R7o7+WX/ov2DG:bOO11CEo9xzJwljXsrhHQ7cMuX/16
                                                                                MD5:5DD099908B722236AA0C0047C56E5AF2
                                                                                SHA1:92B79FEFC35E96190250C602A8FED85276B32A95
                                                                                SHA-256:53773357D739F89BC10087AB2A829BA057649784A9ACBFFEE18A488B2DCCB9EE
                                                                                SHA-512:440534EB2076004BEA66CF9AC2CE2B37C10FBF5CC5E0DD8B8A8EDEA25E3613CE8A59FFCB2500F60528BBF871FF37F1D0A3C60396BC740CCDB4324177C38BE97A
                                                                                Malicious:false
                                                                                Preview:...........pLTSH_R.a........OS/2...........Vcmapz.$L.......Zcvt ...y...8...hfpgm..1.........glyf......\....hdmx..0A.......hhead..&..:H...6hhea......:....$hmtx.,Z:..:.....loca.~'...T.....maxp......n.... name..=%..n....Kpost$.#...s$..[?prep......d...a..........................................)........2'............'........ ....................".".............0.%...............%...........)....................... ......0 ..............................) ) ) ) ...........................................2.2.2.2.).......................................................'"'"'"1....0.........................................................................................................'.....'...........)..,...&,....#............./&.....&.&.$.....$...$........'....... ....)...."...,.......+.....'....).,.....-)..)................... ..."..................,.........(.........,........................../..2.......+.........,.#) .....................+..).........0......+...............,.,.,......

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\fonts\LucidaSansRegular.ttf

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:TrueType Font data, 18 tables, 1st "GDEF", 19 names, Macintosh, Copyright (c) 1999 by Bigelow & Holmes Inc. Pat. Des. 289,420.Lucida SansRegularLucida Sans Regu
                                                                                Category:dropped
                                                                                Size (bytes):698236
                                                                                Entropy (8bit):6.892888039120645
                                                                                Encrypted:false
                                                                                SSDEEP:12288:6obn11t7t7DxT+3+OQ64cctiOAq12ZX/DmfT6R83Sd8uvx7wSnyER4ky+SH/KPKQ:6oTJZzHniOAZ783Sd8uvx7wSnyER4kyI
                                                                                MD5:B75309B925371B38997DF1B25C1EA508
                                                                                SHA1:39CC8BCB8D4A71D4657FC92EF0B9F4E3E9E67ADD
                                                                                SHA-256:F8D877B0B64600E736DFE436753E8E11ACB022E59B5D7723D7D221D81DC2FCDE
                                                                                SHA-512:9C792EF3116833C90103F27CFD26A175AB1EB11286959F77062893A2E15DE44D79B27E5C47694CBBA734CC05A9A5BEFA72E991C7D60EAB1495AAC14C5CAD901D
                                                                                Malicious:false
                                                                                Preview:........... GDEF..|.......GPOS.......L...HGSUB.f.........LTSH...........uOS/2.#GQ...,...Vcmap..4........4cvt .y..........fpgm.!&.........glyf. ..........hdmx...M...(...\head..........6hhea...........$hmtx.S........-.loca'.c......-.maxp...Y....... nameW..r........post.&-.........prep.........................).......).....d. ...................{........B&H..@. ...D.]......`................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~..........................................................................................................".....".~...............E.u.z.~.......................O.\...............................:.R.m.............9.M.T.p.:.[.... . F p . . .!8!.!.".#.#.#!$i%.%.%.%.%.%.%.%$%,%4%<%l%.%.%.%.%.%.%.%.%.%.%.%.%.%.%.%.&.&.&.&.&<&@&B&`&c&f&k'.'.'''K'M'R'V'^'g'.'.'................ .3.....6.<.>.A.D.N.b.r.t......... .........P.......t.z.~

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\fonts\LucidaTypewriterBold.ttf

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:TrueType Font data, 13 tables, 1st "OS/2", 16 names, Macintosh, Copyright (c) 1999, 2001 by Bigelow & Holmes Inc.Lucida Sans TypewriterBoldLucida Sans Typewrite
                                                                                Category:dropped
                                                                                Size (bytes):234068
                                                                                Entropy (8bit):6.901545053424004
                                                                                Encrypted:false
                                                                                SSDEEP:6144:3BPS7w5KIMtYwqcO3GbA4MJcs2ME9UGQ2n9gM/oD:xVMtgcGGPMJcs4b9gM/4
                                                                                MD5:A0C96AA334F1AEAA799773DB3E6CBA9C
                                                                                SHA1:A5DA2EB49448F461470387C939F0E69119310E0B
                                                                                SHA-256:FC908259013B90F1CBC597A510C6DD7855BF9E7830ABE3FC3612AB4092EDCDE2
                                                                                SHA-512:A43CF773A42B4CEBF4170A6C94060EA2602D2D7FA7F6500F69758A20DC5CC3ED1793C7CEB9B44CE8640721CA919D2EF7F9568C5AF58BA6E3CF88EAE19A95E796
                                                                                Malicious:false
                                                                                Preview:...........POS/2..........VcmapW......4....cvt .M/.........fpgm..1.........glyf|......@....head.c....L...6hhea...........$hmtx.e.........tloca..h..."....xmaxp......7.... name......7.....post1..%..;h..I.prep.......4... .............3.......3...1.f................+...x.........B&H.. . ...D.]......`................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a....................................................................................................................................x...........~...............u.z.~.......................O.\...............................:.R.m...........:.[.... . . . " & 0 3 : < > D . . . . .!.!.!.!"!&!.!^!.!.".".".".".".".")"+"H"a"e#.#.#!%.%.%.%.%.%.%.%$%,%4%<%l%.%.%.%.%.%.%.%.%.%.%.%.%.%.%.&<&@&B&`&c&f&k...................3...b.r.t....... ...............t.z.~.........................Q.^.............................!.@.`.p...........?.... . . . &

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\fonts\LucidaTypewriterRegular.ttf

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:TrueType Font data, 13 tables, 1st "OS/2", 16 names, Macintosh, Copyright (c) 1999 by Bigelow & Holmes Inc.Lucida Sans TypewriterRegularLucida Sans Typewriter R
                                                                                Category:dropped
                                                                                Size (bytes):242700
                                                                                Entropy (8bit):6.936925430880877
                                                                                Encrypted:false
                                                                                SSDEEP:3072:VwzZsJcCrn271g+UGFDUnrrHqMyBtlc3+fzx5R1zeqZdDgfSkecUfEDpEXzSyPMx:GWcCrn2C46Ak+naqaucYEDpEX3gZoO9
                                                                                MD5:C1397E8D6E6ABCD727C71FCA2132E218
                                                                                SHA1:C144DCAFE4FAF2E79CFD74D8134A631F30234DB1
                                                                                SHA-256:D9D0AAB0354C3856DF81AFAC49BDC586E930A77428CB499007DDE99ED31152FF
                                                                                SHA-512:DA70826793C7023E61F272D37E2CC2983449F26926746605C550E9D614ACBF618F73D03D0C6351B9537703B05007CD822E42E6DC74423CB5CC736B31458D33B1
                                                                                Malicious:false
                                                                                Preview:...........POS/2...s.......`cmap..Rh...<....cvt m......@...<fpgm..1....|....glyf..;}...8....head.,j..2L...6hhea......2....$hmtx.....2.....loca.PB...H(....maxp.z....].... namex.R...].....post...Q..ax..I.prep.UJ....\.................).......).....d. ..............{.............B&H..@. ...D.\...... ........=..... ......................................................................................... !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~..................................................................................................................~...............u.z.~.......................O.\...............................:.R.m...........:.[.... . . . " & 0 3 : < > D . . . .!.!.!.!"!&!.!^!.!.".".".".".".".")"+"H"a"e#.#.#!%.%.%.%.%.%.%.%$%,%4%<%l%.%.%.%.%.%.%.%.%.%.%.%.%.%.%.&<&@&B&`&c&f&k.........................3...b.r.t....... ...............t.z.~.........................Q.^.............................!.@.`.p...........?..

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\hijrah-config-umalqura.properties

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):14331
                                                                                Entropy (8bit):3.512673497574481
                                                                                Encrypted:false
                                                                                SSDEEP:96:W6Zh/3dzz8XIrN2r1CdaqRWtHwBWgvw0Jy/ArUsJzu0HI:W6jhGIwxCdaqWQBWgvw0JyorBJzu0o
                                                                                MD5:6E378235FB49F30C9580686BA8A787AA
                                                                                SHA1:2FC76D9D615A35244133FC01AB7381BA49B0B149
                                                                                SHA-256:B4A0C0A98624C48A801D8EA071EC4A3D582826AC9637478814591BC6EA259D4A
                                                                                SHA-512:58558A1F8D9D3D6F0E21B1269313FD6AC9A80A93CC093A5E8CDEC495855FCD2FC95A6B54FE59E714E89D9274654BB9C1CD887B3FB9D4B9D9C50E5C5983C571B8
                                                                                Malicious:false
                                                                                Preview:# Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..# This properties file defines a Hijrah calendar variant...#..# Fields:..#..# <version> ::= 'version' '=' <version string>..# <id> ::= 'id' '=' <id string>..# <type> ::= 'type' '=' <type string>..# <iso-start> ::= 'iso-start' '=' <start date in the ISO calendar>..# <year> ::= <yyyy> '=' <nn nn nn nn nn nn nn nn nn nn nn nn>..#..# version ... (Required)..#..# id ... (Required)..# Identifies the Java Chronology..#..# type ... (Required)..# Identifies the type of calendar in the standard calendar ID scheme..# iso-start ... (Required)..# Specifies the corresponding ISO date to the first Hijrah day..# in the defined range of dates..#..# year ... (Required)..# Number of days for each month of a Hijrah year..# * Each line defines a ye

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\i386\jvm.cfg

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):657
                                                                                Entropy (8bit):4.993355967240905
                                                                                Encrypted:false
                                                                                SSDEEP:12:QcwmIzDpneoeoeoeoeoeoeoeoeoeoeoeoeoeoeoeoeoeoeoe9B7aEiwoXH3Eoe4Q:QhDpemaoXHIB5foMS1JUqf07f
                                                                                MD5:9FD47C1A487B79A12E90E7506469477B
                                                                                SHA1:7814DF0FF2EA1827C75DCD73844CA7F025998CC6
                                                                                SHA-256:A73AEA3074360CF62ADEDC0C82BC9C0C36C6A777C70DA6C544D0FBA7B2D8529E
                                                                                SHA-512:97B9D4C68AC4B534F86EFA9AF947763EE61AEE6086581D96CBF7B3DBD6FD5D9DB4B4D16772DCE6F347B44085CEF8A6EA3BFD3B84FBD9D4EF763CEF39255FBCE3
                                                                                Malicious:false
                                                                                Preview:# Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..# List of JVMs that can be used as an option to java, javac, etc...# Order is important -- first in this list is the default JVM...# NOTE that this both this file and its format are UNSUPPORTED and..# WILL GO AWAY in a future release...#..# You may also select a JVM in an arbitrary location with the..# "-XXaltjvm=<jvm_dir>" option, but that too is unsupported..# and may not be available in a future release...#..-client KNOWN..-server KNOWN..

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\images\cursors\cursors.properties

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):1320
                                                                                Entropy (8bit):5.02145006262851
                                                                                Encrypted:false
                                                                                SSDEEP:24:n3lG0Bf4dJ0qEAmG620WKG0WBph8T2AGjGg0kz8lrbfOi7:3E0Bf4qrzrlWzy+ckUfP
                                                                                MD5:01B94C63BD5E6D094E84FF3AD640FFBF
                                                                                SHA1:5570F355456250B1EC902375B0257584DB2360AE
                                                                                SHA-256:52845DEB58038B4375C30B75DD2053726872758C96597C7CC5D6CEF11F42A2BA
                                                                                SHA-512:816BE2271CF3ECF10EE40E24A288CE302B2810010BEF76EFC0CE5746591955921B70F19005335F485D61A7B216DCCE0B06750831720DD426D07709154D5FAC7A
                                                                                Malicious:false
                                                                                Preview:#..#..# Cursors Properties file..#..# Names GIF89 sources for Custom Cursors and their associated HotSpots..#..# Note: the syntax of the property name is significant and is parsed..# by java.awt.Cursor..#..# The syntax is: Cursor.<name>.<geom>.File=win32_<filename>..# Cursor.<name>.<geom>.HotSpot=<x>,<y>..#. Cursor.<name>.<geom>.Name=<localized name>..#..Cursor.CopyDrop.32x32.File=win32_CopyDrop32x32.gif..Cursor.CopyDrop.32x32.HotSpot=0,0..Cursor.CopyDrop.32x32.Name=CopyDrop32x32..#..Cursor.MoveDrop.32x32.File=win32_MoveDrop32x32.gif..Cursor.MoveDrop.32x32.HotSpot=0,0..Cursor.MoveDrop.32x32.Name=MoveDrop32x32..#..Cursor.LinkDrop.32x32.File=win32_LinkDrop32x32.gif..Cursor.LinkDrop.32x32.HotSpot=0,0..Cursor.LinkDrop.32x32.Name=LinkDrop32x32..#..Cursor.CopyNoDrop.32x32.File=win32_CopyNoDrop32x32.gif..Cursor.CopyNoDrop.32x32.HotSpot=6,2..Cursor.CopyNoDrop.32x32.Name=CopyNoDrop32x32..#..Cursor.MoveNoDrop.32x32.File=win32_MoveNoDrop32x32.gif..Cursor.MoveNoDrop.32x32.Ho

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\images\cursors\invalid32x32.gif

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:GIF image data, version 89a, 32 x 32
                                                                                Category:dropped
                                                                                Size (bytes):153
                                                                                Entropy (8bit):6.2813106319833665
                                                                                Encrypted:false
                                                                                SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                Malicious:false
                                                                                Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\images\cursors\win32_CopyDrop32x32.gif

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:GIF image data, version 89a, 31 x 32
                                                                                Category:dropped
                                                                                Size (bytes):165
                                                                                Entropy (8bit):6.347455736310776
                                                                                Encrypted:false
                                                                                SSDEEP:3:CruuU/XExlHrBwM7Qt/wCvTjh2Azr8ptBNKtWwUzJ7Ful5u44JyYChWn:KP0URwMcx3UAzADBNwUlBul5TLYMWn
                                                                                MD5:89CDF623E11AAF0407328FD3ADA32C07
                                                                                SHA1:AE813939F9A52E7B59927F531CE8757636FF8082
                                                                                SHA-256:13C783ACD580DF27207DABCCB10B3F0C14674560A23943AC7233DF7F72D4E49D
                                                                                SHA-512:2A35311D7DB5466697D7284DE75BABEE9BD0F0E2B20543332FCB6813F06DEBF2457A9C0CF569449C37F371BFEB0D81FB0D219E82B9A77ACC6BAFA07499EAC2F7
                                                                                Malicious:false
                                                                                Preview:GIF89a.. ................!.......,...... ...vL...-....F....o.U.8J..'J.....3...a...."...")..=fPHS......h.Zc.KDj........k.-mF.. V..9'......f.T....w.xW.B.....P..;

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:GIF image data, version 89a, 32 x 32
                                                                                Category:dropped
                                                                                Size (bytes):153
                                                                                Entropy (8bit):6.2813106319833665
                                                                                Encrypted:false
                                                                                SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                Malicious:false
                                                                                Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\images\cursors\win32_LinkDrop32x32.gif

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:GIF image data, version 89a, 31 x 32
                                                                                Category:dropped
                                                                                Size (bytes):168
                                                                                Entropy (8bit):6.465243369905675
                                                                                Encrypted:false
                                                                                SSDEEP:3:CruuU/XExlHrZauowM7Qt/wCvTjh2Azr8ptBNKtWwUzJZmQYRNbC1MIQvEn:KP0UpawMcx3UAzADBNwUlZaCzn
                                                                                MD5:694A59EFDE0648F49FA448A46C4D8948
                                                                                SHA1:4B3843CBD4F112A90D112A37957684C843D68E83
                                                                                SHA-256:485CBE5C5144CFCD13CC6D701CDAB96E4A6F8660CBC70A0A58F1B7916BE64198
                                                                                SHA-512:CF2DFD500AF64B63CC080151BC5B9DE59EDB99F0E31676056CF1AFBC9D6E2E5AF18DC40E393E043BBBBCB26F42D425AF71CCE6D283E838E67E61D826ED6ECD27
                                                                                Malicious:false
                                                                                Preview:GIF89a.. ................!.......,...... ...yL...-....F....o.U.8J..'J.....3...a...."...")..=fPHS......h.Zc.KDj........k.-mF.6.'.....`1]......u.Q.r.V..C......f.P..;

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:GIF image data, version 89a, 32 x 32
                                                                                Category:dropped
                                                                                Size (bytes):153
                                                                                Entropy (8bit):6.2813106319833665
                                                                                Encrypted:false
                                                                                SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                Malicious:false
                                                                                Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\images\cursors\win32_MoveDrop32x32.gif

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:GIF image data, version 89a, 31 x 32
                                                                                Category:dropped
                                                                                Size (bytes):147
                                                                                Entropy (8bit):6.147949937659802
                                                                                Encrypted:false
                                                                                SSDEEP:3:CruuU/XExlHrSauZKwM7Qt/wCvTjh2Azr8ptBNKtWXOh6WoXt2W:KP0UvEKwMcx3UAzADBNXOh6h9p
                                                                                MD5:CC8DD9AB7DDF6EFA2F3B8BCFA31115C0
                                                                                SHA1:1333F489AC0506D7DC98656A515FEEB6E87E27F9
                                                                                SHA-256:12CFCE05229DBA939CE13375D65CA7D303CE87851AE15539C02F11D1DC824338
                                                                                SHA-512:9857B329ACD0DB45EA8C16E945B4CFA6DF9445A1EF457E4B8B40740720E8C658301FC3AB8BDD242B7697A65AE1436FD444F1968BD29DA6A89725CDDE1DE387B8
                                                                                Malicious:false
                                                                                Preview:GIF89a.. ................!.......,...... ...dL...-....F....o.U.8J..'J.....3...a...."...")..=fPHS......h.Zc.KDj.....-.kj..m.....X,&.......S..;

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:GIF image data, version 89a, 32 x 32
                                                                                Category:dropped
                                                                                Size (bytes):153
                                                                                Entropy (8bit):6.2813106319833665
                                                                                Encrypted:false
                                                                                SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                Malicious:false
                                                                                Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\javafx.properties

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):58
                                                                                Entropy (8bit):4.4779965120705425
                                                                                Encrypted:false
                                                                                SSDEEP:3:CEBqRM9LTAGQdLV6ETEBqRM9LHQIuHPy:CEAsnAbLlszQdy
                                                                                MD5:3C2B9CCAAD3D986E5874E8C0F82C37CF
                                                                                SHA1:D1DDA4A2D5D37249C8878437DBF36C6AE61C33D1
                                                                                SHA-256:D5BCD7D43E383D33B904CFF6C80ACE359DBE2CE2796E51E9743358BD650E4198
                                                                                SHA-512:4350CCA847D214479C6AE430EB71EE98A220EA10EC175D0AB317A8B43ABC9B4054E41D0FF383F26D593DE825F761FB93704E37292831900F31E5E38167A41BAB
                                                                                Malicious:false
                                                                                Preview:javafx.runtime.version=8.0.101..javafx.runtime.build=b13..

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\javaws.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Java archive data (JAR)
                                                                                Category:dropped
                                                                                Size (bytes):476286
                                                                                Entropy (8bit):7.905283162751186
                                                                                Encrypted:false
                                                                                SSDEEP:12288:k4VtaECp5plmgYhuWvHuR9Ta/+Aw7okxygk+W:kUChlHYHMaHw7XxW
                                                                                MD5:5D8C1723F3005BD63DBA2B478CE15621
                                                                                SHA1:AB26A6167789DCF81A0C40D121DC91005804C703
                                                                                SHA-256:B637B78CFC33C92D4838D5FABFD0647CE03C3EF69D86EF6A7E6F229510AAF3B5
                                                                                SHA-512:9830CCDFE913A492BB4E0015EE3E729BEA8EC1F22EDF48ED7CE2AEFD5376DF24F33948B9155E31EDFA9BC240544406FD2C43A34DD1366E4936B3318D3CA5ED1C
                                                                                Malicious:false
                                                                                Preview:PK...........H................META-INF/....PK...........H...7Z...e.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%...y...R.KRSt.*...L....u....4....sR......K..5y.x..PK...........H................com/PK...........H................com/sun/PK...........H................com/sun/javaws/PK...........H................com/sun/javaws/exceptions/PK...........H................com/sun/javaws/jnl/PK...........H................com/sun/javaws/net/PK...........H................com/sun/javaws/net/protocol/PK...........H............ ...com/sun/javaws/net/protocol/jar/PK...........H................com/sun/javaws/progress/PK...........H................com/sun/javaws/security/PK...........H................com/sun/javaws/ui/PK...........H................com/sun/javaws/util/PK...........H................com/sun/jnlp/PK...........H................javax/PK...........H................javax/jnlp/PK...........H~p4=........#...com/sun/javaws/BrowserSupport.class.RMO.1.}...].H @.|.|(...P..B.....

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\jce.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                Category:dropped
                                                                                Size (bytes):114950
                                                                                Entropy (8bit):7.912507028584016
                                                                                Encrypted:false
                                                                                SSDEEP:1536:5sNJO+ylt6se6sgU0w/XzGYWuSy15DudYLSfaxwpt5g1naZEqwoJ8sYcF+z/VSG8:aj8GHXZSy1pudYLdQe1ATtKVS+ws9O
                                                                                MD5:A39F61D6ED2585519D7AF1E2EA029F59
                                                                                SHA1:52515AC6DEAB634F3495FD724DEA643EE442B8FD
                                                                                SHA-256:60724D9E372FBE42759349A06D3426380CA2B9162FA01EB2C3587A58A34AD7E0
                                                                                SHA-512:AC2E9AB749F5365BE0FB8EBD321E8F231D22EAE396053745F047FCBCCF8D3DE2F737D3C37A52C715ADDFBDBD18F14809E8B37B382B018B58A76E063EFBA96948
                                                                                Malicious:false
                                                                                Preview:PK........gwHG................META-INF/MANIFEST.MF.Y....Y.C,j.m.,....z..I &1.m....b........D..+.$t......]....h.o......x...~..?..<@....7#n3.......m../\..u..>.....#......~.K..A..x ..../J...xa..,.._...G...?^...{...>.uj.AQ?^h....c_.pc..W....c.A..`....-.~ak.....^.&.......l.......X.kG.~yg..f......Z..b..L|......4....`..}........mG.o.....kU..*;W.HCU....e.....V..,...1Y.z<.n.A.j.....P..S.($,z........uD".9;..q...k.:p3pW......O...(....\.B...2...#.,.;w.q..k0r.el\F.^.!p..$.....}.9..lhf.P..:.E.&Lf..5.7....W.A.....[7.N}..+.J!.9.Gl.... ...rL.B}.Q.,.'.....@...W.ry[Ok&.......o...dp%..2.\.[2.........fB.p..Xd._.lA....xw..`.r..8...o.....ad}-..;...6....e...F.&e\....'...fA.Db.......%.@..^..U...*..q<.Z.K.T...."r.b...7@8.)4..~.4b....Y.q..u..N..|...e.#.I....4c{.....g.R....]......F.fo.F.u.).F.Z]..(.c|s....u.i..8..=..N%....]...)Xj\..t..w..ql..n.....2..u...|x$7YL.M.?..]..W...m^].~...{....I..{......[-..].f....Sc..c..6..kN.>....7x.k..a7S......8..e.w....*......&.;.

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\jfr.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Java archive data (JAR)
                                                                                Category:dropped
                                                                                Size (bytes):560553
                                                                                Entropy (8bit):5.781566946934384
                                                                                Encrypted:false
                                                                                SSDEEP:12288:G5l+qU67FYWg+YWgYWeoXqgYSq8eh2f/m5NwaHkSIJHvWQ6Q7ooMcgH5lY7TQ5cD:G5l+qU67FYWg+YWgYWeoXqgYSq8eh2f3
                                                                                MD5:CCB395235C35C3ACBA592B21138CC6AB
                                                                                SHA1:29C463AA4780F13E77FB08CC151F68CA2B2958D5
                                                                                SHA-256:27AD8EA5192EE2D91BA7A0EACE9843CB19F5E145259466158C2F48C971EB7B8F
                                                                                SHA-512:D4C330741387F62DD6E52B41167CB11ABD8615675FE7E1C14AE05A52F87A348CBC64B56866AE313B2906B33CE98BE73681F769A4A54F6FE9A7D056F88CF9A4E1
                                                                                Malicious:false
                                                                                Preview:PK........t..H................META-INF/....PK........t..H.s0>...>.......META-INF/MANIFEST.MFManifest-Version: 1.0..Implementation-Vendor: Oracle Corporation..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_101..Specification-Vendor: Oracle Corporation..Created-By: 1.7.0_07 (Oracle Corporation)..Specification-Title: Java Platform API Specification..Specification-Version: 1.8....PK...........HB.<>^...^...8...com/oracle/jrockit/jfr/client/EventSettingsBuilder.class.......4....5.f..g....f..4.h..4.i..j....f..4.k..l....m..4.n..o....f..4.p..q..r....f....s....t....u....v..w..x..y....z..{....|....}....~.................................#.........................)...................................................eventDefaultSets...Ljava/util/ArrayList;...Signature..DLjava/util/ArrayList<Loracle/jrockit/jfr/settings/EventDefaultSet;>;...settings..ALjava/util/ArrayList<Loracle/jrockit/jfr/settings/EventSetting;>;...eventDescriptorType..2Loracle/jrockit/jfr/openmbean/

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\jfr\default.jfc

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):20670
                                                                                Entropy (8bit):4.627043889535612
                                                                                Encrypted:false
                                                                                SSDEEP:192:VOMjUVCEM0Ut0ZINFWbqsZSwOVzx8xyxxxbAJ1muS7khPdyPsXZd2ZhptEgReW82:VONVTVgF9SsTMLA
                                                                                MD5:47495DA4E7B3AF33F5C3ED1E35AC25AE
                                                                                SHA1:F6DE88A4C6AE0C14B9F875FB4BC4721A104CB0EE
                                                                                SHA-256:37D19EAC73DEEB613FBB539AE7E7C99339939EB3EFEC44E9EB45F68426E9F159
                                                                                SHA-512:74DBEB118575B8881D5B43270EF878162DBDC222AC6D20F04699B2B733427347ABC76D6E82BF7728FCC435129B114E4C75D011FC5DDDEAF5A59E137BBC81F2B9
                                                                                Malicious:false
                                                                                Preview:<?xml version="1.0" encoding="UTF-8"?>.... .. Recommended way to edit .jfc files is to use Java Mission Control,.. see Window -> Flight Recorder Template Manager...-->....<configuration version="1.0" name="Continuous" description="Low overhead configuration safe for continuous use in production environments, typically less than 1 % overhead." provider="Oracle">.... <producer uri="http://www.oracle.com/hotspot/jvm/" label="Oracle JDK">.... <control>.... .. Contents of the control element is not read by the JVM, it's used.. by Java Mission Control to change settings that carry the control attribute... -->.... <selection name="gc-level" default="detailed" label="Garbage Collector">.. <option label="Off" name="off">off</option>.. <option label="Normal" name="detailed">normal</option>.. <option label="All" name="all">all</option>.. </selection>.... <condition name="gc-enabled-normal" true="true" false="fals

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\jfr\profile.jfc

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):20626
                                                                                Entropy (8bit):4.626761353117893
                                                                                Encrypted:false
                                                                                SSDEEP:192:VeMjUECOwMsUt0ZINFWbqeZSwOVza8ayaxabAJ1duSikhPdyPsXZd2ZhptEgReWL:VeNEg/gF/ZnixLy
                                                                                MD5:5480BEF2CA99090857E5CBF225C12A78
                                                                                SHA1:E1F73CA807EC14941656FBE3DB6E5E5D9032041D
                                                                                SHA-256:5FB0982C99D6BF258335FB43AAAE91919804C573DFD87B51E05C54ADB3C0392B
                                                                                SHA-512:65FE0D6DA17E62CF29875910EB84D57BC5BB667C753369B4F810028C0995E63C322FAD2EB99658B6C19E11E8D2A40CB11B3C09943EB9C0B88F45626579ECE058
                                                                                Malicious:false
                                                                                Preview:<?xml version="1.0" encoding="UTF-8"?>.... .. Recommended way to edit .jfc files is to use Java Mission Control,.. see Window -> Flight Recorder Template Manager...-->....<configuration version="1.0" name="Profiling" description="Low overhead configuration for profiling, typically around 2 % overhead." provider="Oracle">.... <producer uri="http://www.oracle.com/hotspot/jvm/" label="Oracle JDK">.... <control>.... .. Contents of the control element is not read by the JVM, it's used.. by Java Mission Control to change settings that carry the control attribute... -->.... <selection name="gc-level" default="detailed" label="Garbage Collector">.. <option label="Off" name="off">off</option>.. <option label="Normal" name="detailed">normal</option>.. <option label="All" name="all">all</option>.. </selection>.... <condition name="gc-enabled-normal" true="true" false="false">.. <or>.. <test name="

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\jfxswt.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Java archive data (JAR)
                                                                                Category:dropped
                                                                                Size (bytes):33932
                                                                                Entropy (8bit):7.930702746433849
                                                                                Encrypted:false
                                                                                SSDEEP:768:xYJfTGikW6VajSe/SA5vN9kqizE48ojVxQYuW+t:xY5TpkK/nFNIzptjVxYHt
                                                                                MD5:C401E00A5DE0DD9723885CEF9E2F5A44
                                                                                SHA1:B6735B93811517F062A20869D8A0B57FAEFF6A90
                                                                                SHA-256:C6574F4763696F2A83028DE143D9ED1C975062BA2D44CC5C91558751FB84BCD6
                                                                                SHA-512:595B950AD5BFF930654BF7FB996BA222D19B4F175821AB0FD6EC4F54D4B7D62B37757429051D1302BC438AB76350B4CD0A07BA712CAECC79DCDB0C60494B5AB2
                                                                                Malicious:false
                                                                                Preview:PK...........H................META-INF/....PK...........H.E..Z...g.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%-..x...R.KRSt.*A.-...M.t....4....sR......K..5y.x..PK...........H................javafx/PK...........H................javafx/embed/PK...........H................javafx/embed/swt/PK...........Hj...........%...javafx/embed/swt/CustomTransfer.class.T[S.F.=.MX(..!............8..`h.d....." yd..........4....%..k.N..ka.83..[.....|+...........#.OD..1...1.1.S1....*>..I..TL.....Y..*.S.q.-KAja..6.M.Y7V|.v...e............+...u...Z.....Z......k...O.v.....x..f...M.v...~I....j.N.(.R.... ..n.%).l:.N..,J...-.%.os:.v.K..V.._p.u.l..e...S5...^.....3+.Yy.h.RtGR..y.)..~...g..R.;5K...{.G.*..X.JP....D....8..[3.g...'d.e#Z.|c.j.t..F.w..t.W.j.,K[q.^..E.=M.a..6d.Z..yV.....=..........:.WG.............RA.<......qT...,*.=.....t\......(aI.2.....!..Jp.,..<.x..n.S....N.K.e.W....N.-..`....hmQ.E.fGE..$..n...4I{.......l_.)......?.Z>...t

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\jsse.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Java archive data (JAR)
                                                                                Category:dropped
                                                                                Size (bytes):633957
                                                                                Entropy (8bit):6.018176262975427
                                                                                Encrypted:false
                                                                                SSDEEP:6144:ABoQeW0HKwYGORU+ehqEmke1WEAibVR0GPs4j8GgflXhuuMAjYDTj:Uo40WGdNmpb3DP75
                                                                                MD5:FD1434C81219C385F30B07E33CEF9F30
                                                                                SHA1:0B5EE897864C8605EF69F66DFE1E15729CFCBC59
                                                                                SHA-256:BC3A736E08E68ACE28C68B0621DCCFB76C1063BD28D7BD8FCE7B20E7B7526CC5
                                                                                SHA-512:9A778A3843744F1FABAD960AA22880D37C30B1CAB29E123170D853C9469DC54A81E81A9070E1DE1BF63BA527C332BB2B1F1D872907F3BDCE33A6898A02FEF22D
                                                                                Malicious:false
                                                                                Preview:PK........u..H................META-INF/....PK........u..H.s0>...>.......META-INF/MANIFEST.MFManifest-Version: 1.0..Implementation-Vendor: Oracle Corporation..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_101..Specification-Vendor: Oracle Corporation..Created-By: 1.7.0_07 (Oracle Corporation)..Specification-Title: Java Platform API Specification..Specification-Version: 1.8....PK...........H....E...E...+...com/sun/net/ssl/internal/ssl/Provider.class.......4...............................serialVersionUID...J...ConstantValue.,..c".J-...<init>...()V...Code...LineNumberTable...(Ljava/security/Provider;)V...(Ljava/lang/String;)V...isFIPS...()Z...install...SourceFile...Provider.java......................%com/sun/net/ssl/internal/ssl/Provider...sun/security/ssl/SunJSSE.1.......................................!........*...................)...*............."........*+......................./............."........*+...................3...4.)........................

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\jvm.hprof.txt

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Algol 68 source, ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):4312
                                                                                Entropy (8bit):4.756104846669624
                                                                                Encrypted:false
                                                                                SSDEEP:96:6VprYJmprYJD9Y3t3qFKPG7hLxVJgdTsfbFfcwQoPv:6HrsursD9Y3t36KPG7HyoBQoX
                                                                                MD5:AD91D69A4129D31D72FBE288FF967943
                                                                                SHA1:CB510AFCDBECEA3538C3F841C0440194573DBB65
                                                                                SHA-256:235A50D958FAEDDE808D071705A6D603F97611F568EEC40D7444984B984A4B18
                                                                                SHA-512:600BEE4676D26E2CE5B9171582540021509A4D7888C9C7BADC14F0FAD07007E4CE2B4C007A8EB15BD0D977722B8B34442012EA972FFBD72797475A56CDFD86EE
                                                                                Malicious:false
                                                                                Preview:Copyright (c) 2003, 2005, Oracle and/or its affiliates. All rights reserved.....Redistribution and use in source and binary forms, with or without..modification, are permitted provided that the following conditions..are met:.... - Redistributions of source code must retain the above copyright.. notice, this list of conditions and the following disclaimer..... - Redistributions in binary form must reproduce the above copyright.. notice, this list of conditions and the following disclaimer in the.. documentation and/or other materials provided with the distribution..... - Neither the name of Oracle nor the names of its.. contributors may be used to endorse or promote products derived.. from this software without specific prior written permission.....THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS..IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,..THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR..PURP

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\logging.properties

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):2514
                                                                                Entropy (8bit):4.525846572478507
                                                                                Encrypted:false
                                                                                SSDEEP:48:/GXieQT8cg6ZGBjn4stbaWUwO61xFMxO9:OXieW8nBjn4x613Mw9
                                                                                MD5:0AA5D5EFDB4F2B92BEBBEB4160AA808B
                                                                                SHA1:C6F1B311A4D0790AF8C16C1CA9599D043BA99E90
                                                                                SHA-256:A3148336160EA7EF451052D1F435F7C9D96EEB738105AC730358EDADA5BD45A2
                                                                                SHA-512:A52C2B784CF0B01A2AF3066F4BB8E7FD890A86CFD82359A22266341942A25333D4C63BA2C02AA43ADE872357FC9C8BBC60D311B2AF2AD2634D60377A2294AFDD
                                                                                Malicious:false
                                                                                Preview:############################################################..# .Default Logging Configuration File..#..# You can use a different file by specifying a filename..# with the java.util.logging.config.file system property. ..# For example java -Djava.util.logging.config.file=myfile..############################################################....############################################################..# .Global properties..############################################################....# "handlers" specifies a comma separated list of log Handler ..# classes. These handlers will be installed during VM startup...# Note that these classes must be on the system classpath...# By default we only configure a ConsoleHandler, which will only..# show messages at the INFO and above levels...handlers= java.util.logging.ConsoleHandler....# To also add the FileHandler, use the following line instead...#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler....# Default global

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\management-agent.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Java archive data (JAR)
                                                                                Category:dropped
                                                                                Size (bytes):381
                                                                                Entropy (8bit):4.99308306420453
                                                                                Encrypted:false
                                                                                SSDEEP:6:5ji0B4r/Rjiszbdy/oocj+sqX2K5YZ5/CUMQxxi6m4xijgxmzbdGh/4:5ji0GJjiIq1cCvXPA/CUMQxoeocx2K/4
                                                                                MD5:B608D45DCDD7A4CAD6A63A89A002F683
                                                                                SHA1:F6E3BB7050C3B1A3BED9B33122C4A98E6B9A810D
                                                                                SHA-256:52CA96531445B437DCA524CB3714FCD8D70221D37A6B9C80F816713C3040DD0A
                                                                                SHA-512:407E7CA807826F0E41B085BCA0F54F0134E3B9AC16FA5480EDE02774067DAD46AA07D225BA2981DEC2A7297EA57721EAB8C54E8BED83D352EC6C00ABFDBBF626
                                                                                Malicious:false
                                                                                Preview:PK........t..H................META-INF/......PK..............PK........t..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r9....:.$..[).....&.%....E..r.\.E....y...r..PK.....k.......PK..........t..H..............................META-INF/....PK..........t..H...k.....................=...META-INF/MANIFEST.MFPK..........}.........

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\management\jmxremote.access

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):4077
                                                                                Entropy (8bit):4.472483528668558
                                                                                Encrypted:false
                                                                                SSDEEP:96:eii7cSoFKfgCe/D4dtQN+wvohSoVGPbPvRZUIpeDMy:eiiISokfXeEk+wQhnMPbnRZR7y
                                                                                MD5:41B36D832BE39A3CF0F3D7760E55FDCB
                                                                                SHA1:E706E9BE75604A13DFCC5A96B1720A544D76348B
                                                                                SHA-256:71A930CBE577CBABB4269650C98D227F739E0D4B9C0B44830DD3D52F5015BE1F
                                                                                SHA-512:41E6B8639C1CEB3D09D2FDEEEBA89FFA17C4ED8B1AD0DF1E5AB46C4BF178688D5504DC5A3C854226F7DA23DFA0EDAB0D035D6B56495829F43AAA2A7BABEC4273
                                                                                Malicious:false
                                                                                Preview:######################################################################..# Default Access Control File for Remote JMX(TM) Monitoring..######################################################################..#..# Access control file for Remote JMX API access to monitoring...# This file defines the allowed access for different roles. The..# password file (jmxremote.password by default) defines the roles and their..# passwords. To be functional, a role must have an entry in..# both the password and the access files...#..# The default location of this file is $JRE/lib/management/jmxremote.access..# You can specify an alternate location by specifying a property in ..# the management config file $JRE/lib/management/management.properties..# (See that file for details)..#..# The file format for password and access files is syntactically the same..# as the Properties file format. The syntax is described in the Javadoc..# for java.util.Properties.load...# A typical access file has multiple

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\management\jmxremote.password.template

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):2920
                                                                                Entropy (8bit):4.545881645777106
                                                                                Encrypted:false
                                                                                SSDEEP:48:MRSflLrmpop7JN/PgP8KAeoYsnZyhNMVJKWfVStEqwP0pba:Mkv7ngUZYsnRnfYdhE
                                                                                MD5:5DD28AAF5A06C946DF7B223F33482FDF
                                                                                SHA1:D09118D402CA3BA625B165ECACE863466D7F4CE9
                                                                                SHA-256:24674176A4C0E5EEFB9285691764EA06585D90BBDAF5BF40C4220DE7CA3E3175
                                                                                SHA-512:13C6F37E969A5AECE2B2F938FA8EBF6A72C0C173678A026E77C35871E4AE89404585FB1A3516AE2CA336FC47EAB1F3DD2009123ADBA9C437CD76BA654401CBDF
                                                                                Malicious:false
                                                                                Preview:# ----------------------------------------------------------------------..# Template for jmxremote.password..#..# o Copy this template to jmxremote.password..# o Set the user/password entries in jmxremote.password..# o Change the permission of jmxremote.password to read-only..# by the owner...#..# See below for the location of jmxremote.password file...# ----------------------------------------------------------------------....##############################################################..# Password File for Remote JMX Monitoring..##############################################################..#..# Password file for Remote JMX API access to monitoring. This..# file defines the different roles and their passwords. The access..# control file (jmxremote.access by default) defines the allowed..# access for each role. To be functional, a role must have an entry..# in both the password and the access files...#..# Default location of this file is $JRE/lib/management/jmx

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\management\management.properties

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):14415
                                                                                Entropy (8bit):4.623139916889837
                                                                                Encrypted:false
                                                                                SSDEEP:192:PLrOKIXaIr8Jzc90OEqfmdbHHHN6pDIdpgzri:PLrOKIXaIgYiOE0mdbHHHNGD4p0+
                                                                                MD5:054E093240388F0322604619EF643F18
                                                                                SHA1:6E110C2A5D813013E9C57700BE8B0D17896E950C
                                                                                SHA-256:BF41D73EAB0DA8222FE24255E1BBF68327FB02B1A4F1E7A81B9C7B539033FFB2
                                                                                SHA-512:BD60C6271CDEFFFF4563E6E2CF97C176D86F160092D1FFCBE7EEFE714BA75DDC5FB4E848A5FDBE7A1D1510720D92AF6A176A76DE2CC599F27E4BEAE8E692C5D3
                                                                                Malicious:false
                                                                                Preview:#####################################################################..#.Default Configuration File for Java Platform Management..#####################################################################..#..# The Management Configuration file (in java.util.Properties format)..# will be read if one of the following system properties is set:..# -Dcom.sun.management.jmxremote.port=<port-number>..# or -Dcom.sun.management.snmp.port=<port-number>..# or -Dcom.sun.management.config.file=<this-file>..#..# The default Management Configuration file is:..#..# $JRE/lib/management/management.properties..#..# Another location for the Management Configuration File can be specified..# by the following property on the Java command line:..#..# -Dcom.sun.management.config.file=<this-file>..#..# If -Dcom.sun.management.config.file=<this-file> is set, the port..# number for the management agent can be specified in the config file..# using the following lines:..#..# ################ Management Agen

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\management\snmp.acl.template

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):3486
                                                                                Entropy (8bit):4.4357861198752975
                                                                                Encrypted:false
                                                                                SSDEEP:48:MlXHR6+76EX0o8KA0Esns+ek2OrRC9AUE4T7AKQi2r8BKS3GpPsDu0cpUxJAJKk3:M9HRb7l0FAEsnJKmS32X00h
                                                                                MD5:9D9EC1BB9E357BBFB72B077E4AF5F63F
                                                                                SHA1:6484B03DBE9687216429D3A6F916773C060E15CE
                                                                                SHA-256:8B02A29BC61B0F7203DF7CA94140F80D2C6A1138064E0441DFD621CF243A0339
                                                                                SHA-512:5FE39BBFCA806CE45871A6223D80FA731EFAA5D31C3B97EE055AB77EAF3833342945F39E9858335D9DD358B4B7F984FFADE741452E19B60B8E510AA74AC02C00
                                                                                Malicious:false
                                                                                Preview:# ----------------------------------------------------------------------..# Template for SNMP Access Control List File..#..# o Copy this template to snmp.acl..# o Set access control for SNMP support..# o Change the permission of snmp.acl to be read-only..# by the owner...#..# See below for the location of snmp.acl file...# ----------------------------------------------------------------------....############################################################..# SNMP Access Control List File ..############################################################..#..# Default location of this file is $JRE/lib/management/snmp.acl...# You can specify an alternate location by specifying a property in ..# the management config file $JRE/lib/management/management.properties..# or by specifying a system property (See that file for details)...#......##############################################################..# File permissions of the snmp.acl file..######################

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\meta-index

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):2126
                                                                                Entropy (8bit):4.970874214349507
                                                                                Encrypted:false
                                                                                SSDEEP:48:EE796OfeCiuG2M5tP5iMmC5KOAY2HQii+r4IzteKk:EnEiuGJbP5lmC5KOA3HQii+EIz8Kk
                                                                                MD5:91AA6EA7320140F30379F758D626E59D
                                                                                SHA1:3BE2FEBE28723B1033CCDAA110EAF59BBD6D1F96
                                                                                SHA-256:4AF21954CDF398D1EAE795B6886CA2581DAC9F2F1D41C98C6ED9B5DBC3E3C1D4
                                                                                SHA-512:03428803F1D644D89EB4C0DCBDEA93ACAAC366D35FC1356CCABF83473F4FEF7924EDB771E44C721103CEC22D94A179F092D1BFD1C0A62130F076EB82A826D7CB
                                                                                Malicious:false
                                                                                Preview:% VERSION 2..% WARNING: this file is auto-generated; do not edit..% UNSUPPORTED: this file and its format may change and/or..% may be removed in a future release..# charsets.jar..sun/nio..sun/awt..# jce.jar..javax/crypto..sun/security..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# jfr.jar..oracle/jrockit/..jdk/jfr..com/oracle/jrockit/..! jsse.jar..sun/security..com/sun/net/..! management-agent.jar..@ resources.jar..com/sun/java/util/jar/pack/..META-INF/services/sun.util.spi.XmlPropertiesProvider..META-INF/services/javax.print.PrintServiceLookup..com/sun/corba/..META-INF/services/javax.sound.midi.spi.SoundbankReader..sun/print..META-INF/services/javax.sound.midi.spi.MidiFileReader..META-INF/services/sun.java2d.cmm.CMMServiceProvider..javax/swing..META-INF/services/javax.sound.sampled.spi.AudioFileReader..META-INF/services/javax.sound.midi.spi.MidiDeviceProvider..sun/net..META-INF/services/javax.sound.sampled.spi.AudioFileWriter..com/sun/imageio/..META-INF/services/sun.java2d.pipe.Ren

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\net.properties

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):3144
                                                                                Entropy (8bit):4.858724831876285
                                                                                Encrypted:false
                                                                                SSDEEP:48:VBnTRxiW1nTbXMROXX6zcjd6vEzcoZDTzcj8L0zccfbb6wB:VBnvisPMQ6z+zPVzv0zVfvT
                                                                                MD5:1CBB261944925044B1EE119DC0563D05
                                                                                SHA1:05F2F63047F4D82F37DFA59153309E53CAA4675C
                                                                                SHA-256:5BAF75BDD504B2C80FF5B98F929A16B04E9CB06AA8AAE30C144B5B40FEBE0906
                                                                                SHA-512:C964A92BE25BACF11D20B61365930CAB28517D164D9AE4997651E2B715AA65628E45FA4BD236CCD507C65E5D85A470FD165F207F446186D22AE4BD46A04006E6
                                                                                Malicious:false
                                                                                Preview:############################################################..# .Default Networking Configuration File..#..# This file may contain default values for the networking system properties...# These values are only used when the system properties are not specified..# on the command line or set programatically...# For now, only the various proxy settings can be configured here...############################################################....# Whether or not the DefaultProxySelector will default to System Proxy..# settings when they do exist...# Set it to 'true' to enable this feature and check for platform..# specific proxy settings..# Note that the system properties that do explicitely set proxies..# (like http.proxyHost) do take precedence over the system settings..# even if java.net.useSystemProxies is set to true... ..java.net.useSystemProxies=false....#------------------------------------------------------------------------..# Proxy configuration for the various protocol handlers...# D

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\plugin.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Java archive data (JAR)
                                                                                Category:dropped
                                                                                Size (bytes):1012097
                                                                                Entropy (8bit):7.896417877823185
                                                                                Encrypted:false
                                                                                SSDEEP:24576:q7jNpf26MPAMSL/wxSz2ijt2eejo+oV3vv:6NVZEaL4xSljt2eHNV3
                                                                                MD5:54EF6C22FAAAE5850091031763078D37
                                                                                SHA1:11D40B78BB606E245CB5E17C6DDB08193A34B40E
                                                                                SHA-256:654B033B1DC315EB9806F0D35ABAF3F25064AC806292ACB2BD818F6B2DF2AD07
                                                                                SHA-512:10998B6508D5571E1ECE2001C6E561169D3DBD7580A3DE439067D1195FBE85E6BD1729A0874E306234391AF963E1B062050276E1AC0E9C9FA289711738B41B31
                                                                                Malicious:false
                                                                                Preview:PK........!..H................META-INF/....PK........ ..H...7Z...e.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%...y...R.KRSt.*...L....u....4....sR......K..5y.x..PK...........H................com/PK...........H................com/sun/PK...........H................com/sun/deploy/PK...........H................com/sun/deploy/uitoolkit/PK...........H................com/sun/deploy/uitoolkit/impl/PK........!..H............"...com/sun/deploy/uitoolkit/impl/awt/PK...........H............#...com/sun/deploy/uitoolkit/impl/text/PK...........H................com/sun/deploy/uitoolkit/ui/PK...........H................com/sun/java/PK...........H................com/sun/java/browser/PK...........H................com/sun/java/browser/plugin2/PK...........H............)...com/sun/java/browser/plugin2/liveconnect/PK...........H............,...com/sun/java/browser/plugin2/liveconnect/v1/PK...........H................netscape/PK...........H................netscape/javascript/PK.........

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\psfont.properties.ja

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):2915
                                                                                Entropy (8bit):5.2172692442941075
                                                                                Encrypted:false
                                                                                SSDEEP:48:GgQv18IsTJvuUdEt6u7KeblbhGwQEvzZIE+i+WEi+Iq4fNSg2kv:Gb6Xha1hFGwQEvdh+5g2kv
                                                                                MD5:A38587427E422D55B012FA3E5C9436D2
                                                                                SHA1:7BD1B81B39DA78124BE045507E0681E860921DBB
                                                                                SHA-256:D2C47DE948033ED836B375CCD518CF55333FE11C4CED56BC1CE2FF62114CF546
                                                                                SHA-512:EA6CA975E9308ED2B3BBCCE91EE61142DAB0067CE8F17CB469929F6136E6B4A968BAC838141D8B38866F9EF5E15E156400859CCCC84FB114214E19556F0DC636
                                                                                Malicious:false
                                                                                Preview:#..#..# Copyright (c) 1996, 2000, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....#..#.Japanese PostScript printer property file..#..font.num=16..#..serif=serif..timesroman=serif..sansserif=sansserif..helvetica=sansserif..monospaced=monospaced..courier=monospaced..dialog=sansserif..dialoginput=monospaced..#..serif.latin1.plain=Times-Roman..serif.latin1.italic=Times-Italic..serif.latin1.bolditalic=Times-BoldItalic..serif.latin1.bold=Times-Bold..#..sansserif.latin1.plain=Helvetica..sansserif.latin1.italic=Helvetica-Oblique..sansserif.latin1.bolditalic=Helvetica-BoldOblique..sansserif.latin1.bold=Helvetica-Bold..#..monospaced.latin1.plain=Courier..monospaced.latin1.italic=Courier-Oblique..monospaced.latin1.bolditalic=Courier-BoldOblique..monospaced.latin1.bold=Courier-Bold..#..serif.x11jis0208.plain=Ryumin-Light-H..serif.x11jis0208.italic=Ryumin-Light-H

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\psfontj2d.properties

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):10716
                                                                                Entropy (8bit):5.016037435830914
                                                                                Encrypted:false
                                                                                SSDEEP:192:Jp22HdiEUEdWUcPeJ7fbdHmcbiLMWNDyZcy57ha1xh3qvfRdIdyJkW:u2HdiEUEdGY1gbD9TKdIdyJkW
                                                                                MD5:66B3E6770C291FE8CD3240FFBB00DC47
                                                                                SHA1:88CE9D723A2D4A07FD2032A8B4A742FE323EEC8F
                                                                                SHA-256:7EA6E05D3B8B51D03C3D6548E709C220541DF0F1AEE2E69B9101C9F051F7C17A
                                                                                SHA-512:D1B99AA011568AFFA415758C986B427588AE87FE5EB7FC52D519F7167AD46BBFF8B62799F14D8DBC7C55DEB6FF7259445D6E8882CC781D61206ED1B79B688745
                                                                                Malicious:false
                                                                                Preview:#..#..# Copyright (c) 1999, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....#..#.PostScript printer property file for Java 2D printing...#..# WARNING: This is an internal implementation file, not a public file...# Any customisation or reliance on the existence of this file and its..# contents or syntax is discouraged and unsupported...# It may be incompatibly changed or removed without any notice...#..#..font.num=35..#..# Legacy logical font family names and logical font aliases should all..# map to the primary logical font names...#..serif=serif..times=serif..timesroman=serif..sansserif=sansserif..helvetica=sansserif..dialog=sansserif..dialoginput=monospaced..monospaced=monospaced..courier=monospaced..#..# Next, physical fonts which can be safely mapped to standard postscript fonts..# These keys generally map to a value which is the same as the key, so

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\resources.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Java archive data (JAR)
                                                                                Category:dropped
                                                                                Size (bytes):3490933
                                                                                Entropy (8bit):6.067002853185717
                                                                                Encrypted:false
                                                                                SSDEEP:49152:WX4zfeUcKDQ1toKXiO3fLxqhH3YRazQwIK7XgnyRMvMtMm55HopLKbtJzUkMkOBV:GL
                                                                                MD5:9A084B91667E7437574236CD27B7C688
                                                                                SHA1:D8926CC4AA12D6FE9ABE64C8C3CB8BC0F594C5B1
                                                                                SHA-256:A1366A75454FC0F1CA5A14EA03B4927BB8584D6D5B402DFA453122AE16DBF22D
                                                                                SHA-512:D603AA29E1F6EEFFF4B15C7EBC8A0FA18E090D2E1147D56FD80581C7404EE1CB9D6972FCF2BD0CB24926B3AF4DFC5BE9BCE1FE018681F22A38ADAA278BF22D73
                                                                                Malicious:false
                                                                                Preview:PK...........H................META-INF/....PK...........H.s0>...>.......META-INF/MANIFEST.MFManifest-Version: 1.0..Implementation-Vendor: Oracle Corporation..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_101..Specification-Vendor: Oracle Corporation..Created-By: 1.7.0_07 (Oracle Corporation)..Specification-Title: Java Platform API Specification..Specification-Version: 1.8....PK...........H....$...$.......META-INF/mailcap.default#.# This is a very simple 'mailcap' file.#.image/gif;;..x-java-view=com.sun.activation.viewers.ImageViewer.image/jpeg;;..x-java-view=com.sun.activation.viewers.ImageViewer.text/*;;..x-java-view=com.sun.activation.viewers.TextViewer.text/*;;..x-java-edit=com.sun.activation.viewers.TextEditor.PK...........H..{~2...2.......META-INF/mimetypes.default#.# A simple, old format, mime.types file.#.text/html..html htm HTML HTM.text/plain..txt text TXT TEXT.image/gif..gif GIF.image/ief..ief.image/jpeg..jpeg jpg jpe JPG.image/tiff..tiff tif.

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\rt.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Java archive data (JAR)
                                                                                Category:dropped
                                                                                Size (bytes):63602929
                                                                                Entropy (8bit):5.963369315504544
                                                                                Encrypted:false
                                                                                SSDEEP:786432:WyfysbZyGp7g85KKwcl0HeJgyll3LTjjA:F0GZTjjA
                                                                                MD5:EDB5B5B3EF4565E4E86BFFE647FB1AA2
                                                                                SHA1:11F5B1B2D729309059B1BD1FE2922251D9451D5F
                                                                                SHA-256:D00351BD39DE7DBF9E9FDBB9EE1FD82189189F9BC82E988B58E1E950D1D4BDC8
                                                                                SHA-512:05E7F9ED915610B70664EB7CB68F3F0BBA5BD5CF208BBDB54007DA5FF6311A6DDBBF057E0DF5A346C9042333C29E5C766B2C0A686628F8655C2E75061A9179C1
                                                                                Malicious:false
                                                                                Preview:PK...........H................META-INF/....PK...........H.5.%...%.......META-INF/MANIFEST.MFManifest-Version: 1.0..Implementation-Vendor: Oracle Corporation..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_101..Specification-Vendor: Oracle Corporation..Created-By: 1.7.0_07 (Oracle Corporation)..Specification-Title: Java Platform API Specification..Specification-Version: 1.8....Name: javax/swing/JCheckBoxMenuItem.class..Java-Bean: True....Name: javax/swing/JDialog.class..Java-Bean: True....Name: javax/swing/JSlider.class..Java-Bean: True....Name: javax/swing/JTextField.class..Java-Bean: True....Name: javax/swing/JTextPane.class..Java-Bean: True....Name: javax/swing/JTextArea.class..Java-Bean: True....Name: javax/swing/JList.class..Java-Bean: True....Name: javax/swing/JFormattedTextField.class..Java-Bean: True....Name: javax/swing/JApplet.class..Java-Bean: True....Name: javax/swing/JSpinner.class..Java-Bean: True....Name: javax/swing/JLabel.class..Java-Bean

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\security\US_export_policy.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                Category:dropped
                                                                                Size (bytes):3026
                                                                                Entropy (8bit):7.48902128028383
                                                                                Encrypted:false
                                                                                SSDEEP:48:9JJweDY2LXQ4lAAldrou1YgH767KWajaHpwrHZt0H9BRJgfHilVVt2+HZ:PCcY26Iou1YgHqK3WJGeHn8fH4VVttHZ
                                                                                MD5:EE4ED9C75A1AAA04DFD192382C57900C
                                                                                SHA1:7D69EA3B385BC067738520F1B5C549E1084BE285
                                                                                SHA-256:90012F900CF749A0E52A0775966EF575D390AD46388C49D512838983A554A870
                                                                                SHA-512:EAE6A23D2FD7002A55465844E662D7A5E3ED5A6A8BAF7317897E59A92A4B806DD26F2A19B7C05984745050B4FE3FFA30646A19C0F08451440E415F958204137C
                                                                                Malicious:false
                                                                                Preview:PK........F..C................META-INF/MANIFEST.MFe.Ao.0...;....-K....d..e.&.UM.BJ)..h)E..~..v......nXI;.wTv.7.p,.4.R..!R.6Gu.@.T.f.....1....}..l.<.....9..K.F..4L#.5.@.{Ih...L.-B8y.`..q....{.v....|...K.l..=....]...m..........T.E...Ke.^1...2..Rwz..2.......pI...N..m..H..;..?..PK.............PK........F..C................META-INF/ORACLE_J.SFu.Ko.@...;...c...->H<.j)XDA./f.eYy,Y.-.....Mos.f.....P.!.1).A..x.5Tq(...F.f..(q..p)..Q|n....I...*Q..Y..@.FS..Y...<'........E..++..j..`N...b..P.iS.Z.e.<r.[a.....ct.............. ...Z..X...x...T..44.'.......ok...h../Z..*..._..Z~mK...zh.....a........w..W..G._?..h.l....';+..&w....+..;K.......PK..+.s.4.......PK........F..C................META-INF/ORACLE_J.RSA3hb...........iA....&.+L......l..m....,L...........2.....q..f&F&&&fK..v..s.,.@.....8.CY..B.a..a&gGC!....].3 1'_.1.$.P.@.$.%,.\.....\._\Y\..[....l.l.......J,KT..O+)O,JUp.OIU..L...K7.1..)b...rvE.Rpv4...5440.b3....( ...5.r.....i.I.......s@.E..E.%..y...A...GF`.27.......aK....o

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\security\blacklist

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):4149
                                                                                Entropy (8bit):5.816047466650347
                                                                                Encrypted:false
                                                                                SSDEEP:96:ubCHVyxwEyPEtpuVFWny6NnXjekkMDV6kiPVNXvNhtfx5e6NgyufTMBwtBsv5XHs:ubCHVyxwEyPEtpuV8ny6NnX6kkMDV6kL
                                                                                MD5:3F5DC1D941E8356CCD04454AC0A7A7D2
                                                                                SHA1:3698F9AFD870C7959E2D8A0DA0A97B4475554831
                                                                                SHA-256:C48D57D64ED98F8F174A4F6873F536AE03B41A63F67079D7C2F7140950A1C02E
                                                                                SHA-512:65319A4EF150884F7E67C6F96085A996C9B32DCF9A539C4EB7AF77B1B46CDD90F1E83446F33DA14467EA37D0628C9411323F5C3D3CEFCF03CBDFA186EEB2BD3C
                                                                                Malicious:false
                                                                                Preview:# JNLPAppletLauncher applet-launcher.jar..SHA1-Digest-Manifest: 5Bo5/eg892hQ9mgbUW56iDmsp1k=....# 7066583..SHA1-Digest-Manifest: x17xGEFzBRXY2pLtXiIbp8J7U9M=..SHA1-Digest-Manifest: ya6YNTzMCFYUO4lwhmz9OWhhIz8=..SHA1-Digest-Manifest: YwuPyF/KMcxcQhgxilzNybFM2+8=....# 7066809..SHA1-Digest-Manifest: dBKbNW1PZSjJ0lGcCeewcCrYx5g=..SHA1-Digest-Manifest: lTYCkD1wm5uDcp2G2PNPcADG/ds=..SHA1-Digest-Manifest: GKwQJtblDEuSVf3LdC1ojpUJRGg=....# 7186931..SHA1-Digest-Manifest: 0CUppG7J6IL8xHqPCnA377Koahw=..SHA1-Digest-Manifest: 3aJU1qSK6IYmt5MSh2IIIj5G1XE=..SHA1-Digest-Manifest: 8F4F0TXA4ureZbfEXWIFm76QGg4=..SHA1-Digest-Manifest: B1NaDg834Bgg+VE9Ca+tDZOd2BI=..SHA1-Digest-Manifest: bOoQga+XxC3j0HiP552+fYCdswo=..SHA1-Digest-Manifest: C4mtepHAyIKiAjjqOm6xYMo8TkM=..SHA1-Digest-Manifest: cDXEH+bR01R8QVxL+KFKYqFgsR0=..SHA1-Digest-Manifest: cO2ccW2cckTvpR0HVgQa362PyHI=..SHA1-Digest-Manifest: D/TyRle6Sl+CDuBFmdOPy03ERaw=..SHA1-Digest-Manifest: eJfWm86yHp2Oz5U8WrMKbpv6GGA=..SHA1-Digest-Manifest: g3mA5HqcRBlKa

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\security\blacklisted.certs

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):1273
                                                                                Entropy (8bit):4.167014768533289
                                                                                Encrypted:false
                                                                                SSDEEP:24:NPwGDO0uFVW0mSDEYMZ9HWYZj4bJCC8lCEQqkvZq1n4v3CYe:NPrDJuF4oMyYZj4h8lCENq2+e
                                                                                MD5:BBEBCF13680E71EC2EE562524DA02660
                                                                                SHA1:C5C005C29A80493F5C31CD7EB629AC1B9C752404
                                                                                SHA-256:1FBEA394E634630894CF72DE02DF1846F32F3BB2067B3CB596700E4DD923F4B5
                                                                                SHA-512:B686236EEE055C97A96F5E31A2EE7CE57EED04C2175235CEB19F9F56ABFD22DB6FDCADE8C5D4BA7B656D69E923A1C5844C06DC959A4A915E215FB0ACE377B114
                                                                                Malicious:false
                                                                                Preview:Algorithm=SHA-256..14E6D2764A4B06701C6CBC376A253775F79C782FBCB6C0EE6F99DE4BA1024ADD..31C8FD37DB9B56E708B03D1F01848B068C6DA66F36FB5D82C008C6040FA3E133..3946901F46B0071E90D78279E82FABABCA177231A704BE72C5B0E8918566EA66..450F1B421BB05C8609854884559C323319619E8B06B001EA2DCBB74A23AA3BE2..4CBBF8256BC9888A8007B2F386940A2E394378B0D903CBB3863C5A6394B889CE..4FEE0163686ECBD65DB968E7494F55D84B25486D438E9DE558D629D28CD4D176..5E83124D68D24E8E177E306DF643D5EA99C5A94D6FC34B072F7544A1CABB7C7B..76A45A496031E4DD2D7ED23E8F6FF97DBDEA980BAAC8B0BA94D7EDB551348645..8A1BD21661C60015065212CC98B1ABB50DFD14C872A208E66BAE890F25C448AF..9ED8F9B0E8E42A1656B8E1DD18F42BA42DC06FE52686173BA2FC70E756F207DC..A686FEE577C88AB664D0787ECDFFF035F4806F3DE418DC9E4D516324FFF02083..B8686723E415534BC0DBD16326F9486F85B0B0799BF6639334E61DAAE67F36CD..D24566BF315F4E597D6E381C87119FB4198F5E9E2607F5F4AB362EF7E2E7672F..D3A936E1A7775A45217C8296A1F22AC5631DCDEC45594099E78EEEBBEDCBA967..DF21016B00FC54F9FE3BC8B039911BB216E9162FAD2FD14D990AB96E9

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\security\cacerts

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Java KeyStore
                                                                                Category:dropped
                                                                                Size (bytes):112860
                                                                                Entropy (8bit):7.58405956263152
                                                                                Encrypted:false
                                                                                SSDEEP:1536:knYlyRHbLD1Syx011lYcdSmjbDKuaG8QlpzHok0SeHX:knYlyRHrq5dbeO9pLD0SiX
                                                                                MD5:A2C167C8E0F275B234CB2C2E943781C7
                                                                                SHA1:2A6B5FBC476EA3A5DDFB4BF1F6CDF0C4DA843BB1
                                                                                SHA-256:A9263831583DFD58BC3584AA0B13E6CDE43403FB82093329B47BB65A8C701AFB
                                                                                SHA-512:8A0C2240C603210AE963C6A126D19BF51659FDED2228503BBF2A2662CCB73B0F9E18C020C9E5E2F3449E2F4F0006D68FE15C8FD5D91DEE8A1A6B42A49183BEAA
                                                                                Malicious:false
                                                                                Preview:...........h......digicertassuredidrootca....Wa....X.509....0...0................F...`...090...*.H........0e1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1$0"..U....DigiCert Assured ID Root CA0...061110000000Z..311110000000Z0e1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1$0"..U....DigiCert Assured ID Root CA0.."0...*.H.............0.............C.\...`.q....&...... 9(X`......2a<..(........z.....yS\1.*...26v...<...j.!.Ra. ......d..[_.X.5.G.6.k..8>...3../..(......nD.a5...Y..vm..K.+..r.`..5.xU. ...m..I|1.3l"..2Z......9...:r.......1u..}".?.F..(y...W..~......V.......?........_.wO......c0a0...U...........0...U.......0....0...U......E....1-Q...!..m..0...U.#..0...E....1-Q...!..m..0...*.H.....................rszd...rf.2.Bub.......V.....(...`\.LX..=.IEX.5i..G.V.y...g.....<..&, .=.(.._."...e....gI.]..*.&.x.}?+.&5m_...I[.....=%.....o...dh.-..B.....b.Pg.l....k.6...7|.[mz..F`..'..K...g*h....3f....n...c.....%ml...a...&..q......Q.+

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\security\java.policy

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):2515
                                                                                Entropy (8bit):4.490054643169131
                                                                                Encrypted:false
                                                                                SSDEEP:24:nWjF29ShnQUQH2Hvh4ic1mo6wv1PdOpGLSYLHoQLZQ/1rJ+fSA:n+4AQWxc1tgAFH
                                                                                MD5:EC90FD04C2890584A16EB24664050C2A
                                                                                SHA1:C7FE062EAC95909EC6A5EA93F42DDA5E023AD82C
                                                                                SHA-256:CED51E3926E6B0CFEC8ECAB3B15D296FDCFAE4D32046224814AAAB5FD0FED9C0
                                                                                SHA-512:8DA494925B3B5AAE69A30A8B5F9732E64EDBAE39C968229D112185E349C410A0F5D1B281A4E44718E0120E910820B15CA878B2ED1CF905DFC6595F1BA34B85D3
                                                                                Malicious:false
                                                                                Preview:..// Standard extensions get all permissions by default....grant codeBase "file:${{java.ext.dirs}}/*" {.. permission java.security.AllPermission;..};....// default permissions granted to all domains....grant {.. // Allows any thread to stop itself using the java.lang.Thread.stop().. // method that takes no argument... // Note that this permission is granted by default only to remain.. // backwards compatible... // It is strongly recommended that you either remove this permission.. // from this policy file or further restrict it to code sources.. // that you specify, because Thread.stop() is potentially unsafe... // See the API specification of java.lang.Thread.stop() for more.. // information... permission java.lang.RuntimePermission "stopThread";.... // allows anyone to listen on dynamic ports.. permission java.net.SocketPermission "localhost:0", "listen";.... // "standard" properies that

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\security\java.security

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):27033
                                                                                Entropy (8bit):4.840685151784295
                                                                                Encrypted:false
                                                                                SSDEEP:768:rmLHAEcqrlANbwbqL1AdLAHaPw2kqUTWip+fzIz:rWQaYFqUTWip0kz
                                                                                MD5:409C132FE4EA4ABE9E5EB5A48A385B61
                                                                                SHA1:446D68298BE43EB657934552D656FA9AE240F2A2
                                                                                SHA-256:4D9E5A12B8CAC8B36ECD88468B1C4018BC83C97EB467141901F90358D146A583
                                                                                SHA-512:7FED286AC9AED03E2DAE24C3864EDBBF812B65965C7173CC56CE622179EB5F872F77116275E96E1D52D1C58D3CDEBE4E82B540B968E95D5DA656AA74AD17400D
                                                                                Malicious:false
                                                                                Preview:#..# This is the "master security properties file"...#..# An alternate java.security properties file may be specified..# from the command line via the system property..#..# -Djava.security.properties=<URL>..#..# This properties file appends to the master security properties file...# If both properties files specify values for the same key, the value..# from the command-line properties file is selected, as it is the last..# one loaded...#..# Also, if you specify..#..# -Djava.security.properties==<URL> (2 equals),..#..# then that properties file completely overrides the master security..# properties file...#..# To disable the ability to specify an additional properties file from..# the command line, set the key security.overridePropertiesFile..# to false in the master security properties file. It is set to true..# by default.....# In this file, various security properties are set for use by..# java.security classes. This is where users can statically register..# Cryptography Packag

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\security\javaws.policy

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):103
                                                                                Entropy (8bit):4.802539000066613
                                                                                Encrypted:false
                                                                                SSDEEP:3:RSjGIWgjM0ePFUNaXsIGNDAPVnyzowv:RS6c2PFUsXsIrRqoa
                                                                                MD5:E0C4EF8B210C0DDFEE01126E1ACA4280
                                                                                SHA1:F1CC674F447045D668454996D5C3C188884762CD
                                                                                SHA-256:E5CD7F9FD43084674AA749BC8301F28DE85EEF6D01BD78828F72FA32377A3368
                                                                                SHA-512:4820074F15520AD099193B27A673499C31544A7279279EFCB6131D53FE997438A96E1C5B386C233385004F7A2FBB775D4CDE3C0272A196B54C0D8EE6CCEF43DF
                                                                                Malicious:false
                                                                                Preview:..grant codeBase "file:${jnlpx.home}/javaws.jar" {.. permission java.security.AllPermission;..};....

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\security\local_policy.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                Category:dropped
                                                                                Size (bytes):3527
                                                                                Entropy (8bit):7.521709350514316
                                                                                Encrypted:false
                                                                                SSDEEP:96:XWlvuYcIou1YgHqK3WwGjIEwtR88fH4VVKZ:sutuyOqKmw0QtRpH4VVKZ
                                                                                MD5:57AAAA3176DC28FC554EF0906D01041A
                                                                                SHA1:238B8826E110F58ACB2E1959773B0A577CD4D569
                                                                                SHA-256:B8BECC3EF2E7FF7D2165DD1A4E13B9C59FD626F20A26AF9A32277C1F4B5D5BC7
                                                                                SHA-512:8704B5E3665F28D1A0BC2A063F4BC07BA3C7CD8611E06C0D636A91D5EA55F63E85C6D2AD49E5D8ECE267D43CA3800B3CD09CF369841C94D30692EB715BB0098E
                                                                                Malicious:false
                                                                                Preview:PK........H..C................META-INF/MANIFEST.MF...o.0...;....-..N.I.._..!S..^L..v+....~....K.....9.......-.qLc,.P.N..%QG.b....n...`..m.u...Yw...ak....+to..1.............."m.i8..z}{B...^uV...1..s.>>..Z-.&..%....A..W..t..c....?z.o....A.]d0a...^..a........./..'..NQQ.%...4..l..}....N..A.f..Q[G.K^.S...o..PK.....8....h...PK........H..C................META-INF/ORACLE_J.SF..Ko.0...}.....U....A........-!....c...4..m.E..F.;.G.c..5...AH.qW.93.....-...`...#.Y.1..=.......b....0/.p...`...}...!.N..a'.....'..?eW..(b..SD.(0;*=h.W\.....w........ ........hg. y.....D...1.L'+...P..QOM..f.w...{\m...Tl.&i..!N~..Q.5...8............/.....UzY..$>.}.m..'.............g>.....D.O...o..V...o.O....4....~.2.7..'.o/....}.PK...E..\.......PK........H..C................META-INF/ORACLE_J.RSA3hb...........iA....&.+L......l..m....,L...........2.....q..f&F&&&fK..v..s.,.@.....8.CY..B.a..a&gGC!....].3 1'_.1.$.P.@.$.%,.\.....\._\Y\..[....l.l.......J,KT..O+)O,JUp.OIU..L...K7.1..)b...rvE.Rpv4

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\sound.properties

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):1249
                                                                                Entropy (8bit):4.735634480139973
                                                                                Encrypted:false
                                                                                SSDEEP:12:AJx/wzjJQO1YfK4pPq8Ul6GyGLCKDJ9w5lAu9aEVjEcGuc8X3A0LlmPOiMA0L9UV:w/61sppNUl6GbLCOMlmEOucA3e2s/WW
                                                                                MD5:BB63293B1207CB8608C5FBE089A1B06D
                                                                                SHA1:96A0FA723AF939C22AE25B164771319D82BC033B
                                                                                SHA-256:633015AD63728DFE7A51BF26E55B766DD3E935F1FCCCFFA8054BF6E158EA89B2
                                                                                SHA-512:0042DEBE4A77DA997A75A294A0C48D19AED258EEB3CD723FD305037DF11F0A5073A92CC54967B8B541E1AFC912F36481D0B0F68477B8156E52E15093722B7C32
                                                                                Malicious:false
                                                                                Preview:############################################################..# Sound Configuration File..############################################################..#..# This properties file is used to specify default service..# providers for javax.sound.midi.MidiSystem and..# javax.sound.sampled.AudioSystem...#..# The following keys are recognized by MidiSystem methods:..#..# javax.sound.midi.Receiver..# javax.sound.midi.Sequencer..# javax.sound.midi.Synthesizer..# javax.sound.midi.Transmitter..#..# The following keys are recognized by AudioSystem methods:..#..# javax.sound.sampled.Clip..# javax.sound.sampled.Port..# javax.sound.sampled.SourceDataLine..# javax.sound.sampled.TargetDataLine..#..# The values specify the full class name of the service..# provider, or the device name...#..# See the class descriptions for details...#..# Example 1:..# Use MyDeviceProvider as default for SourceDataLines:..# javax.sound.sampled.SourceDataLine=com.xyz.MyDeviceProvider..#..# Example 2:..# Speci

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\tzdb.dat

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):103910
                                                                                Entropy (8bit):7.113278604363908
                                                                                Encrypted:false
                                                                                SSDEEP:1536:OcQWmFKJzLl2g6kpE7tdTMBB/////t97Taz69rU4y/uqmol7s2gK:Oyh3F27/qGzkrfy/uqllQ2gK
                                                                                MD5:5A7F416BD764E4A0C2DEB976B1D04B7B
                                                                                SHA1:E12754541A58D7687DEDA517CDDA14B897FF4400
                                                                                SHA-256:A636AFA5EDBA8AA0944836793537D9C5B5CA0091CCC3741FC0823EDAE8697C9D
                                                                                SHA-512:3AB2AD86832B98F8E5E1CE1C1B3FFEFA3C3D00B592EB1858E4A10FFF88D1A74DA81AD24C7EC82615C398192F976A1C15358FCE9451AA0AF9E65FB566731D6D8F
                                                                                Malicious:false
                                                                                Preview:...TZDB....2016d.S..Africa/Abidjan..Africa/Accra..Africa/Addis_Ababa..Africa/Algiers..Africa/Asmara..Africa/Asmera..Africa/Bamako..Africa/Bangui..Africa/Banjul..Africa/Bissau..Africa/Blantyre..Africa/Brazzaville..Africa/Bujumbura..Africa/Cairo..Africa/Casablanca..Africa/Ceuta..Africa/Conakry..Africa/Dakar..Africa/Dar_es_Salaam..Africa/Djibouti..Africa/Douala..Africa/El_Aaiun..Africa/Freetown..Africa/Gaborone..Africa/Harare..Africa/Johannesburg..Africa/Juba..Africa/Kampala..Africa/Khartoum..Africa/Kigali..Africa/Kinshasa..Africa/Lagos..Africa/Libreville..Africa/Lome..Africa/Luanda..Africa/Lubumbashi..Africa/Lusaka..Africa/Malabo..Africa/Maputo..Africa/Maseru..Africa/Mbabane..Africa/Mogadishu..Africa/Monrovia..Africa/Nairobi..Africa/Ndjamena..Africa/Niamey..Africa/Nouakchott..Africa/Ouagadougou..Africa/Porto-Novo..Africa/Sao_Tome..Africa/Timbuktu..Africa/Tripoli..Africa/Tunis..Africa/Windhoek..America/Adak..America/Anchorage..America/Anguilla..America/Antigua..America/Araguaina..America/

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\tzmappings

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):8602
                                                                                Entropy (8bit):5.204166069367786
                                                                                Encrypted:false
                                                                                SSDEEP:192:j1kfcymkDvxeMmKg5GQEK2TtllXinSV29OHPQT:hhymk/QGT7YT
                                                                                MD5:B8DD8953B143685B5E91ABEB13FF24F0
                                                                                SHA1:B5CEB39061FCE39BB9D7A0176049A6E2600C419C
                                                                                SHA-256:3D49B3F2761C70F15057DA48ABE35A59B43D91FA4922BE137C0022851B1CA272
                                                                                SHA-512:C9CD0EB1BA203C170F8196CBAB1AAA067BCC86F2E52D0BAF979AAD370EDF9F773E19F430777A5A1C66EFE1EC3046F9BC82165ACCE3E3D1B8AE5879BD92F09C90
                                                                                Malicious:false
                                                                                Preview:#..# This file describes mapping information between Windows and Java..# time zones...# Format: Each line should include a colon separated fields of Windows..# time zone registry key, time zone mapID, locale (which is most..# likely used in the time zone), and Java time zone ID. Blank lines..# and lines that start with '#' are ignored. Data lines must be sorted..# by mapID (ASCII order)...#..# NOTE..# This table format is not a public interface of any Java..# platforms. No applications should depend on this file in any form...#..# This table has been generated by a program and should not be edited..# manually...#..Romance:-1,64::Europe/Paris:..Romance Standard Time:-1,64::Europe/Paris:..Warsaw:-1,65::Europe/Warsaw:..Central Europe:-1,66::Europe/Prague:..Central Europe Standard Time:-1,66::Europe/Prague:..Prague Bratislava:-1,66::Europe/Prague:..W. Central Africa Standard Time:-1,66:AO:Africa/Luanda:..FLE:-1,67:FI:Europe/Helsinki:..FLE Standard Time:-1,67:FI:E

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\release

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:ASCII text, with very long lines (427), with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):533
                                                                                Entropy (8bit):5.416086012521588
                                                                                Encrypted:false
                                                                                SSDEEP:12:GEKkc58IOlBVAQEjy2IM0oPP1RVtc8fFVKeiIdGIVIPJvq1RUbDcz:GEK7586QY/0oPtRb2TqySRUkz
                                                                                MD5:A61B1E3FE507D37F0D2F3ADD5AC691E0
                                                                                SHA1:8AE1050FF466B8F024EED5BC067B87784F19A848
                                                                                SHA-256:F9E84B54CF0D8CB0645E0D89BF47ED74C88AF98AC5BF9CCF3ACCB1A824F7DC3A
                                                                                SHA-512:3E88A839E44241AE642D0F9B7000D80BE7CF4BD003A9E2F9F04A4FEB61EC4877B2B4E76151503184F4B9978894BA1D0DE034DBC5F2E51C31B3ABB24F0EACF0C7
                                                                                Malicious:false
                                                                                Preview:JAVA_VERSION="1.8.0_101"..OS_NAME="Windows"..OS_VERSION="5.1"..OS_ARCH="i586"..SOURCE=" .:e983a19c6439 corba:2bb2aec4b3e5 deploy:2390a2618e98 hotspot:77df35b662ed hotspot/make/closed:40ee8a558775 hotspot/src/closed:710cffeb3c01 hotspot/test/closed:d6cfbcb20a1e install:68eb511e9151 jaxp:8ee36eca2124 jaxws:287f9e9d45cc jdk:827b2350d7f8 jdk/make/closed:53a5d48a69b0 jdk/src/closed:06c649fef4a8 jdk/test/closed:556c76f337b9 langtools:8dc8f71216bf nashorn:44e4e6cbe15b pubs:388b7b93b2c0 sponsors:1b72bbdb30d6"..BUILD_TYPE="commercial"..

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\slf4j-api.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                Category:dropped
                                                                                Size (bytes):41203
                                                                                Entropy (8bit):7.855219741633254
                                                                                Encrypted:false
                                                                                SSDEEP:768:CkwPhOR4PpSvw6vob5IJ9eoYUx7eBr9HDhzCZ+8ylnm1fjiUNcS5cXeK/7DaeR7g:CRPhOR4B0reWJYURuHN4ylnaeSI4
                                                                                MD5:CAAFE376AFB7086DCBEE79F780394CA3
                                                                                SHA1:DA76CA59F6A57EE3102F8F9BD9CEE742973EFA8A
                                                                                SHA-256:18C4A0095D5C1DA6B817592E767BB23D29DD2F560AD74DF75FF3961DBDE25B79
                                                                                SHA-512:5DD6271FD5B34579D8E66271BAB75C89BACA8B2EBEAA9966DE391284BD08F2D720083C6E0E1EDDA106ECF8A04E9A32116DE6873F0F88C19C049C0FE27E5D820B
                                                                                Malicious:false
                                                                                Preview:PK..........pJ................META-INF/PK..........pJ..w0?...........META-INF/MANIFEST.MF}._O.0....;.....J2....a..F.o.v..tm.....&c..q.w.9'..Q..Y...q%..%.........x.`.g..|ol.ZH......l.hF...7...............Gw..2..'.1..<..F&../4.O..V......4..R....k...*.<.Un..h....ZR...B..Kn..u.L5o..~.kl{.........xJ......d.L...~D..O.Y.w..$..X.r...FI.3@Q/.q.>.ke,.S....C...|.:.C]...L...{.....K.....m.D.&..Cx.qk...j...PK........J.pJ................org/PK..........pJ................org/slf4j/PK..........pJ................org/slf4j/event/PK..........pJ................org/slf4j/helpers/PK..........pJ................org/slf4j/spi/PK..........pJ...^]...+...$...org/slf4j/event/EventConstants.class}.MO.@...........=.x...!!%i......6i../O&....(.l.../.y.wvf..........8..$..C...C}..F...P..^(LOLL7.Ir4.r.-].5...k....].=._...#.....CkM.q.[*...0U..l.......N.27..[.d.|......4p<.E/..F..r..g.;1.G.RL.g'd....VC..z......q.S.dP.?.f..H[.........'....Ck.g..i-..P8".|..6.p...+dp..........5..+k.A\X."..........e

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\slf4j-simple.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                Category:dropped
                                                                                Size (bytes):15257
                                                                                Entropy (8bit):7.804568217256536
                                                                                Encrypted:false
                                                                                SSDEEP:192:wyBOIrDL/vJ0RWNML2NyWKr362ByOikGnqO5Vyb3Uab+UtJIdgihtqSXs:wyBnxxMLg7KrqU7Gnqrb3lhtuF/qS8
                                                                                MD5:722BB90689AECC523E3FE317E1F0984B
                                                                                SHA1:8DACF9514F0C707CBBCDD6FD699E8940D42FB54E
                                                                                SHA-256:0966E86FFFA5BE52D3D9E7B89DD674D98A03EED0A454FBAF7C1BD9493BD9D874
                                                                                SHA-512:D5EFFBFA105BCD615E56EF983075C9EF0F52BCFDBEFA3CE8CEA9550F25B859E48B32F2EC9AA7A305C6611A3BE5E0CDE0D269588D9C2897CA987359B77213331D
                                                                                Malicious:false
                                                                                Preview:PK..........pJ................META-INF/PK..........pJ.T..N...........META-INF/MANIFEST.MFuR]O.0.}_....`. ........%...L...............{>.97...6..^..L..u........e<..5:..3V@..xt..0#t.hF...3..7..U........Ww`.".'..b.)wDo.~.".f......f6.....XZ......?.X..;J#.+.8..Z..Z...i@-.%3.|.....u..N4;.....%g...g..R7....D,.......u..3..b.-I.j...{......))l....(.e.`.Ie...I.NR%^.fC<.U.......w....6.:.=[..........$.*..2.Yjsu....PK........K.pJ................org/PK........K.pJ................org/slf4j/PK........K.pJ................org/slf4j/impl/PK........K.pJ.._.........#...org/slf4j/impl/OutputChoice$1.class..mO.P...w+.6+..4yP.....t........f. 1. ]w..v.Z.O.k51..>.o.F.s..$(.I.?.wn.97.......@..,.c&.,f3.....qC.M!.Bn..-cQ.........5(.A.0t.T...`...Q8..Z.wl~.Z...!..`H?.].s.g..bi.A...Z.2..oE.m....K.....k....`..c.3.......|3.{u...=....C.....uG$L.....^.g....<.....2.........`UA.....[)./>..y .!V..i(Z<.M.E;1.........Z.!.2....v..!...E.V.jqz...P..r#.R,...)G....~s..P>w..t..r..o.....&k.....?.q3..0

                                                                                C:\Users\user\AppData\Roaming\InstallerPDW\jre\zt-zip.jar

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\Confirm Me.exe
                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                Category:dropped
                                                                                Size (bytes):105007
                                                                                Entropy (8bit):7.8886535210991395
                                                                                Encrypted:false
                                                                                SSDEEP:1536:Dxpeuv7xOoWmvqcQurq8vGDTRAi5yRdPPl/CJqM9ggS3OIrBTH6x0:Fguv7cfmJrUOiYRbXMbS3Ooox0
                                                                                MD5:0FD8BC4F0F2E37FEB1EFC474D037AF55
                                                                                SHA1:ADD8FFACE4C1936787EB4BFFE4EA944A13467D53
                                                                                SHA-256:1E31EF3145D1E30B31107B7AFC4A61011EBCA99550DCE65F945C2EA4CCAC714B
                                                                                SHA-512:29DE5832DB5B43FDC99BB7EA32A7359441D6CF5C05561DD0A6960B33078471E4740EE08FFBD97A5CED4B7DD9CC98FAD6ADD43EDB4418BF719F90F83C58188149
                                                                                Malicious:false
                                                                                Preview:PK.........E?J................META-INF/PK.........E?J&.x~i...........META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r,J..,K-B...V..+.$x...R.KRSt.*......3R.|..R.x..J3sJ..%.....E...]..l...z.....\.\.PK.........E?J................org/PK.........E?J................org/zeroturnaround/PK.........E?J................org/zeroturnaround/zip/PK.........E?J................org/zeroturnaround/zip/commons/PK.........E?J................org/zeroturnaround/zip/extra/PK.........E?J............"...org/zeroturnaround/zip/timestamps/PK.........E?J............!...org/zeroturnaround/zip/transform/PK.........E?J............'...org/zeroturnaround/zip/ByteSource.class.U.W.U..6.l..B.7...`H..`.-.. ..g[(.b.%....q...../..G_.9.<rN.Oz...?.77.4=.;s....|w....}..2.60.....#..........!.,.X....$r".x ...?.....-x(bU.#...X...@..u|b...8...4..D.....#...d...Z.w..V.`.......&4D7.|..!.>IG..5h..^..%......`...&.9..y....N..oj.L...>9.J.)w.X..N.^..n...Q.%.7o.V-.y`l...fqq..........hyn....wJ.If..V...........r..]..Z....1..5...

                                                                                C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\83aa4cc77f591dfc2374580bbd95f6ba_9e146be9-c76a-4720-bcdb-53011b87bd06

                                                                                Download File
                                                                                Process:C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):45
                                                                                Entropy (8bit):0.9111711733157262
                                                                                Encrypted:false
                                                                                SSDEEP:3:/lwlt7n:WNn
                                                                                MD5:C8366AE350E7019AEFC9D1E6E6A498C6
                                                                                SHA1:5731D8A3E6568A5F2DFBBC87E3DB9637DF280B61
                                                                                SHA-256:11E6ACA8E682C046C83B721EEB5C72C5EF03CB5936C60DF6F4993511DDC61238
                                                                                SHA-512:33C980D5A638BFC791DE291EBF4B6D263B384247AB27F261A54025108F2F85374B579A026E545F81395736DD40FA4696F2163CA17640DD47F1C42BC9971B18CD
                                                                                Malicious:false
                                                                                Preview:........................................J2SE.

                                                                                Static File Info

                                                                                General

                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                Entropy (8bit):7.999744974729285
                                                                                TrID:
                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                File name:Confirm Me.exe
                                                                                File size:48'457'393 bytes
                                                                                MD5:9e1f57731569a5ccbd7526f3ae1c4b50
                                                                                SHA1:1c7915b594ea634885c57c2281a8ce77483f1961
                                                                                SHA256:f659219bbbb50593d0cd629ccf48faca878b444162b14863854480a7c9289266
                                                                                SHA512:b0368552bd8e7b971210edfa6bba06891c6a41f5c2c61b2a9109dd120df5e0f865ec32ea363fc170473540b7f836ce5ce74f9b11a6f705d2b384e96107411e26
                                                                                SSDEEP:786432:FT8dGiVeQ4LJ3fj4cV7WP4S8o1cZKMjWHZh0Rhp5MRd41Vlbr2BGkKq+qTOFUiRW:F1OeQQFf7V6XnqbcIHMRihr2Mkp+qiFu
                                                                                TLSH:93B7331DEF04E9EAE244417138B24A5E3FA08E5D97DA9498139CAB233C3175382D7F79
                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1 ..PN..PN..PN.*_...PN..PO.JPN.*_...PN..s~..PN..VH..PN.Rich.PN.........................PE..L....C.f.................f...".....

                                                                                File Icon

                                                                                Icon Hash:32728092d4f29244

                                                                                Static PE Info

                                                                                General

                                                                                Entrypoint:0x40351c
                                                                                Entrypoint Section:.text
                                                                                Digitally signed:false
                                                                                Imagebase:0x400000
                                                                                Subsystem:windows gui
                                                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                Time Stamp:0x660843F3 [Sat Mar 30 16:55:15 2024 UTC]
                                                                                TLS Callbacks:
                                                                                CLR (.Net) Version:
                                                                                OS Version Major:4
                                                                                OS Version Minor:0
                                                                                File Version Major:4
                                                                                File Version Minor:0
                                                                                Subsystem Version Major:4
                                                                                Subsystem Version Minor:0
                                                                                Import Hash:f4639a0b3116c2cfc71144b88a929cfd

                                                                                Entrypoint Preview

                                                                                Instruction
                                                                                sub esp, 000003F8h
                                                                                push ebp
                                                                                push esi
                                                                                push edi
                                                                                push 00000020h
                                                                                pop edi
                                                                                xor ebp, ebp
                                                                                push 00008001h
                                                                                mov dword ptr [esp+20h], ebp
                                                                                mov dword ptr [esp+18h], 0040A2D8h
                                                                                mov dword ptr [esp+14h], ebp
                                                                                call dword ptr [004080A4h]
                                                                                mov esi, dword ptr [004080A8h]
                                                                                lea eax, dword ptr [esp+34h]
                                                                                push eax
                                                                                mov dword ptr [esp+4Ch], ebp
                                                                                mov dword ptr [esp+0000014Ch], ebp
                                                                                mov dword ptr [esp+00000150h], ebp
                                                                                mov dword ptr [esp+38h], 0000011Ch
                                                                                call esi
                                                                                test eax, eax
                                                                                jne 00007F4870BA40CAh
                                                                                lea eax, dword ptr [esp+34h]
                                                                                mov dword ptr [esp+34h], 00000114h
                                                                                push eax
                                                                                call esi
                                                                                mov ax, word ptr [esp+48h]
                                                                                mov ecx, dword ptr [esp+62h]
                                                                                sub ax, 00000053h
                                                                                add ecx, FFFFFFD0h
                                                                                neg ax
                                                                                sbb eax, eax
                                                                                mov byte ptr [esp+0000014Eh], 00000004h
                                                                                not eax
                                                                                and eax, ecx
                                                                                mov word ptr [esp+00000148h], ax
                                                                                cmp dword ptr [esp+38h], 0Ah
                                                                                jnc 00007F4870BA4098h
                                                                                and word ptr [esp+42h], 0000h
                                                                                mov eax, dword ptr [esp+40h]
                                                                                movzx ecx, byte ptr [esp+3Ch]
                                                                                mov dword ptr [00429AD8h], eax
                                                                                xor eax, eax
                                                                                mov ah, byte ptr [esp+38h]
                                                                                movzx eax, ax
                                                                                or eax, ecx
                                                                                xor ecx, ecx
                                                                                mov ch, byte ptr [esp+00000148h]
                                                                                movzx ecx, cx
                                                                                shl eax, 10h
                                                                                or eax, ecx
                                                                                movzx ecx, byte ptr [esp+0000004Eh]

                                                                                Rich Headers

                                                                                Programming Language:
                                                                                • [EXP] VC++ 6.0 SP5 build 8804

                                                                                Data Directories

                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x84fc0xa0.rdata
                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x460000x1ac88.rsrc
                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x80000x2a8.rdata
                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                Sections

                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                .text0x10000x65760x66001e4066ed6e7440cc449c401dfd9ca64fFalse0.6663219975490197data6.461246686118911IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                .rdata0x80000x13580x1400f0b500ff912dda10f31f36da3efc8a1eFalse0.44296875data5.102094016108248IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                .data0xa0000x1fb380x6002e1d49b2855a89e6218e118f0c182b81False0.5026041666666666data4.044293204800279IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                .ndata0x2a0000x1c0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                .rsrc0x460000x1ac880x1ae008988c032042e743cea2bd21d55b82546False0.1428688226744186data3.963465439460763IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                Resources

                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                RT_ICON0x462f80x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536EnglishUnited States0.046433218975511656
                                                                                RT_ICON0x56b200x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384EnglishUnited States0.10350732168162494
                                                                                RT_ICON0x5ad480x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216EnglishUnited States0.1479253112033195
                                                                                RT_ICON0x5d2f00x18d0PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9713476070528967
                                                                                RT_ICON0x5ebc00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096EnglishUnited States0.22115384615384615
                                                                                RT_ICON0x5fc680x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024EnglishUnited States0.4352836879432624
                                                                                RT_ICON0x600d00x128dataEnglishUnited States0.04391891891891892
                                                                                RT_DIALOG0x601f80x202dataEnglishUnited States0.4085603112840467
                                                                                RT_DIALOG0x604000xf8dataEnglishUnited States0.6290322580645161
                                                                                RT_DIALOG0x604f80xeedataEnglishUnited States0.6302521008403361
                                                                                RT_GROUP_ICON0x605e80x68dataEnglishUnited States0.6826923076923077
                                                                                RT_VERSION0x606500x204dataEnglishUnited States0.5193798449612403
                                                                                RT_MANIFEST0x608580x42eXML 1.0 document, ASCII text, with very long lines (1070), with no line terminatorsEnglishUnited States0.5130841121495328

                                                                                Imports

                                                                                DLLImport
                                                                                ADVAPI32.dllRegEnumValueW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, RegOpenKeyExW, RegCreateKeyExW
                                                                                SHELL32.dllSHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW, ShellExecuteExW
                                                                                ole32.dllCoCreateInstance, OleUninitialize, OleInitialize, IIDFromString, CoTaskMemFree
                                                                                COMCTL32.dllImageList_Destroy, ImageList_AddMasked, ImageList_Create
                                                                                USER32.dllMessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, CreatePopupMenu, AppendMenuW, TrackPopupMenu, OpenClipboard, EmptyClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, IsWindowEnabled, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CharPrevW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, CharNextA, wsprintfA, DispatchMessageW, CreateWindowExW, PeekMessageW, GetSystemMetrics
                                                                                GDI32.dllGetDeviceCaps, SetBkColor, SelectObject, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor
                                                                                KERNEL32.dlllstrcmpiA, CreateFileW, GetTempFileNameW, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, WriteFile, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, Sleep, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, MulDiv, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, SetEnvironmentVariableW

                                                                                Possible Origin

                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                EnglishUnited States

                                                                                Network Behavior

                                                                                Network Port Distribution

                                                                                TCP Packets

                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                Oct 6, 2024 09:32:30.917859077 CEST49778443192.168.2.5104.20.3.235
                                                                                Oct 6, 2024 09:32:30.917926073 CEST44349778104.20.3.235192.168.2.5
                                                                                Oct 6, 2024 09:32:30.918020010 CEST49778443192.168.2.5104.20.3.235
                                                                                Oct 6, 2024 09:32:30.935863018 CEST49778443192.168.2.5104.20.3.235
                                                                                Oct 6, 2024 09:32:30.935875893 CEST44349778104.20.3.235192.168.2.5
                                                                                Oct 6, 2024 09:32:31.410531044 CEST44349778104.20.3.235192.168.2.5
                                                                                Oct 6, 2024 09:32:31.410686970 CEST49778443192.168.2.5104.20.3.235
                                                                                Oct 6, 2024 09:32:31.623857021 CEST49778443192.168.2.5104.20.3.235
                                                                                Oct 6, 2024 09:32:31.623899937 CEST44349778104.20.3.235192.168.2.5
                                                                                Oct 6, 2024 09:32:31.624207020 CEST44349778104.20.3.235192.168.2.5
                                                                                Oct 6, 2024 09:32:31.624275923 CEST49778443192.168.2.5104.20.3.235
                                                                                Oct 6, 2024 09:32:31.624429941 CEST49778443192.168.2.5104.20.3.235
                                                                                Oct 6, 2024 09:32:31.624444962 CEST44349778104.20.3.235192.168.2.5

                                                                                UDP Packets

                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                Oct 6, 2024 09:32:30.907218933 CEST5933653192.168.2.51.1.1.1
                                                                                Oct 6, 2024 09:32:30.914239883 CEST53593361.1.1.1192.168.2.5

                                                                                DNS Queries

                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                Oct 6, 2024 09:32:30.907218933 CEST192.168.2.51.1.1.10xbf84Standard query (0)pastebin.comA (IP address)IN (0x0001)false

                                                                                DNS Answers

                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                Oct 6, 2024 09:32:30.914239883 CEST1.1.1.1192.168.2.50xbf84No error (0)pastebin.com104.20.3.235A (IP address)IN (0x0001)false
                                                                                Oct 6, 2024 09:32:30.914239883 CEST1.1.1.1192.168.2.50xbf84No error (0)pastebin.com104.20.4.235A (IP address)IN (0x0001)false
                                                                                Oct 6, 2024 09:32:30.914239883 CEST1.1.1.1192.168.2.50xbf84No error (0)pastebin.com172.67.19.24A (IP address)IN (0x0001)false

                                                                                Statistics

                                                                                CPU Usage

                                                                                Click to jump to process

                                                                                Memory Usage

                                                                                Click to jump to process

                                                                                High Level Behavior Distribution

                                                                                Click to dive into process behavior distribution

                                                                                Behavior

                                                                                Click to jump to process

                                                                                System Behavior

                                                                                General

                                                                                Target ID:0
                                                                                Start time:03:32:02
                                                                                Start date:06/10/2024
                                                                                Path:C:\Users\user\Desktop\Confirm Me.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Users\user\Desktop\Confirm Me.exe"
                                                                                Imagebase:0x400000
                                                                                File size:48'457'393 bytes
                                                                                MD5 hash:9E1F57731569A5CCBD7526F3AE1C4B50
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:low
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:3
                                                                                Start time:03:32:25
                                                                                Start date:06/10/2024
                                                                                Path:C:\Users\user\AppData\Roaming\InstallerPDW\install.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:C:\Users\user\AppData\Roaming\InstallerPDW\install.exe
                                                                                Imagebase:0x400000
                                                                                File size:139'264 bytes
                                                                                MD5 hash:5ECD826BABBEBDD959456C471DEC6465
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Antivirus matches:
                                                                                • Detection: 3%, ReversingLabs
                                                                                Reputation:low
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:4
                                                                                Start time:03:32:26
                                                                                Start date:06/10/2024
                                                                                Path:C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\COPYRIGHT;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre\jphp-runtime.jar;jre\jphp-xml-ext.jar;jre\jphp-zend-ext.jar;jre\jphp-zip-ext.jar;jre\lib;jre\LICENSE;jre\README.txt;jre\release;jre\slf4j-api.jar;jre\slf4j-simple.jar;jre\THIRDPARTYLICENSEREADME-JAVAFX.txt;jre\THIRDPARTYLICENSEREADME.txt;jre\Welcome.html;jre\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncher
                                                                                Imagebase:0x970000
                                                                                File size:191'552 bytes
                                                                                MD5 hash:48C96771106DBDD5D42BBA3772E4B414
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Antivirus matches:
                                                                                • Detection: 0%, ReversingLabs
                                                                                Reputation:moderate
                                                                                Has exited:true

                                                                                Disassembly

                                                                                Reset < >

                                                                                  Execution Graph

                                                                                  Execution Coverage:12.6%
                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                  Signature Coverage:17%
                                                                                  Total number of Nodes:1370
                                                                                  Total number of Limit Nodes:19
                                                                                  execution_graph 3811 401bc0 3812 401c11 3811->3812 3813 401bcd 3811->3813 3815 401c16 3812->3815 3816 401c3b GlobalAlloc 3812->3816 3814 4023af 3813->3814 3820 401be4 3813->3820 3817 40657e 21 API calls 3814->3817 3823 401c56 3815->3823 3832 406541 lstrcpynW 3815->3832 3818 40657e 21 API calls 3816->3818 3819 4023bc 3817->3819 3818->3823 3825 405ba1 MessageBoxIndirectW 3819->3825 3830 406541 lstrcpynW 3820->3830 3824 401c28 GlobalFree 3824->3823 3825->3823 3826 401bf3 3831 406541 lstrcpynW 3826->3831 3828 401c02 3833 406541 lstrcpynW 3828->3833 3830->3826 3831->3828 3832->3824 3833->3823 3834 402641 3835 402dcb 21 API calls 3834->3835 3836 402648 3835->3836 3839 406031 GetFileAttributesW CreateFileW 3836->3839 3838 402654 3839->3838 3840 403fc1 3841 403fd9 3840->3841 3842 40413a 3840->3842 3841->3842 3843 403fe5 3841->3843 3844 40418b 3842->3844 3845 40414b GetDlgItem GetDlgItem 3842->3845 3847 403ff0 SetWindowPos 3843->3847 3848 404003 3843->3848 3846 4041e5 3844->3846 3854 401389 2 API calls 3844->3854 3928 4044c0 3845->3928 3850 40450c SendMessageW 3846->3850 3855 404135 3846->3855 3847->3848 3851 40400c ShowWindow 3848->3851 3852 40404e 3848->3852 3880 4041f7 3850->3880 3856 4040f8 3851->3856 3857 40402c GetWindowLongW 3851->3857 3858 404056 DestroyWindow 3852->3858 3859 40406d 3852->3859 3853 404175 SetClassLongW 3860 40140b 2 API calls 3853->3860 3864 4041bd 3854->3864 3914 404527 3856->3914 3857->3856 3866 404045 ShowWindow 3857->3866 3861 404449 3858->3861 3862 404072 SetWindowLongW 3859->3862 3863 404083 3859->3863 3860->3844 3861->3855 3873 40447a ShowWindow 3861->3873 3862->3855 3863->3856 3867 40408f GetDlgItem 3863->3867 3864->3846 3868 4041c1 SendMessageW 3864->3868 3866->3852 3871 4040a0 SendMessageW IsWindowEnabled 3867->3871 3872 4040bd 3867->3872 3868->3855 3869 40140b 2 API calls 3869->3880 3870 40444b DestroyWindow EndDialog 3870->3861 3871->3855 3871->3872 3875 4040ca 3872->3875 3878 404111 SendMessageW 3872->3878 3879 4040dd 3872->3879 3885 4040c2 3872->3885 3873->3855 3874 40657e 21 API calls 3874->3880 3875->3878 3875->3885 3877 4044c0 22 API calls 3877->3880 3878->3856 3881 4040e5 3879->3881 3882 4040fa 3879->3882 3880->3855 3880->3869 3880->3870 3880->3874 3880->3877 3886 4044c0 22 API calls 3880->3886 3902 40438b DestroyWindow 3880->3902 3884 40140b 2 API calls 3881->3884 3883 40140b 2 API calls 3882->3883 3883->3885 3884->3885 3885->3856 3911 404499 3885->3911 3887 404272 GetDlgItem 3886->3887 3888 404287 3887->3888 3889 40428f ShowWindow EnableWindow 3887->3889 3888->3889 3931 4044e2 EnableWindow 3889->3931 3891 4042b9 EnableWindow 3896 4042cd 3891->3896 3892 4042d2 GetSystemMenu EnableMenuItem SendMessageW 3893 404302 SendMessageW 3892->3893 3892->3896 3893->3896 3895 403fa2 22 API calls 3895->3896 3896->3892 3896->3895 3932 4044f5 SendMessageW 3896->3932 3933 406541 lstrcpynW 3896->3933 3898 404331 lstrlenW 3899 40657e 21 API calls 3898->3899 3900 404347 SetWindowTextW 3899->3900 3901 401389 2 API calls 3900->3901 3901->3880 3902->3861 3903 4043a5 CreateDialogParamW 3902->3903 3903->3861 3904 4043d8 3903->3904 3905 4044c0 22 API calls 3904->3905 3906 4043e3 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3905->3906 3907 401389 2 API calls 3906->3907 3908 404429 3907->3908 3908->3855 3909 404431 ShowWindow 3908->3909 3910 40450c SendMessageW 3909->3910 3910->3861 3912 4044a0 3911->3912 3913 4044a6 SendMessageW 3911->3913 3912->3913 3913->3856 3915 4045ea 3914->3915 3916 40453f GetWindowLongW 3914->3916 3915->3855 3916->3915 3917 404554 3916->3917 3917->3915 3918 404581 GetSysColor 3917->3918 3919 404584 3917->3919 3918->3919 3920 404594 SetBkMode 3919->3920 3921 40458a SetTextColor 3919->3921 3922 4045b2 3920->3922 3923 4045ac GetSysColor 3920->3923 3921->3920 3924 4045c3 3922->3924 3925 4045b9 SetBkColor 3922->3925 3923->3922 3924->3915 3926 4045d6 DeleteObject 3924->3926 3927 4045dd CreateBrushIndirect 3924->3927 3925->3924 3926->3927 3927->3915 3929 40657e 21 API calls 3928->3929 3930 4044cb SetDlgItemTextW 3929->3930 3930->3853 3931->3891 3932->3896 3933->3898 3941 4025c3 3951 402e0b 3941->3951 3945 4025d6 3946 4025f2 RegEnumKeyW 3945->3946 3947 4025fe RegEnumValueW 3945->3947 3949 402953 3945->3949 3948 402613 RegCloseKey 3946->3948 3947->3948 3948->3949 3952 402dcb 21 API calls 3951->3952 3953 402e22 3952->3953 3954 4063ae RegOpenKeyExW 3953->3954 3955 4025cd 3954->3955 3956 402da9 3955->3956 3957 40657e 21 API calls 3956->3957 3958 402dbe 3957->3958 3958->3945 3959 4015c8 3960 402dcb 21 API calls 3959->3960 3961 4015cf SetFileAttributesW 3960->3961 3962 4015e1 3961->3962 3423 401fc9 3424 402dcb 21 API calls 3423->3424 3425 401fcf 3424->3425 3426 4055c6 28 API calls 3425->3426 3427 401fd9 3426->3427 3438 405b24 CreateProcessW 3427->3438 3432 401ff4 3434 402004 3432->3434 3435 401ff9 3432->3435 3433 402953 3437 402002 CloseHandle 3434->3437 3446 406488 wsprintfW 3435->3446 3437->3433 3439 401fdf 3438->3439 3440 405b57 CloseHandle 3438->3440 3439->3433 3439->3437 3441 4069e0 WaitForSingleObject 3439->3441 3440->3439 3442 4069fa 3441->3442 3443 406a0c GetExitCodeProcess 3442->3443 3447 406971 3442->3447 3443->3432 3446->3437 3448 40698e PeekMessageW 3447->3448 3449 406984 DispatchMessageW 3448->3449 3450 40699e WaitForSingleObject 3448->3450 3449->3448 3450->3442 3966 40204f 3967 402dcb 21 API calls 3966->3967 3968 402056 3967->3968 3969 406935 5 API calls 3968->3969 3970 402065 3969->3970 3971 402081 GlobalAlloc 3970->3971 3972 4020f1 3970->3972 3971->3972 3973 402095 3971->3973 3974 406935 5 API calls 3973->3974 3975 40209c 3974->3975 3976 406935 5 API calls 3975->3976 3977 4020a6 3976->3977 3977->3972 3981 406488 wsprintfW 3977->3981 3979 4020df 3982 406488 wsprintfW 3979->3982 3981->3979 3982->3972 3983 40254f 3984 402e0b 21 API calls 3983->3984 3985 402559 3984->3985 3986 402dcb 21 API calls 3985->3986 3987 402562 3986->3987 3988 40256d RegQueryValueExW 3987->3988 3993 402953 3987->3993 3989 402593 RegCloseKey 3988->3989 3990 40258d 3988->3990 3989->3993 3990->3989 3994 406488 wsprintfW 3990->3994 3994->3989 3995 4021cf 3996 402dcb 21 API calls 3995->3996 3997 4021d6 3996->3997 3998 402dcb 21 API calls 3997->3998 3999 4021e0 3998->3999 4000 402dcb 21 API calls 3999->4000 4001 4021ea 4000->4001 4002 402dcb 21 API calls 4001->4002 4003 4021f4 4002->4003 4004 402dcb 21 API calls 4003->4004 4005 4021fe 4004->4005 4006 40223d CoCreateInstance 4005->4006 4007 402dcb 21 API calls 4005->4007 4010 40225c 4006->4010 4007->4006 4008 401423 28 API calls 4009 40231b 4008->4009 4010->4008 4010->4009 4011 403bd1 4012 403bdc 4011->4012 4013 403be0 4012->4013 4014 403be3 GlobalAlloc 4012->4014 4014->4013 4022 401a55 4023 402dcb 21 API calls 4022->4023 4024 401a5e ExpandEnvironmentStringsW 4023->4024 4025 401a72 4024->4025 4026 401a85 4024->4026 4025->4026 4027 401a77 lstrcmpW 4025->4027 4027->4026 4028 4014d7 4029 402da9 21 API calls 4028->4029 4030 4014dd Sleep 4029->4030 4032 402c4f 4030->4032 4038 4023d7 4039 4023e5 4038->4039 4040 4023df 4038->4040 4042 4023f3 4039->4042 4044 402dcb 21 API calls 4039->4044 4041 402dcb 21 API calls 4040->4041 4041->4039 4043 402401 4042->4043 4045 402dcb 21 API calls 4042->4045 4046 402dcb 21 API calls 4043->4046 4044->4042 4045->4043 4047 40240a WritePrivateProfileStringW 4046->4047 4048 402459 4049 402461 4048->4049 4050 40248c 4048->4050 4051 402e0b 21 API calls 4049->4051 4052 402dcb 21 API calls 4050->4052 4053 402468 4051->4053 4054 402493 4052->4054 4056 402dcb 21 API calls 4053->4056 4058 4024a0 4053->4058 4059 402e89 4054->4059 4057 402479 RegDeleteValueW RegCloseKey 4056->4057 4057->4058 4060 402e96 4059->4060 4061 402e9d 4059->4061 4060->4058 4061->4060 4063 402ece 4061->4063 4064 4063ae RegOpenKeyExW 4063->4064 4065 402efc 4064->4065 4066 402f0c RegEnumValueW 4065->4066 4067 402f2f 4065->4067 4074 402fa6 4065->4074 4066->4067 4068 402f96 RegCloseKey 4066->4068 4067->4068 4069 402f6b RegEnumKeyW 4067->4069 4070 402f74 RegCloseKey 4067->4070 4073 402ece 6 API calls 4067->4073 4068->4074 4069->4067 4069->4070 4071 406935 5 API calls 4070->4071 4072 402f84 4071->4072 4072->4074 4075 402f88 RegDeleteKeyW 4072->4075 4073->4067 4074->4060 4075->4074 4076 40175a 4077 402dcb 21 API calls 4076->4077 4078 401761 SearchPathW 4077->4078 4079 40177c 4078->4079 4080 401d5d 4081 402da9 21 API calls 4080->4081 4082 401d64 4081->4082 4083 402da9 21 API calls 4082->4083 4084 401d70 GetDlgItem 4083->4084 4085 40265d 4084->4085 4086 406c5f 4092 406ae3 4086->4092 4087 40744e 4088 406b64 GlobalFree 4089 406b6d GlobalAlloc 4088->4089 4089->4087 4089->4092 4090 406be4 GlobalAlloc 4090->4087 4090->4092 4091 406bdb GlobalFree 4091->4090 4092->4087 4092->4088 4092->4089 4092->4090 4092->4091 4093 402663 4094 402692 4093->4094 4095 402677 4093->4095 4097 4026c2 4094->4097 4098 402697 4094->4098 4096 402da9 21 API calls 4095->4096 4107 40267e 4096->4107 4100 402dcb 21 API calls 4097->4100 4099 402dcb 21 API calls 4098->4099 4101 40269e 4099->4101 4102 4026c9 lstrlenW 4100->4102 4110 406563 WideCharToMultiByte 4101->4110 4102->4107 4104 4026b2 lstrlenA 4104->4107 4105 4026f6 4106 40270c 4105->4106 4108 4060e3 WriteFile 4105->4108 4107->4105 4107->4106 4111 406112 SetFilePointer 4107->4111 4108->4106 4110->4104 4112 40612e 4111->4112 4119 406146 4111->4119 4113 4060b4 ReadFile 4112->4113 4114 40613a 4113->4114 4115 406177 SetFilePointer 4114->4115 4116 40614f SetFilePointer 4114->4116 4114->4119 4115->4119 4116->4115 4117 40615a 4116->4117 4118 4060e3 WriteFile 4117->4118 4118->4119 4119->4105 3384 4015e6 3385 402dcb 21 API calls 3384->3385 3386 4015ed 3385->3386 3404 405ebb CharNextW CharNextW 3386->3404 3388 4015f6 3389 401656 3388->3389 3390 405e3d CharNextW 3388->3390 3400 40161f 3388->3400 3401 40163c GetFileAttributesW 3388->3401 3414 405b0c 3388->3414 3420 405aef CreateDirectoryW 3388->3420 3391 401688 3389->3391 3392 40165b 3389->3392 3390->3388 3394 401423 28 API calls 3391->3394 3410 401423 3392->3410 3402 401680 3394->3402 3399 40166f SetCurrentDirectoryW 3399->3402 3400->3388 3417 405a95 CreateDirectoryW 3400->3417 3401->3388 3405 405ed8 3404->3405 3406 405eea 3404->3406 3405->3406 3407 405ee5 CharNextW 3405->3407 3408 405e3d CharNextW 3406->3408 3409 405f0e 3406->3409 3407->3409 3408->3406 3409->3388 3411 4055c6 28 API calls 3410->3411 3412 401431 3411->3412 3413 406541 lstrcpynW 3412->3413 3413->3399 3415 406935 5 API calls 3414->3415 3416 405b13 3415->3416 3416->3388 3418 405ae1 3417->3418 3419 405ae5 GetLastError 3417->3419 3418->3400 3419->3418 3421 405b03 GetLastError 3420->3421 3422 405aff 3420->3422 3421->3422 3422->3388 4126 401c68 4127 402da9 21 API calls 4126->4127 4128 401c6f 4127->4128 4129 402da9 21 API calls 4128->4129 4130 401c7c 4129->4130 4131 401c91 4130->4131 4132 402dcb 21 API calls 4130->4132 4133 401ca1 4131->4133 4134 402dcb 21 API calls 4131->4134 4132->4131 4135 401cf8 4133->4135 4136 401cac 4133->4136 4134->4133 4137 402dcb 21 API calls 4135->4137 4138 402da9 21 API calls 4136->4138 4140 401cfd 4137->4140 4139 401cb1 4138->4139 4141 402da9 21 API calls 4139->4141 4142 402dcb 21 API calls 4140->4142 4143 401cbd 4141->4143 4144 401d06 FindWindowExW 4142->4144 4145 401ce8 SendMessageW 4143->4145 4146 401cca SendMessageTimeoutW 4143->4146 4147 401d28 4144->4147 4145->4147 4146->4147 4155 4028e9 4156 4028ef 4155->4156 4157 4028f7 FindClose 4156->4157 4158 402c4f 4156->4158 4157->4158 4159 40496a 4160 4049a0 4159->4160 4161 40497a 4159->4161 4162 404527 8 API calls 4160->4162 4163 4044c0 22 API calls 4161->4163 4165 4049ac 4162->4165 4164 404987 SetDlgItemTextW 4163->4164 4164->4160 4166 4016f1 4167 402dcb 21 API calls 4166->4167 4168 4016f7 GetFullPathNameW 4167->4168 4169 401711 4168->4169 4175 401733 4168->4175 4171 40689e 2 API calls 4169->4171 4169->4175 4170 401748 GetShortPathNameW 4172 402c4f 4170->4172 4173 401723 4171->4173 4173->4175 4176 406541 lstrcpynW 4173->4176 4175->4170 4175->4172 4176->4175 4177 401e73 GetDC 4178 402da9 21 API calls 4177->4178 4179 401e85 GetDeviceCaps MulDiv ReleaseDC 4178->4179 4180 402da9 21 API calls 4179->4180 4181 401eb6 4180->4181 4182 40657e 21 API calls 4181->4182 4183 401ef3 CreateFontIndirectW 4182->4183 4184 40265d 4183->4184 4185 402975 4186 402dcb 21 API calls 4185->4186 4187 402981 4186->4187 4188 402997 4187->4188 4189 402dcb 21 API calls 4187->4189 4190 40600c 2 API calls 4188->4190 4189->4188 4191 40299d 4190->4191 4213 406031 GetFileAttributesW CreateFileW 4191->4213 4193 4029aa 4194 402a60 4193->4194 4195 4029c5 GlobalAlloc 4193->4195 4196 402a48 4193->4196 4197 402a67 DeleteFileW 4194->4197 4198 402a7a 4194->4198 4195->4196 4199 4029de 4195->4199 4200 4032d9 39 API calls 4196->4200 4197->4198 4214 4034d4 SetFilePointer 4199->4214 4202 402a55 CloseHandle 4200->4202 4202->4194 4203 4029e4 4204 4034be ReadFile 4203->4204 4205 4029ed GlobalAlloc 4204->4205 4206 402a31 4205->4206 4207 4029fd 4205->4207 4209 4060e3 WriteFile 4206->4209 4208 4032d9 39 API calls 4207->4208 4212 402a0a 4208->4212 4210 402a3d GlobalFree 4209->4210 4210->4196 4211 402a28 GlobalFree 4211->4206 4212->4211 4213->4193 4214->4203 4215 4014f5 SetForegroundWindow 4216 402c4f 4215->4216 4217 4045f6 lstrcpynW lstrlenW 4218 40197b 4219 402dcb 21 API calls 4218->4219 4220 401982 lstrlenW 4219->4220 4221 40265d 4220->4221 4222 4020fd 4223 40210f 4222->4223 4233 4021c1 4222->4233 4224 402dcb 21 API calls 4223->4224 4226 402116 4224->4226 4225 401423 28 API calls 4231 40231b 4225->4231 4227 402dcb 21 API calls 4226->4227 4228 40211f 4227->4228 4229 402135 LoadLibraryExW 4228->4229 4230 402127 GetModuleHandleW 4228->4230 4232 402146 4229->4232 4229->4233 4230->4229 4230->4232 4242 4069a4 4232->4242 4233->4225 4236 402190 4238 4055c6 28 API calls 4236->4238 4237 402157 4239 401423 28 API calls 4237->4239 4240 402167 4237->4240 4238->4240 4239->4240 4240->4231 4241 4021b3 FreeLibrary 4240->4241 4241->4231 4247 406563 WideCharToMultiByte 4242->4247 4244 4069c1 4245 4069c8 GetProcAddress 4244->4245 4246 402151 4244->4246 4245->4246 4246->4236 4246->4237 4247->4244 4248 402b7e 4249 402bd0 4248->4249 4250 402b85 4248->4250 4251 406935 5 API calls 4249->4251 4253 402da9 21 API calls 4250->4253 4256 402bce 4250->4256 4252 402bd7 4251->4252 4254 402dcb 21 API calls 4252->4254 4255 402b93 4253->4255 4257 402be0 4254->4257 4258 402da9 21 API calls 4255->4258 4257->4256 4259 402be4 IIDFromString 4257->4259 4260 402b9f 4258->4260 4259->4256 4261 402bf3 4259->4261 4265 406488 wsprintfW 4260->4265 4261->4256 4266 406541 lstrcpynW 4261->4266 4263 402c10 CoTaskMemFree 4263->4256 4265->4256 4266->4263 4274 40467f 4275 404697 4274->4275 4281 4047b1 4274->4281 4279 4044c0 22 API calls 4275->4279 4276 40481b 4277 4048e5 4276->4277 4278 404825 GetDlgItem 4276->4278 4284 404527 8 API calls 4277->4284 4280 40483f 4278->4280 4285 4048a6 4278->4285 4283 4046fe 4279->4283 4280->4285 4289 404865 SendMessageW LoadCursorW SetCursor 4280->4289 4281->4276 4281->4277 4282 4047ec GetDlgItem SendMessageW 4281->4282 4307 4044e2 EnableWindow 4282->4307 4287 4044c0 22 API calls 4283->4287 4288 4048e0 4284->4288 4285->4277 4290 4048b8 4285->4290 4292 40470b CheckDlgButton 4287->4292 4311 40492e 4289->4311 4294 4048ce 4290->4294 4295 4048be SendMessageW 4290->4295 4291 404816 4308 40490a 4291->4308 4305 4044e2 EnableWindow 4292->4305 4294->4288 4296 4048d4 SendMessageW 4294->4296 4295->4294 4296->4288 4300 404729 GetDlgItem 4306 4044f5 SendMessageW 4300->4306 4302 40473f SendMessageW 4303 404765 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4302->4303 4304 40475c GetSysColor 4302->4304 4303->4288 4304->4303 4305->4300 4306->4302 4307->4291 4309 404918 4308->4309 4310 40491d SendMessageW 4308->4310 4309->4310 4310->4276 4314 405b67 ShellExecuteExW 4311->4314 4313 404894 LoadCursorW SetCursor 4313->4285 4314->4313 4315 401000 4316 401037 BeginPaint GetClientRect 4315->4316 4317 40100c DefWindowProcW 4315->4317 4319 4010f3 4316->4319 4320 401179 4317->4320 4321 401073 CreateBrushIndirect FillRect DeleteObject 4319->4321 4322 4010fc 4319->4322 4321->4319 4323 401102 CreateFontIndirectW 4322->4323 4324 401167 EndPaint 4322->4324 4323->4324 4325 401112 6 API calls 4323->4325 4324->4320 4325->4324 4326 402a80 4327 402da9 21 API calls 4326->4327 4328 402a86 4327->4328 4329 402ac9 4328->4329 4330 402aad 4328->4330 4336 402953 4328->4336 4332 402ae3 4329->4332 4333 402ad3 4329->4333 4331 402ab2 4330->4331 4339 402ac3 4330->4339 4340 406541 lstrcpynW 4331->4340 4335 40657e 21 API calls 4332->4335 4334 402da9 21 API calls 4333->4334 4334->4339 4335->4339 4339->4336 4341 406488 wsprintfW 4339->4341 4340->4336 4341->4336 4342 401781 4343 402dcb 21 API calls 4342->4343 4344 401788 4343->4344 4345 406060 2 API calls 4344->4345 4346 40178f 4345->4346 4346->4346 4347 401d82 4348 402da9 21 API calls 4347->4348 4349 401d93 SetWindowLongW 4348->4349 4350 402c4f 4349->4350 4351 401503 4352 401508 4351->4352 4353 40152e 4351->4353 4354 402da9 21 API calls 4352->4354 4354->4353 4355 402903 4356 40290b 4355->4356 4357 40290f FindNextFileW 4356->4357 4360 402921 4356->4360 4358 402968 4357->4358 4357->4360 4361 406541 lstrcpynW 4358->4361 4361->4360 4362 405705 4363 405726 GetDlgItem GetDlgItem GetDlgItem 4362->4363 4364 4058af 4362->4364 4407 4044f5 SendMessageW 4363->4407 4366 4058e0 4364->4366 4367 4058b8 GetDlgItem CreateThread CloseHandle 4364->4367 4369 40590b 4366->4369 4371 405930 4366->4371 4372 4058f7 ShowWindow ShowWindow 4366->4372 4367->4366 4368 405796 4376 40579d GetClientRect GetSystemMetrics SendMessageW SendMessageW 4368->4376 4370 40596b 4369->4370 4373 405945 ShowWindow 4369->4373 4374 40591f 4369->4374 4370->4371 4383 405979 SendMessageW 4370->4383 4375 404527 8 API calls 4371->4375 4409 4044f5 SendMessageW 4372->4409 4379 405965 4373->4379 4380 405957 4373->4380 4378 404499 SendMessageW 4374->4378 4389 40593e 4375->4389 4381 40580b 4376->4381 4382 4057ef SendMessageW SendMessageW 4376->4382 4378->4371 4385 404499 SendMessageW 4379->4385 4384 4055c6 28 API calls 4380->4384 4386 405810 SendMessageW 4381->4386 4387 40581e 4381->4387 4382->4381 4388 405992 CreatePopupMenu 4383->4388 4383->4389 4384->4379 4385->4370 4386->4387 4391 4044c0 22 API calls 4387->4391 4390 40657e 21 API calls 4388->4390 4392 4059a2 AppendMenuW 4390->4392 4393 40582e 4391->4393 4394 4059d2 TrackPopupMenu 4392->4394 4395 4059bf GetWindowRect 4392->4395 4396 405837 ShowWindow 4393->4396 4397 40586b GetDlgItem SendMessageW 4393->4397 4394->4389 4398 4059ed 4394->4398 4395->4394 4399 40585a 4396->4399 4400 40584d ShowWindow 4396->4400 4397->4389 4401 405892 SendMessageW SendMessageW 4397->4401 4402 405a09 SendMessageW 4398->4402 4408 4044f5 SendMessageW 4399->4408 4400->4399 4401->4389 4402->4402 4403 405a26 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4402->4403 4405 405a4b SendMessageW 4403->4405 4405->4405 4406 405a74 GlobalUnlock SetClipboardData CloseClipboard 4405->4406 4406->4389 4407->4368 4408->4397 4409->4369 4410 404d07 4411 404d33 4410->4411 4412 404d17 4410->4412 4414 404d66 4411->4414 4415 404d39 SHGetPathFromIDListW 4411->4415 4421 405b85 GetDlgItemTextW 4412->4421 4416 404d50 SendMessageW 4415->4416 4417 404d49 4415->4417 4416->4414 4419 40140b 2 API calls 4417->4419 4418 404d24 SendMessageW 4418->4411 4419->4416 4421->4418 4422 401588 4423 402bc9 4422->4423 4426 406488 wsprintfW 4423->4426 4425 402bce 4426->4425 3451 401389 3453 401390 3451->3453 3452 4013fe 3453->3452 3454 4013cb MulDiv SendMessageW 3453->3454 3454->3453 4427 40198d 4428 402da9 21 API calls 4427->4428 4429 401994 4428->4429 4430 402da9 21 API calls 4429->4430 4431 4019a1 4430->4431 4432 402dcb 21 API calls 4431->4432 4433 4019b8 lstrlenW 4432->4433 4435 4019c9 4433->4435 4434 401a0a 4435->4434 4439 406541 lstrcpynW 4435->4439 4437 4019fa 4437->4434 4438 4019ff lstrlenW 4437->4438 4438->4434 4439->4437 4440 40168f 4441 402dcb 21 API calls 4440->4441 4442 401695 4441->4442 4443 40689e 2 API calls 4442->4443 4444 40169b 4443->4444 4445 402b10 4446 402da9 21 API calls 4445->4446 4447 402b16 4446->4447 4448 402953 4447->4448 4449 40657e 21 API calls 4447->4449 4449->4448 4450 402711 4451 402da9 21 API calls 4450->4451 4452 402720 4451->4452 4453 40276a ReadFile 4452->4453 4454 4060b4 ReadFile 4452->4454 4455 406112 5 API calls 4452->4455 4456 4027aa MultiByteToWideChar 4452->4456 4457 40285f 4452->4457 4459 4027d0 SetFilePointer MultiByteToWideChar 4452->4459 4460 402870 4452->4460 4462 40285d 4452->4462 4453->4452 4453->4462 4454->4452 4455->4452 4456->4452 4463 406488 wsprintfW 4457->4463 4459->4452 4461 402891 SetFilePointer 4460->4461 4460->4462 4461->4462 4463->4462 4464 401491 4465 4055c6 28 API calls 4464->4465 4466 401498 4465->4466 3224 401794 3263 402dcb 3224->3263 3226 40179b 3227 4017c3 3226->3227 3228 4017bb 3226->3228 3315 406541 lstrcpynW 3227->3315 3314 406541 lstrcpynW 3228->3314 3231 4017ce 3316 405e10 lstrlenW CharPrevW 3231->3316 3232 4017c1 3269 4067ef 3232->3269 3236 4017e0 3237 4017e6 3236->3237 3242 4018b2 3236->3242 3243 401889 3236->3243 3246 406541 lstrcpynW 3236->3246 3278 40600c GetFileAttributesW 3236->3278 3281 406031 GetFileAttributesW CreateFileW 3236->3281 3322 40657e 3236->3322 3339 405ba1 3236->3339 3237->3236 3241 4017f2 CompareFileTime 3237->3241 3319 40689e FindFirstFileW 3237->3319 3241->3237 3282 4055c6 3242->3282 3245 4055c6 28 API calls 3243->3245 3253 40189e 3243->3253 3245->3253 3246->3236 3250 4018e3 SetFileTime 3252 4018f5 CloseHandle 3250->3252 3252->3253 3254 401906 3252->3254 3255 40190b 3254->3255 3256 40191e 3254->3256 3258 40657e 21 API calls 3255->3258 3257 40657e 21 API calls 3256->3257 3260 401926 3257->3260 3259 401913 lstrcatW 3258->3259 3259->3260 3262 405ba1 MessageBoxIndirectW 3260->3262 3262->3253 3264 402dd7 3263->3264 3265 40657e 21 API calls 3264->3265 3266 402df8 3265->3266 3267 402e04 3266->3267 3268 4067ef 5 API calls 3266->3268 3267->3226 3268->3267 3276 4067fc 3269->3276 3270 406872 3271 406877 CharPrevW 3270->3271 3274 406898 3270->3274 3271->3270 3272 406865 CharNextW 3272->3270 3272->3276 3274->3236 3275 406851 CharNextW 3275->3276 3276->3270 3276->3272 3276->3275 3277 406860 CharNextW 3276->3277 3343 405e3d 3276->3343 3277->3272 3279 40602b 3278->3279 3280 40601e SetFileAttributesW 3278->3280 3279->3236 3280->3279 3281->3236 3283 4055e1 3282->3283 3291 4018bc 3282->3291 3284 4055fd lstrlenW 3283->3284 3285 40657e 21 API calls 3283->3285 3286 405626 3284->3286 3287 40560b lstrlenW 3284->3287 3285->3284 3289 405639 3286->3289 3290 40562c SetWindowTextW 3286->3290 3288 40561d lstrcatW 3287->3288 3287->3291 3288->3286 3289->3291 3292 40563f SendMessageW SendMessageW SendMessageW 3289->3292 3290->3289 3293 4032d9 3291->3293 3292->3291 3295 4032f2 3293->3295 3294 40331d 3347 4034be 3294->3347 3295->3294 3360 4034d4 SetFilePointer 3295->3360 3299 40333a GetTickCount 3310 40334d 3299->3310 3300 40345e 3301 403462 3300->3301 3306 40347a 3300->3306 3302 4034be ReadFile 3301->3302 3303 4018cf 3302->3303 3303->3250 3303->3252 3304 4034be ReadFile 3304->3306 3305 4034be ReadFile 3305->3310 3306->3303 3306->3304 3307 4060e3 WriteFile 3306->3307 3307->3306 3309 4033b3 GetTickCount 3309->3310 3310->3303 3310->3305 3310->3309 3311 4033dc MulDiv wsprintfW 3310->3311 3350 406ab0 3310->3350 3358 4060e3 WriteFile 3310->3358 3312 4055c6 28 API calls 3311->3312 3312->3310 3314->3232 3315->3231 3317 4017d4 lstrcatW 3316->3317 3318 405e2c lstrcatW 3316->3318 3317->3232 3318->3317 3320 4068b4 FindClose 3319->3320 3321 4068bf 3319->3321 3320->3321 3321->3237 3337 406589 3322->3337 3323 4067d0 3324 4067e9 3323->3324 3376 406541 lstrcpynW 3323->3376 3324->3236 3326 4067a1 lstrlenW 3326->3337 3330 40669a GetSystemDirectoryW 3330->3337 3331 40657e 15 API calls 3331->3326 3332 4066b0 GetWindowsDirectoryW 3332->3337 3333 406742 lstrcatW 3333->3337 3334 4067ef 5 API calls 3334->3337 3335 40657e 15 API calls 3335->3337 3337->3323 3337->3326 3337->3330 3337->3331 3337->3332 3337->3333 3337->3334 3337->3335 3338 406712 SHGetPathFromIDListW CoTaskMemFree 3337->3338 3363 40640f 3337->3363 3368 406935 GetModuleHandleA 3337->3368 3374 406488 wsprintfW 3337->3374 3375 406541 lstrcpynW 3337->3375 3338->3337 3340 405bb6 3339->3340 3341 405c02 3340->3341 3342 405bca MessageBoxIndirectW 3340->3342 3341->3236 3342->3341 3344 405e43 3343->3344 3345 405e59 3344->3345 3346 405e4a CharNextW 3344->3346 3345->3276 3346->3344 3361 4060b4 ReadFile 3347->3361 3351 406ad5 3350->3351 3352 406add 3350->3352 3351->3310 3352->3351 3353 406b64 GlobalFree 3352->3353 3354 406b6d GlobalAlloc 3352->3354 3355 406be4 GlobalAlloc 3352->3355 3356 406bdb GlobalFree 3352->3356 3353->3354 3354->3351 3357 406b81 3354->3357 3355->3351 3355->3352 3356->3355 3357->3352 3359 406101 3358->3359 3359->3310 3360->3294 3362 403328 3361->3362 3362->3299 3362->3300 3362->3303 3377 4063ae 3363->3377 3366 406443 RegQueryValueExW RegCloseKey 3367 406473 3366->3367 3367->3337 3369 406951 3368->3369 3370 40695b GetProcAddress 3368->3370 3381 4068c5 GetSystemDirectoryW 3369->3381 3373 40696a 3370->3373 3372 406957 3372->3370 3372->3373 3373->3337 3374->3337 3375->3337 3376->3324 3378 4063bd 3377->3378 3379 4063c1 3378->3379 3380 4063c6 RegOpenKeyExW 3378->3380 3379->3366 3379->3367 3380->3379 3382 4068e7 wsprintfW LoadLibraryExW 3381->3382 3382->3372 4481 401a97 4482 402da9 21 API calls 4481->4482 4483 401aa0 4482->4483 4484 402da9 21 API calls 4483->4484 4485 401a45 4484->4485 4486 401598 4487 4015b1 4486->4487 4488 4015a8 ShowWindow 4486->4488 4489 4015bf ShowWindow 4487->4489 4490 402c4f 4487->4490 4488->4487 4489->4490 4491 402419 4492 402dcb 21 API calls 4491->4492 4493 402428 4492->4493 4494 402dcb 21 API calls 4493->4494 4495 402431 4494->4495 4496 402dcb 21 API calls 4495->4496 4497 40243b GetPrivateProfileStringW 4496->4497 4498 40201b 4499 402dcb 21 API calls 4498->4499 4500 402022 4499->4500 4501 40689e 2 API calls 4500->4501 4502 402028 4501->4502 4504 402039 4502->4504 4505 406488 wsprintfW 4502->4505 4505->4504 3570 40351c SetErrorMode GetVersionExW 3571 403570 GetVersionExW 3570->3571 3572 4035a8 3570->3572 3571->3572 3573 4035ff 3572->3573 3574 406935 5 API calls 3572->3574 3575 4068c5 3 API calls 3573->3575 3574->3573 3576 403615 lstrlenA 3575->3576 3576->3573 3577 403625 3576->3577 3578 406935 5 API calls 3577->3578 3579 40362c 3578->3579 3580 406935 5 API calls 3579->3580 3581 403633 3580->3581 3582 406935 5 API calls 3581->3582 3583 40363f #17 OleInitialize SHGetFileInfoW 3582->3583 3658 406541 lstrcpynW 3583->3658 3586 40368e GetCommandLineW 3659 406541 lstrcpynW 3586->3659 3588 4036a0 3589 405e3d CharNextW 3588->3589 3590 4036c6 CharNextW 3589->3590 3596 4036d8 3590->3596 3591 4037da 3592 4037ee GetTempPathW 3591->3592 3660 4034eb 3592->3660 3594 403806 3597 403860 DeleteFileW 3594->3597 3598 40380a GetWindowsDirectoryW lstrcatW 3594->3598 3595 405e3d CharNextW 3595->3596 3596->3591 3596->3595 3603 4037dc 3596->3603 3670 4030a2 GetTickCount GetModuleFileNameW 3597->3670 3600 4034eb 12 API calls 3598->3600 3602 403826 3600->3602 3601 403874 3604 403a67 ExitProcess CoUninitialize 3601->3604 3609 40391b 3601->3609 3613 405e3d CharNextW 3601->3613 3602->3597 3605 40382a GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3602->3605 3755 406541 lstrcpynW 3603->3755 3607 403a79 3604->3607 3608 403a9d 3604->3608 3606 4034eb 12 API calls 3605->3606 3611 403858 3606->3611 3612 405ba1 MessageBoxIndirectW 3607->3612 3614 403b21 ExitProcess 3608->3614 3615 403aa5 GetCurrentProcess OpenProcessToken 3608->3615 3698 403c13 3609->3698 3611->3597 3611->3604 3618 403a87 ExitProcess 3612->3618 3627 403893 3613->3627 3619 403af1 3615->3619 3620 403abd LookupPrivilegeValueW AdjustTokenPrivileges 3615->3620 3622 406935 5 API calls 3619->3622 3620->3619 3623 403af8 3622->3623 3629 403b0d ExitWindowsEx 3623->3629 3631 403b1a 3623->3631 3624 4038f1 3626 405f18 18 API calls 3624->3626 3625 403934 3628 405b0c 5 API calls 3625->3628 3630 4038fd 3626->3630 3627->3624 3627->3625 3632 403939 lstrlenW 3628->3632 3629->3614 3629->3631 3630->3604 3756 406541 lstrcpynW 3630->3756 3760 40140b 3631->3760 3758 406541 lstrcpynW 3632->3758 3636 403953 3638 40395c 3636->3638 3655 40396b 3636->3655 3637 403910 3757 406541 lstrcpynW 3637->3757 3759 406541 lstrcpynW 3638->3759 3641 403991 wsprintfW 3642 40657e 21 API calls 3641->3642 3642->3655 3643 405a95 2 API calls 3643->3655 3644 405aef 2 API calls 3644->3655 3645 403a07 SetCurrentDirectoryW 3647 406301 40 API calls 3645->3647 3646 4039cd GetFileAttributesW 3648 4039d9 DeleteFileW 3646->3648 3646->3655 3650 403a16 CopyFileW 3647->3650 3648->3655 3649 403a05 3649->3604 3650->3649 3650->3655 3651 405c4d 71 API calls 3651->3655 3652 406301 40 API calls 3652->3655 3653 40657e 21 API calls 3653->3655 3654 405b24 2 API calls 3654->3655 3655->3641 3655->3643 3655->3644 3655->3645 3655->3646 3655->3649 3655->3651 3655->3652 3655->3653 3655->3654 3656 403a8f CloseHandle 3655->3656 3657 40689e 2 API calls 3655->3657 3656->3649 3657->3655 3658->3586 3659->3588 3661 4067ef 5 API calls 3660->3661 3663 4034f7 3661->3663 3662 403501 3662->3594 3663->3662 3664 405e10 3 API calls 3663->3664 3665 403509 3664->3665 3666 405aef 2 API calls 3665->3666 3667 40350f 3666->3667 3763 406060 3667->3763 3767 406031 GetFileAttributesW CreateFileW 3670->3767 3672 4030e2 3691 4030f2 3672->3691 3768 406541 lstrcpynW 3672->3768 3674 403108 3675 405e5c 2 API calls 3674->3675 3676 40310e 3675->3676 3769 406541 lstrcpynW 3676->3769 3678 403119 GetFileSize 3679 403213 3678->3679 3693 403130 3678->3693 3770 40303e 3679->3770 3681 40321c 3683 40324c GlobalAlloc 3681->3683 3681->3691 3782 4034d4 SetFilePointer 3681->3782 3682 4034be ReadFile 3682->3693 3781 4034d4 SetFilePointer 3683->3781 3685 40327f 3688 40303e 6 API calls 3685->3688 3687 403267 3690 4032d9 39 API calls 3687->3690 3688->3691 3689 403235 3692 4034be ReadFile 3689->3692 3696 403273 3690->3696 3691->3601 3694 403240 3692->3694 3693->3679 3693->3682 3693->3685 3693->3691 3695 40303e 6 API calls 3693->3695 3694->3683 3694->3691 3695->3693 3696->3691 3696->3696 3697 4032b0 SetFilePointer 3696->3697 3697->3691 3699 406935 5 API calls 3698->3699 3700 403c27 3699->3700 3701 403c2d 3700->3701 3702 403c3f 3700->3702 3791 406488 wsprintfW 3701->3791 3703 40640f 3 API calls 3702->3703 3704 403c6f 3703->3704 3706 403c8e lstrcatW 3704->3706 3708 40640f 3 API calls 3704->3708 3707 403c3d 3706->3707 3783 403ee9 3707->3783 3708->3706 3711 405f18 18 API calls 3712 403cc0 3711->3712 3713 403d54 3712->3713 3716 40640f 3 API calls 3712->3716 3714 405f18 18 API calls 3713->3714 3715 403d5a 3714->3715 3717 403d6a LoadImageW 3715->3717 3718 40657e 21 API calls 3715->3718 3722 403cf2 3716->3722 3719 403e10 3717->3719 3720 403d91 RegisterClassW 3717->3720 3718->3717 3724 40140b 2 API calls 3719->3724 3723 403dc7 SystemParametersInfoW CreateWindowExW 3720->3723 3753 40392b 3720->3753 3721 403d13 lstrlenW 3726 403d21 lstrcmpiW 3721->3726 3727 403d47 3721->3727 3722->3713 3722->3721 3725 405e3d CharNextW 3722->3725 3723->3719 3728 403e16 3724->3728 3729 403d10 3725->3729 3726->3727 3730 403d31 GetFileAttributesW 3726->3730 3731 405e10 3 API calls 3727->3731 3733 403ee9 22 API calls 3728->3733 3728->3753 3729->3721 3732 403d3d 3730->3732 3734 403d4d 3731->3734 3732->3727 3735 405e5c 2 API calls 3732->3735 3736 403e27 3733->3736 3792 406541 lstrcpynW 3734->3792 3735->3727 3738 403e33 ShowWindow 3736->3738 3739 403eb6 3736->3739 3741 4068c5 3 API calls 3738->3741 3793 405699 OleInitialize 3739->3793 3742 403e4b 3741->3742 3744 403e59 GetClassInfoW 3742->3744 3747 4068c5 3 API calls 3742->3747 3743 403ebc 3745 403ec0 3743->3745 3746 403ed8 3743->3746 3749 403e83 DialogBoxParamW 3744->3749 3750 403e6d GetClassInfoW RegisterClassW 3744->3750 3752 40140b 2 API calls 3745->3752 3745->3753 3748 40140b 2 API calls 3746->3748 3747->3744 3748->3753 3751 40140b 2 API calls 3749->3751 3750->3749 3754 403eab 3751->3754 3752->3753 3753->3604 3754->3753 3755->3592 3756->3637 3757->3609 3758->3636 3759->3655 3761 401389 2 API calls 3760->3761 3762 401420 3761->3762 3762->3614 3764 40606d GetTickCount GetTempFileNameW 3763->3764 3765 40351a 3764->3765 3766 4060a3 3764->3766 3765->3594 3766->3764 3766->3765 3767->3672 3768->3674 3769->3678 3771 403047 3770->3771 3772 40305f 3770->3772 3773 403050 DestroyWindow 3771->3773 3774 403057 3771->3774 3775 403067 3772->3775 3776 40306f GetTickCount 3772->3776 3773->3774 3774->3681 3777 406971 2 API calls 3775->3777 3778 4030a0 3776->3778 3779 40307d CreateDialogParamW ShowWindow 3776->3779 3780 40306d 3777->3780 3778->3681 3779->3778 3780->3681 3781->3687 3782->3689 3784 403efd 3783->3784 3800 406488 wsprintfW 3784->3800 3786 403f6e 3801 403fa2 3786->3801 3788 403c9e 3788->3711 3789 403f73 3789->3788 3790 40657e 21 API calls 3789->3790 3790->3789 3791->3707 3792->3713 3804 40450c 3793->3804 3795 40450c SendMessageW 3797 4056f5 OleUninitialize 3795->3797 3796 4056bc 3799 4056e3 3796->3799 3807 401389 3796->3807 3797->3743 3799->3795 3800->3786 3802 40657e 21 API calls 3801->3802 3803 403fb0 SetWindowTextW 3802->3803 3803->3789 3805 404524 3804->3805 3806 404515 SendMessageW 3804->3806 3805->3796 3806->3805 3809 401390 3807->3809 3808 4013fe 3808->3796 3809->3808 3810 4013cb MulDiv SendMessageW 3809->3810 3810->3809 4513 401b9c 4514 402dcb 21 API calls 4513->4514 4515 401ba3 4514->4515 4516 402da9 21 API calls 4515->4516 4517 401bac wsprintfW 4516->4517 4518 402c4f 4517->4518 4519 40149e 4520 4014ac PostQuitMessage 4519->4520 4521 4023c2 4519->4521 4520->4521 4522 4016a0 4523 402dcb 21 API calls 4522->4523 4524 4016a7 4523->4524 4525 402dcb 21 API calls 4524->4525 4526 4016b0 4525->4526 4527 402dcb 21 API calls 4526->4527 4528 4016b9 MoveFileW 4527->4528 4529 4016c5 4528->4529 4530 4016cc 4528->4530 4532 401423 28 API calls 4529->4532 4531 40689e 2 API calls 4530->4531 4534 40231b 4530->4534 4533 4016db 4531->4533 4532->4534 4533->4534 4535 406301 40 API calls 4533->4535 4535->4529 4536 401a24 4537 402dcb 21 API calls 4536->4537 4538 401a2b 4537->4538 4539 402dcb 21 API calls 4538->4539 4540 401a34 4539->4540 4541 401a3b lstrcmpiW 4540->4541 4542 401a4d lstrcmpW 4540->4542 4543 401a41 4541->4543 4542->4543 4544 402324 4545 402dcb 21 API calls 4544->4545 4546 40232a 4545->4546 4547 402dcb 21 API calls 4546->4547 4548 402333 4547->4548 4549 402dcb 21 API calls 4548->4549 4550 40233c 4549->4550 4551 40689e 2 API calls 4550->4551 4552 402345 4551->4552 4553 402356 lstrlenW lstrlenW 4552->4553 4557 402349 4552->4557 4555 4055c6 28 API calls 4553->4555 4554 4055c6 28 API calls 4558 402351 4554->4558 4556 402394 SHFileOperationW 4555->4556 4556->4557 4556->4558 4557->4554 4557->4558 4559 401da6 4560 401db9 GetDlgItem 4559->4560 4561 401dac 4559->4561 4563 401db3 4560->4563 4562 402da9 21 API calls 4561->4562 4562->4563 4564 401dfa GetClientRect LoadImageW SendMessageW 4563->4564 4566 402dcb 21 API calls 4563->4566 4567 401e58 4564->4567 4569 401e64 4564->4569 4566->4564 4568 401e5d DeleteObject 4567->4568 4567->4569 4568->4569 4570 4023a8 4571 4023af 4570->4571 4573 4023c2 4570->4573 4572 40657e 21 API calls 4571->4572 4574 4023bc 4572->4574 4575 405ba1 MessageBoxIndirectW 4574->4575 4575->4573 4576 402c2a SendMessageW 4577 402c44 InvalidateRect 4576->4577 4578 402c4f 4576->4578 4577->4578 4586 404f2d GetDlgItem GetDlgItem 4587 404f7f 7 API calls 4586->4587 4591 4051a4 4586->4591 4588 405026 DeleteObject 4587->4588 4589 405019 SendMessageW 4587->4589 4590 40502f 4588->4590 4589->4588 4592 405066 4590->4592 4595 40657e 21 API calls 4590->4595 4603 405286 4591->4603 4615 405213 4591->4615 4640 404e7b SendMessageW 4591->4640 4593 4044c0 22 API calls 4592->4593 4596 40507a 4593->4596 4594 405332 4598 405344 4594->4598 4599 40533c SendMessageW 4594->4599 4600 405048 SendMessageW SendMessageW 4595->4600 4601 4044c0 22 API calls 4596->4601 4597 405197 4605 404527 8 API calls 4597->4605 4610 405356 ImageList_Destroy 4598->4610 4611 40535d 4598->4611 4616 40536d 4598->4616 4599->4598 4600->4590 4619 40508b 4601->4619 4602 4052df SendMessageW 4602->4597 4608 4052f4 SendMessageW 4602->4608 4603->4594 4603->4597 4603->4602 4604 405278 SendMessageW 4604->4603 4609 405533 4605->4609 4607 4054e7 4607->4597 4617 4054f9 ShowWindow GetDlgItem ShowWindow 4607->4617 4614 405307 4608->4614 4610->4611 4612 405366 GlobalFree 4611->4612 4611->4616 4612->4616 4613 405166 GetWindowLongW SetWindowLongW 4618 40517f 4613->4618 4625 405318 SendMessageW 4614->4625 4615->4603 4615->4604 4616->4607 4633 4053a8 4616->4633 4645 404efb 4616->4645 4617->4597 4620 405184 ShowWindow 4618->4620 4621 40519c 4618->4621 4619->4613 4624 4050de SendMessageW 4619->4624 4626 405161 4619->4626 4627 405130 SendMessageW 4619->4627 4628 40511c SendMessageW 4619->4628 4638 4044f5 SendMessageW 4620->4638 4639 4044f5 SendMessageW 4621->4639 4624->4619 4625->4594 4626->4613 4626->4618 4627->4619 4628->4619 4630 4054b2 4631 4054bd InvalidateRect 4630->4631 4634 4054c9 4630->4634 4631->4634 4632 4053d6 SendMessageW 4637 4053ec 4632->4637 4633->4632 4633->4637 4634->4607 4654 404e36 4634->4654 4636 405460 SendMessageW SendMessageW 4636->4637 4637->4630 4637->4636 4638->4597 4639->4591 4641 404eda SendMessageW 4640->4641 4642 404e9e GetMessagePos ScreenToClient SendMessageW 4640->4642 4643 404ed2 4641->4643 4642->4643 4644 404ed7 4642->4644 4643->4615 4644->4641 4657 406541 lstrcpynW 4645->4657 4647 404f0e 4658 406488 wsprintfW 4647->4658 4649 404f18 4650 40140b 2 API calls 4649->4650 4651 404f21 4650->4651 4659 406541 lstrcpynW 4651->4659 4653 404f28 4653->4633 4660 404d6d 4654->4660 4656 404e4b 4656->4607 4657->4647 4658->4649 4659->4653 4663 404d86 4660->4663 4661 40657e 21 API calls 4662 404dea 4661->4662 4664 40657e 21 API calls 4662->4664 4663->4661 4665 404df5 4664->4665 4666 40657e 21 API calls 4665->4666 4667 404e0b lstrlenW wsprintfW SetDlgItemTextW 4666->4667 4667->4656 4668 4024af 4669 402dcb 21 API calls 4668->4669 4670 4024c1 4669->4670 4671 402dcb 21 API calls 4670->4671 4672 4024cb 4671->4672 4685 402e5b 4672->4685 4675 402953 4676 402dcb 21 API calls 4680 4024f9 lstrlenW 4676->4680 4677 402503 4678 40250f 4677->4678 4681 402da9 21 API calls 4677->4681 4679 40252e RegSetValueExW 4678->4679 4682 4032d9 39 API calls 4678->4682 4683 402544 RegCloseKey 4679->4683 4680->4677 4681->4678 4682->4679 4683->4675 4686 402e76 4685->4686 4689 4063dc 4686->4689 4690 4063eb 4689->4690 4691 4024db 4690->4691 4692 4063f6 RegCreateKeyExW 4690->4692 4691->4675 4691->4676 4691->4677 4692->4691 4693 404630 lstrlenW 4694 404651 WideCharToMultiByte 4693->4694 4695 40464f 4693->4695 4695->4694 4696 402930 4697 402dcb 21 API calls 4696->4697 4698 402937 FindFirstFileW 4697->4698 4699 40295f 4698->4699 4702 40294a 4698->4702 4700 402968 4699->4700 4704 406488 wsprintfW 4699->4704 4705 406541 lstrcpynW 4700->4705 4704->4700 4705->4702 4706 401931 4707 401968 4706->4707 4708 402dcb 21 API calls 4707->4708 4709 40196d 4708->4709 4710 405c4d 71 API calls 4709->4710 4711 401976 4710->4711 4712 4049b1 4713 4049dd 4712->4713 4714 4049ee 4712->4714 4773 405b85 GetDlgItemTextW 4713->4773 4715 4049fa GetDlgItem 4714->4715 4748 404a59 4714->4748 4720 404a0e 4715->4720 4717 4049e8 4719 4067ef 5 API calls 4717->4719 4718 404b3d 4722 404cec 4718->4722 4775 405b85 GetDlgItemTextW 4718->4775 4719->4714 4721 404a22 SetWindowTextW 4720->4721 4725 405ebb 4 API calls 4720->4725 4726 4044c0 22 API calls 4721->4726 4724 404527 8 API calls 4722->4724 4729 404d00 4724->4729 4730 404a18 4725->4730 4731 404a3e 4726->4731 4727 40657e 21 API calls 4732 404acd SHBrowseForFolderW 4727->4732 4728 404b6d 4733 405f18 18 API calls 4728->4733 4730->4721 4737 405e10 3 API calls 4730->4737 4734 4044c0 22 API calls 4731->4734 4732->4718 4735 404ae5 CoTaskMemFree 4732->4735 4736 404b73 4733->4736 4738 404a4c 4734->4738 4739 405e10 3 API calls 4735->4739 4776 406541 lstrcpynW 4736->4776 4737->4721 4774 4044f5 SendMessageW 4738->4774 4741 404af2 4739->4741 4744 404b29 SetDlgItemTextW 4741->4744 4749 40657e 21 API calls 4741->4749 4743 404a52 4746 406935 5 API calls 4743->4746 4744->4718 4745 404b8a 4747 406935 5 API calls 4745->4747 4746->4748 4756 404b91 4747->4756 4748->4718 4748->4722 4748->4727 4750 404b11 lstrcmpiW 4749->4750 4750->4744 4752 404b22 lstrcatW 4750->4752 4751 404bd2 4777 406541 lstrcpynW 4751->4777 4752->4744 4754 404bd9 4755 405ebb 4 API calls 4754->4755 4757 404bdf GetDiskFreeSpaceW 4755->4757 4756->4751 4760 405e5c 2 API calls 4756->4760 4762 404c2a 4756->4762 4759 404c03 MulDiv 4757->4759 4757->4762 4759->4762 4760->4756 4761 404c9b 4764 404cbe 4761->4764 4766 40140b 2 API calls 4761->4766 4762->4761 4763 404e36 24 API calls 4762->4763 4765 404c88 4763->4765 4778 4044e2 EnableWindow 4764->4778 4767 404c9d SetDlgItemTextW 4765->4767 4768 404c8d 4765->4768 4766->4764 4767->4761 4770 404d6d 24 API calls 4768->4770 4770->4761 4771 404cda 4771->4722 4772 40490a SendMessageW 4771->4772 4772->4722 4773->4717 4774->4743 4775->4728 4776->4745 4777->4754 4778->4771 4779 401934 4780 402dcb 21 API calls 4779->4780 4781 40193b 4780->4781 4782 405ba1 MessageBoxIndirectW 4781->4782 4783 401944 4782->4783 4784 4028b6 4785 4028bd 4784->4785 4787 402bce 4784->4787 4786 402da9 21 API calls 4785->4786 4788 4028c4 4786->4788 4789 4028d3 SetFilePointer 4788->4789 4789->4787 4790 4028e3 4789->4790 4792 406488 wsprintfW 4790->4792 4792->4787 4793 401f37 4794 402dcb 21 API calls 4793->4794 4795 401f3d 4794->4795 4796 402dcb 21 API calls 4795->4796 4797 401f46 4796->4797 4798 402dcb 21 API calls 4797->4798 4799 401f4f 4798->4799 4800 402dcb 21 API calls 4799->4800 4801 401f58 4800->4801 4802 401423 28 API calls 4801->4802 4803 401f5f 4802->4803 4810 405b67 ShellExecuteExW 4803->4810 4805 401fa7 4806 4069e0 5 API calls 4805->4806 4807 402953 4805->4807 4808 401fc4 CloseHandle 4806->4808 4808->4807 4810->4805 4811 402fb8 4812 402fe3 4811->4812 4813 402fca SetTimer 4811->4813 4814 403038 4812->4814 4815 402ffd MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4812->4815 4813->4812 4815->4814 4816 4014b8 4817 4014be 4816->4817 4818 401389 2 API calls 4817->4818 4819 4014c6 4818->4819 3455 403b39 3456 403b51 3455->3456 3457 403b43 CloseHandle 3455->3457 3462 403b7e 3456->3462 3457->3456 3463 403b8c 3462->3463 3464 403b56 3463->3464 3465 403b91 FreeLibrary GlobalFree 3463->3465 3466 405c4d 3464->3466 3465->3464 3465->3465 3502 405f18 3466->3502 3469 405c75 DeleteFileW 3471 403b62 3469->3471 3470 405c8c 3473 405dac 3470->3473 3517 406541 lstrcpynW 3470->3517 3473->3471 3479 40689e 2 API calls 3473->3479 3474 405cb2 3475 405cc5 3474->3475 3476 405cb8 lstrcatW 3474->3476 3518 405e5c lstrlenW 3475->3518 3477 405ccb 3476->3477 3480 405cdb lstrcatW 3477->3480 3482 405ce6 lstrlenW FindFirstFileW 3477->3482 3481 405dd1 3479->3481 3480->3482 3481->3471 3483 405e10 3 API calls 3481->3483 3482->3473 3500 405d08 3482->3500 3484 405ddb 3483->3484 3486 405c05 5 API calls 3484->3486 3485 405d8f FindNextFileW 3488 405da5 FindClose 3485->3488 3485->3500 3489 405de7 3486->3489 3488->3473 3490 405e01 3489->3490 3491 405deb 3489->3491 3493 4055c6 28 API calls 3490->3493 3491->3471 3494 4055c6 28 API calls 3491->3494 3493->3471 3496 405df8 3494->3496 3495 405c4d 64 API calls 3495->3500 3497 406301 40 API calls 3496->3497 3497->3471 3498 4055c6 28 API calls 3498->3485 3499 4055c6 28 API calls 3499->3500 3500->3485 3500->3495 3500->3498 3500->3499 3522 406541 lstrcpynW 3500->3522 3523 405c05 3500->3523 3531 406301 MoveFileExW 3500->3531 3535 406541 lstrcpynW 3502->3535 3504 405f29 3505 405ebb 4 API calls 3504->3505 3506 405f2f 3505->3506 3507 405c6d 3506->3507 3508 4067ef 5 API calls 3506->3508 3507->3469 3507->3470 3509 405f3f 3508->3509 3509->3507 3515 405f56 3509->3515 3510 405f70 lstrlenW 3511 405f7b 3510->3511 3510->3515 3513 405e10 3 API calls 3511->3513 3512 40689e 2 API calls 3512->3515 3514 405f80 GetFileAttributesW 3513->3514 3514->3507 3515->3507 3515->3510 3515->3512 3516 405e5c 2 API calls 3515->3516 3516->3510 3517->3474 3519 405e6a 3518->3519 3520 405e70 CharPrevW 3519->3520 3521 405e7c 3519->3521 3520->3519 3520->3521 3521->3477 3522->3500 3524 40600c 2 API calls 3523->3524 3525 405c11 3524->3525 3526 405c32 3525->3526 3527 405c20 RemoveDirectoryW 3525->3527 3528 405c28 DeleteFileW 3525->3528 3526->3500 3529 405c2e 3527->3529 3528->3529 3529->3526 3530 405c3e SetFileAttributesW 3529->3530 3530->3526 3532 406322 3531->3532 3533 406315 3531->3533 3532->3500 3536 406187 3533->3536 3535->3504 3537 4061b7 3536->3537 3538 4061dd GetShortPathNameW 3536->3538 3563 406031 GetFileAttributesW CreateFileW 3537->3563 3540 4061f2 3538->3540 3541 4062fc 3538->3541 3540->3541 3542 4061fa wsprintfA 3540->3542 3541->3532 3544 40657e 21 API calls 3542->3544 3543 4061c1 CloseHandle GetShortPathNameW 3543->3541 3545 4061d5 3543->3545 3546 406222 3544->3546 3545->3538 3545->3541 3564 406031 GetFileAttributesW CreateFileW 3546->3564 3548 40622f 3548->3541 3549 40623e GetFileSize GlobalAlloc 3548->3549 3550 406260 3549->3550 3551 4062f5 CloseHandle 3549->3551 3552 4060b4 ReadFile 3550->3552 3551->3541 3553 406268 3552->3553 3553->3551 3565 405f96 lstrlenA 3553->3565 3556 406293 3558 405f96 4 API calls 3556->3558 3557 40627f lstrcpyA 3559 4062a1 3557->3559 3558->3559 3560 4062d8 SetFilePointer 3559->3560 3561 4060e3 WriteFile 3560->3561 3562 4062ee GlobalFree 3561->3562 3562->3551 3563->3543 3564->3548 3566 405fd7 lstrlenA 3565->3566 3567 405fb0 lstrcmpiA 3566->3567 3568 405fdf 3566->3568 3567->3568 3569 405fce CharNextA 3567->3569 3568->3556 3568->3557 3569->3566 4820 40553a 4821 40554a 4820->4821 4822 40555e 4820->4822 4823 405550 4821->4823 4824 4055a7 4821->4824 4825 405566 IsWindowVisible 4822->4825 4831 40557d 4822->4831 4827 40450c SendMessageW 4823->4827 4826 4055ac CallWindowProcW 4824->4826 4825->4824 4828 405573 4825->4828 4829 40555a 4826->4829 4827->4829 4830 404e7b 5 API calls 4828->4830 4830->4831 4831->4826 4832 404efb 4 API calls 4831->4832 4832->4824 4833 401d3c 4834 402da9 21 API calls 4833->4834 4835 401d42 IsWindow 4834->4835 4836 401a45 4835->4836

                                                                                  Executed Functions

                                                                                  Function 0040351C Relevance: 84.5, APIs: 33, Strings: 15, Instructions: 464stringfilecomCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 0 40351c-40356e SetErrorMode GetVersionExW 1 403570-4035a0 GetVersionExW 0->1 2 4035a8-4035ad 0->2 1->2 3 4035b5-4035f7 2->3 4 4035af 2->4 5 4035f9-403601 call 406935 3->5 6 40360a 3->6 4->3 5->6 11 403603 5->11 8 40360f-403623 call 4068c5 lstrlenA 6->8 13 403625-403641 call 406935 * 3 8->13 11->6 20 403652-4036b6 #17 OleInitialize SHGetFileInfoW call 406541 GetCommandLineW call 406541 13->20 21 403643-403649 13->21 28 4036b8-4036ba 20->28 29 4036bf-4036d3 call 405e3d CharNextW 20->29 21->20 25 40364b 21->25 25->20 28->29 32 4037ce-4037d4 29->32 33 4036d8-4036de 32->33 34 4037da 32->34 35 4036e0-4036e5 33->35 36 4036e7-4036ee 33->36 37 4037ee-403808 GetTempPathW call 4034eb 34->37 35->35 35->36 38 4036f0-4036f5 36->38 39 4036f6-4036fa 36->39 47 403860-40387a DeleteFileW call 4030a2 37->47 48 40380a-403828 GetWindowsDirectoryW lstrcatW call 4034eb 37->48 38->39 41 403700-403706 39->41 42 4037bb-4037ca call 405e3d 39->42 45 403720-403759 41->45 46 403708-40370f 41->46 42->32 56 4037cc-4037cd 42->56 53 403776-4037b0 45->53 54 40375b-403760 45->54 51 403711-403714 46->51 52 403716 46->52 63 403880-403886 47->63 64 403a67-403a77 ExitProcess CoUninitialize 47->64 48->47 67 40382a-40385a GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 4034eb 48->67 51->45 51->52 52->45 60 4037b2-4037b6 53->60 61 4037b8-4037ba 53->61 54->53 58 403762-40376a 54->58 56->32 65 403771 58->65 66 40376c-40376f 58->66 60->61 62 4037dc-4037e9 call 406541 60->62 61->42 62->37 71 40388c-403897 call 405e3d 63->71 72 40391f-403926 call 403c13 63->72 69 403a79-403a89 call 405ba1 ExitProcess 64->69 70 403a9d-403aa3 64->70 65->53 66->53 66->65 67->47 67->64 77 403b21-403b29 70->77 78 403aa5-403abb GetCurrentProcess OpenProcessToken 70->78 87 4038e5-4038ef 71->87 88 403899-4038ce 71->88 86 40392b-40392f 72->86 80 403b2b 77->80 81 403b2f-403b33 ExitProcess 77->81 84 403af1-403aff call 406935 78->84 85 403abd-403aeb LookupPrivilegeValueW AdjustTokenPrivileges 78->85 80->81 98 403b01-403b0b 84->98 99 403b0d-403b18 ExitWindowsEx 84->99 85->84 86->64 92 4038f1-4038ff call 405f18 87->92 93 403934-40395a call 405b0c lstrlenW call 406541 87->93 90 4038d0-4038d4 88->90 95 4038d6-4038db 90->95 96 4038dd-4038e1 90->96 92->64 104 403905-40391b call 406541 * 2 92->104 111 40396b-403983 93->111 112 40395c-403966 call 406541 93->112 95->96 102 4038e3 95->102 96->90 96->102 98->99 101 403b1a-403b1c call 40140b 98->101 99->77 99->101 101->77 102->87 104->72 114 403988-40398c 111->114 112->111 116 403991-4039bb wsprintfW call 40657e 114->116 120 4039c4 call 405aef 116->120 121 4039bd-4039c2 call 405a95 116->121 125 4039c9-4039cb 120->125 121->125 126 403a07-403a26 SetCurrentDirectoryW call 406301 CopyFileW 125->126 127 4039cd-4039d7 GetFileAttributesW 125->127 134 403a65 126->134 135 403a28-403a49 call 406301 call 40657e call 405b24 126->135 129 4039f8-403a03 127->129 130 4039d9-4039e2 DeleteFileW 127->130 129->114 131 403a05 129->131 130->129 133 4039e4-4039f6 call 405c4d 130->133 131->64 133->116 133->129 134->64 144 403a4b-403a55 135->144 145 403a8f-403a9b CloseHandle 135->145 144->134 146 403a57-403a5f call 40689e 144->146 145->134 146->116 146->134
                                                                                  APIs
                                                                                  • SetErrorMode.KERNELBASE ref: 0040353F
                                                                                  • GetVersionExW.KERNEL32(?,?,?,?,?,?,?,?), ref: 0040356A
                                                                                  • GetVersionExW.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 0040357D
                                                                                  • lstrlenA.KERNEL32(UXTHEME,UXTHEME,?,?,?,?,?,?,?,?), ref: 00403616
                                                                                  • #17.COMCTL32(?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403653
                                                                                  • OleInitialize.OLE32(00000000), ref: 0040365A
                                                                                  • SHGetFileInfoW.SHELL32(00420EC8,00000000,?,000002B4,00000000), ref: 00403679
                                                                                  • GetCommandLineW.KERNEL32(00428A20,NSIS Error,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040368E
                                                                                  • CharNextW.USER32(00000000,"C:\Users\user\Desktop\Confirm Me.exe",00000020,"C:\Users\user\Desktop\Confirm Me.exe",00000000,?,00000008,0000000A,0000000C), ref: 004036C7
                                                                                  • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00008001,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 004037FF
                                                                                  • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403810
                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040381C
                                                                                  • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403830
                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403838
                                                                                  • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403849
                                                                                  • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403851
                                                                                  • DeleteFileW.KERNELBASE(1033,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403865
                                                                                  • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Confirm Me.exe",00000000,?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040393E
                                                                                    • Part of subcall function 00406541: lstrcpynW.KERNEL32(?,?,00000400,0040368E,00428A20,NSIS Error,?,00000008,0000000A,0000000C), ref: 0040654E
                                                                                  • wsprintfW.USER32 ref: 0040399B
                                                                                  • GetFileAttributesW.KERNEL32(0042C800,C:\Users\user\AppData\Local\Temp\), ref: 004039CE
                                                                                  • DeleteFileW.KERNEL32(0042C800), ref: 004039DA
                                                                                  • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403A08
                                                                                    • Part of subcall function 00406301: MoveFileExW.KERNEL32(?,?,00000005,00405DFF,?,00000000,000000F1,?,?,?,?,?), ref: 0040630B
                                                                                  • CopyFileW.KERNEL32(00437800,0042C800,00000001,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403A1E
                                                                                    • Part of subcall function 00405B24: CreateProcessW.KERNELBASE(00000000,0042C800,00000000,00000000,00000000,04000000,00000000,00000000,00425F10,?,?,?,0042C800,?), ref: 00405B4D
                                                                                    • Part of subcall function 00405B24: CloseHandle.KERNEL32(?,?,?,0042C800,?), ref: 00405B5A
                                                                                    • Part of subcall function 0040689E: FindFirstFileW.KERNEL32(75923420,00425F58,00425710,00405F61,00425710,00425710,00000000,00425710,00425710,75923420,?,C:\Users\user\AppData\Local\Temp\,00405C6D,?,75923420,C:\Users\user\AppData\Local\Temp\), ref: 004068A9
                                                                                    • Part of subcall function 0040689E: FindClose.KERNEL32(00000000), ref: 004068B5
                                                                                  • ExitProcess.KERNEL32(?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403A67
                                                                                  • CoUninitialize.COMBASE(?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403A6C
                                                                                  • ExitProcess.KERNEL32 ref: 00403A89
                                                                                  • CloseHandle.KERNEL32(00000000,0042D000,0042D000,?,0042C800,00000000), ref: 00403A90
                                                                                  • GetCurrentProcess.KERNEL32(00000028,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403AAC
                                                                                  • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?), ref: 00403AB3
                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403AC8
                                                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 00403AEB
                                                                                  • ExitWindowsEx.USER32(00000002,80040002), ref: 00403B10
                                                                                  • ExitProcess.KERNEL32 ref: 00403B33
                                                                                    • Part of subcall function 00405AEF: CreateDirectoryW.KERNELBASE(?,00000000,0040350F,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403806,?,00000008,0000000A,0000000C), ref: 00405AF5
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: File$Process$Exit$CloseDirectory$CreateCurrentDeleteEnvironmentFindHandlePathTempTokenVariableVersionWindowslstrcatlstrlen$AdjustAttributesCharCommandCopyErrorFirstInfoInitializeLineLookupModeMoveNextOpenPrivilegePrivilegesUninitializeValuelstrcpynwsprintf
                                                                                  • String ID: "C:\Users\user\Desktop\Confirm Me.exe"$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\InstallerPDW$C:\Users\user\AppData\Roaming\InstallerPDW$C:\Users\user\Desktop$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu%X.tmp
                                                                                  • API String ID: 2017177436-3050282492
                                                                                  • Opcode ID: 9f65d0021fa33c3354d42538bbc8dc08c63897f5b3407e021a3db38cc4d3dfe0
                                                                                  • Instruction ID: b6c3ecddbcec298392be70143bc2b9781a35be0696dc4cb4866b7eddd329dddd
                                                                                  • Opcode Fuzzy Hash: 9f65d0021fa33c3354d42538bbc8dc08c63897f5b3407e021a3db38cc4d3dfe0
                                                                                  • Instruction Fuzzy Hash: A9F12370604311ABD720AF659D05B2B7EE8EF8570AF10483EF481B22D1DB7D9A45CB6E
                                                                                  Function 00406C5F Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 493 406c5f-406c64 494 406cd5-406cf3 493->494 495 406c66-406c95 493->495 496 4072cb-4072e0 494->496 497 406c97-406c9a 495->497 498 406c9c-406ca0 495->498 501 4072e2-4072f8 496->501 502 4072fa-407310 496->502 503 406cac-406caf 497->503 499 406ca2-406ca6 498->499 500 406ca8 498->500 499->503 500->503 506 407313-40731a 501->506 502->506 504 406cb1-406cba 503->504 505 406ccd-406cd0 503->505 507 406cbc 504->507 508 406cbf-406ccb 504->508 509 406ea2-406ec0 505->509 510 407341-40734d 506->510 511 40731c-407320 506->511 507->508 514 406d35-406d63 508->514 512 406ec2-406ed6 509->512 513 406ed8-406eea 509->513 519 406ae3-406aec 510->519 515 407326-40733e 511->515 516 4074cf-4074d9 511->516 518 406eed-406ef7 512->518 513->518 520 406d65-406d7d 514->520 521 406d7f-406d99 514->521 515->510 522 4074e5-4074f8 516->522 524 406ef9 518->524 525 406e9a-406ea0 518->525 526 406af2 519->526 527 4074fa 519->527 528 406d9c-406da6 520->528 521->528 523 4074fd-407501 522->523 547 407481-40748b 524->547 548 406e7f-406e97 524->548 525->509 536 406e3e-406e48 525->536 532 406af9-406afd 526->532 533 406c39-406c5a 526->533 534 406b9e-406ba2 526->534 535 406c0e-406c12 526->535 527->523 529 406dac 528->529 530 406d1d-406d23 528->530 553 406d02-406d1a 529->553 554 407469-407473 529->554 543 406dd6-406ddc 530->543 544 406d29-406d2f 530->544 532->522 540 406b03-406b10 532->540 533->496 538 406ba8-406bc1 534->538 539 40744e-407458 534->539 541 406c18-406c2c 535->541 542 40745d-407467 535->542 545 40748d-407497 536->545 546 406e4e-407017 536->546 549 406bc4-406bc8 538->549 539->522 540->527 552 406b16-406b5c 540->552 555 406c2f-406c37 541->555 542->522 550 406e3a 543->550 551 406dde-406dfc 543->551 544->514 544->550 545->522 546->519 547->522 548->525 549->534 557 406bca-406bd0 549->557 550->536 558 406e14-406e26 551->558 559 406dfe-406e12 551->559 560 406b84-406b86 552->560 561 406b5e-406b62 552->561 553->530 554->522 555->533 555->535 562 406bd2-406bd9 557->562 563 406bfa-406c0c 557->563 564 406e29-406e33 558->564 559->564 567 406b94-406b9c 560->567 568 406b88-406b92 560->568 565 406b64-406b67 GlobalFree 561->565 566 406b6d-406b7b GlobalAlloc 561->566 569 406be4-406bf4 GlobalAlloc 562->569 570 406bdb-406bde GlobalFree 562->570 563->555 564->543 571 406e35 564->571 565->566 566->527 572 406b81 566->572 567->549 568->567 568->568 569->527 569->563 570->569 574 407475-40747f 571->574 575 406dbb-406dd3 571->575 572->560 574->522 575->543
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c61fa70d481ae7decb37dc56cf27f7a4c6ea5b826eb98dd3ad332090416f9cd2
                                                                                  • Instruction ID: db5d81fcbfa5be4a2d8af1487b95e9640f9c883cb1993a3fcb30b22963867ec5
                                                                                  • Opcode Fuzzy Hash: c61fa70d481ae7decb37dc56cf27f7a4c6ea5b826eb98dd3ad332090416f9cd2
                                                                                  • Instruction Fuzzy Hash: 87F17871D04229CBDF28CFA8C8946ADBBB0FF44305F25816ED456BB281D7786A86CF45
                                                                                  Function 00403C13 Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 149 403c13-403c2b call 406935 152 403c2d-403c3d call 406488 149->152 153 403c3f-403c76 call 40640f 149->153 162 403c99-403cc2 call 403ee9 call 405f18 152->162 158 403c78-403c89 call 40640f 153->158 159 403c8e-403c94 lstrcatW 153->159 158->159 159->162 167 403d54-403d5c call 405f18 162->167 168 403cc8-403ccd 162->168 174 403d6a-403d8f LoadImageW 167->174 175 403d5e-403d65 call 40657e 167->175 168->167 170 403cd3-403cfb call 40640f 168->170 170->167 176 403cfd-403d01 170->176 178 403e10-403e18 call 40140b 174->178 179 403d91-403dc1 RegisterClassW 174->179 175->174 180 403d13-403d1f lstrlenW 176->180 181 403d03-403d10 call 405e3d 176->181 192 403e22-403e2d call 403ee9 178->192 193 403e1a-403e1d 178->193 182 403dc7-403e0b SystemParametersInfoW CreateWindowExW 179->182 183 403edf 179->183 187 403d21-403d2f lstrcmpiW 180->187 188 403d47-403d4f call 405e10 call 406541 180->188 181->180 182->178 186 403ee1-403ee8 183->186 187->188 191 403d31-403d3b GetFileAttributesW 187->191 188->167 195 403d41-403d42 call 405e5c 191->195 196 403d3d-403d3f 191->196 202 403e33-403e4d ShowWindow call 4068c5 192->202 203 403eb6-403ebe call 405699 192->203 193->186 195->188 196->188 196->195 208 403e59-403e6b GetClassInfoW 202->208 209 403e4f-403e54 call 4068c5 202->209 210 403ec0-403ec6 203->210 211 403ed8-403eda call 40140b 203->211 214 403e83-403eb4 DialogBoxParamW call 40140b call 403b63 208->214 215 403e6d-403e7d GetClassInfoW RegisterClassW 208->215 209->208 210->193 216 403ecc-403ed3 call 40140b 210->216 211->183 214->186 215->214 216->193
                                                                                  APIs
                                                                                    • Part of subcall function 00406935: GetModuleHandleA.KERNEL32(?,00000020,?,0040362C,0000000C,?,?,?,?,?,?,?,?), ref: 00406947
                                                                                    • Part of subcall function 00406935: GetProcAddress.KERNEL32(00000000,?), ref: 00406962
                                                                                  • lstrcatW.KERNEL32(1033,00422F08,80000001,Control Panel\Desktop\ResourceLocale,00000000,00422F08,00000000,00000002,75923420,C:\Users\user\AppData\Local\Temp\,00000000,"C:\Users\user\Desktop\Confirm Me.exe",00008001), ref: 00403C94
                                                                                  • lstrlenW.KERNEL32(C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,?,?,?,C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,00000000,C:\Users\user\AppData\Roaming\InstallerPDW,1033,00422F08,80000001,Control Panel\Desktop\ResourceLocale,00000000,00422F08,00000000,00000002,75923420), ref: 00403D14
                                                                                  • lstrcmpiW.KERNEL32(?,.exe,C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,?,?,?,C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,00000000,C:\Users\user\AppData\Roaming\InstallerPDW,1033,00422F08,80000001,Control Panel\Desktop\ResourceLocale,00000000,00422F08,00000000), ref: 00403D27
                                                                                  • GetFileAttributesW.KERNEL32(C:\Users\user\AppData\Roaming\InstallerPDW\install.exe), ref: 00403D32
                                                                                  • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Roaming\InstallerPDW), ref: 00403D7B
                                                                                    • Part of subcall function 00406488: wsprintfW.USER32 ref: 00406495
                                                                                  • RegisterClassW.USER32(004289C0), ref: 00403DB8
                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403DD0
                                                                                  • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403E05
                                                                                  • ShowWindow.USER32(00000005,00000000), ref: 00403E3B
                                                                                  • GetClassInfoW.USER32(00000000,RichEdit20W,004289C0), ref: 00403E67
                                                                                  • GetClassInfoW.USER32(00000000,RichEdit,004289C0), ref: 00403E74
                                                                                  • RegisterClassW.USER32(004289C0), ref: 00403E7D
                                                                                  • DialogBoxParamW.USER32(?,00000000,00403FC1,00000000), ref: 00403E9C
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                  • String ID: "C:\Users\user\Desktop\Confirm Me.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\InstallerPDW$C:\Users\user\AppData\Roaming\InstallerPDW\install.exe$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                  • API String ID: 1975747703-3379220984
                                                                                  • Opcode ID: 5037b0ac7b0afaf53c36cfd73c50730ff94dd9e4d82060fed1f88605cc91a9c7
                                                                                  • Instruction ID: 5b9c441e0465166458f669e0e2db1e5d0b29f952519833dd96bf398df7fa21fd
                                                                                  • Opcode Fuzzy Hash: 5037b0ac7b0afaf53c36cfd73c50730ff94dd9e4d82060fed1f88605cc91a9c7
                                                                                  • Instruction Fuzzy Hash: E661D570600300BAD620AF66DD46F3B3A7CEB84B49F81453FF941B61E2CB795952CA6D
                                                                                  Function 004030A2 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 181memoryCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 223 4030a2-4030f0 GetTickCount GetModuleFileNameW call 406031 226 4030f2-4030f7 223->226 227 4030fc-40312a call 406541 call 405e5c call 406541 GetFileSize 223->227 228 4032d2-4032d6 226->228 235 403130 227->235 236 403215-403223 call 40303e 227->236 238 403135-40314c 235->238 242 403225-403228 236->242 243 403278-40327d 236->243 240 403150-403159 call 4034be 238->240 241 40314e 238->241 249 40327f-403287 call 40303e 240->249 250 40315f-403166 240->250 241->240 245 40322a-403242 call 4034d4 call 4034be 242->245 246 40324c-403276 GlobalAlloc call 4034d4 call 4032d9 242->246 243->228 245->243 273 403244-40324a 245->273 246->243 271 403289-40329a 246->271 249->243 255 4031e2-4031e6 250->255 256 403168-40317c call 405fec 250->256 260 4031f0-4031f6 255->260 261 4031e8-4031ef call 40303e 255->261 256->260 270 40317e-403185 256->270 267 403205-40320d 260->267 268 4031f8-403202 call 406a22 260->268 261->260 267->238 272 403213 267->272 268->267 270->260 276 403187-40318e 270->276 277 4032a2-4032a7 271->277 278 40329c 271->278 272->236 273->243 273->246 276->260 279 403190-403197 276->279 280 4032a8-4032ae 277->280 278->277 279->260 281 403199-4031a0 279->281 280->280 282 4032b0-4032cb SetFilePointer call 405fec 280->282 281->260 283 4031a2-4031c2 281->283 286 4032d0 282->286 283->243 285 4031c8-4031cc 283->285 287 4031d4-4031dc 285->287 288 4031ce-4031d2 285->288 286->228 287->260 289 4031de-4031e0 287->289 288->272 288->287 289->260
                                                                                  APIs
                                                                                  • GetTickCount.KERNEL32 ref: 004030B3
                                                                                  • GetModuleFileNameW.KERNEL32(00000000,00437800,00000400), ref: 004030CF
                                                                                    • Part of subcall function 00406031: GetFileAttributesW.KERNELBASE(00000003,004030E2,00437800,80000000,00000003), ref: 00406035
                                                                                    • Part of subcall function 00406031: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00406057
                                                                                  • GetFileSize.KERNEL32(00000000,00000000,00438000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,00437800,00437800,80000000,00000003), ref: 0040311B
                                                                                  • GlobalAlloc.KERNELBASE(00000040,?), ref: 00403251
                                                                                  Strings
                                                                                  • Null, xrefs: 00403199
                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 004030A9
                                                                                  • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 00403278
                                                                                  • soft, xrefs: 00403190
                                                                                  • "C:\Users\user\Desktop\Confirm Me.exe", xrefs: 004030A8
                                                                                  • Inst, xrefs: 00403187
                                                                                  • C:\Users\user\Desktop, xrefs: 004030FD, 00403102, 00403108
                                                                                  • Error launching installer, xrefs: 004030F2
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                  • String ID: "C:\Users\user\Desktop\Confirm Me.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                  • API String ID: 2803837635-3515187353
                                                                                  • Opcode ID: f6f149303cde104692999693530b98443d3dd0b2c967e283c98aa5a581eac7be
                                                                                  • Instruction ID: 0f45a59523ef10b9f6d61eaf83b2f91e1f12d324a613ce28672a4e7bf9d48b30
                                                                                  • Opcode Fuzzy Hash: f6f149303cde104692999693530b98443d3dd0b2c967e283c98aa5a581eac7be
                                                                                  • Instruction Fuzzy Hash: 7B51B071A01304AFDB209F65DD86B9E7FACAB08356F20417BF504B62D1CB789E818B5D
                                                                                  Function 0040657E Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 204stringCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 290 40657e-406587 291 406589-406598 290->291 292 40659a-4065b4 290->292 291->292 293 4067c4-4067ca 292->293 294 4065ba-4065c6 292->294 296 4067d0-4067dd 293->296 297 4065d8-4065e5 293->297 294->293 295 4065cc-4065d3 294->295 295->293 299 4067e9-4067ec 296->299 300 4067df-4067e4 call 406541 296->300 297->296 298 4065eb-4065f4 297->298 301 4067b1 298->301 302 4065fa-40663d 298->302 300->299 304 4067b3-4067bd 301->304 305 4067bf-4067c2 301->305 306 406643-40664f 302->306 307 406755-406759 302->307 304->293 305->293 308 406651 306->308 309 406659-40665b 306->309 310 40675b-406762 307->310 311 40678d-406791 307->311 308->309 314 406695-406698 309->314 315 40665d-406683 call 40640f 309->315 312 406772-40677e call 406541 310->312 313 406764-406770 call 406488 310->313 316 4067a1-4067af lstrlenW 311->316 317 406793-40679c call 40657e 311->317 328 406783-406789 312->328 313->328 321 40669a-4066a6 GetSystemDirectoryW 314->321 322 4066ab-4066ae 314->322 331 406689-406690 call 40657e 315->331 332 40673d-406740 315->332 316->293 317->316 329 406738-40673b 321->329 324 4066c0-4066c4 322->324 325 4066b0-4066bc GetWindowsDirectoryW 322->325 324->329 330 4066c6-4066e4 324->330 325->324 328->316 333 40678b 328->333 329->332 334 40674d-406753 call 4067ef 329->334 337 4066e6-4066ec 330->337 338 4066f8-406710 call 406935 330->338 331->329 332->334 335 406742-406748 lstrcatW 332->335 333->334 334->316 335->334 343 4066f4-4066f6 337->343 347 406712-406725 SHGetPathFromIDListW CoTaskMemFree 338->347 348 406727-406730 338->348 343->338 345 406732-406736 343->345 345->329 347->345 347->348 348->330 348->345
                                                                                  APIs
                                                                                  • GetSystemDirectoryW.KERNEL32(C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,00000400), ref: 004066A0
                                                                                  • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,00000400,00000000,00421EE8,?,?,00000000,00000000,00418EC0,00000000), ref: 004066B6
                                                                                  • SHGetPathFromIDListW.SHELL32(00000000,C:\Users\user\AppData\Roaming\InstallerPDW\install.exe), ref: 00406714
                                                                                  • CoTaskMemFree.OLE32(00000000,?,00000000,00000007), ref: 0040671D
                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,\Microsoft\Internet Explorer\Quick Launch,00000000,00421EE8,?,?,00000000,00000000,00418EC0,00000000), ref: 00406748
                                                                                  • lstrlenW.KERNEL32(C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,00000000,00421EE8,?,?,00000000,00000000,00418EC0,00000000), ref: 004067A2
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: Directory$FreeFromListPathSystemTaskWindowslstrcatlstrlen
                                                                                  • String ID: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                  • API String ID: 4024019347-3303194555
                                                                                  • Opcode ID: 14c9f03641932d7153c154bb414b77852189b75d1473d82c894b9adbe9647435
                                                                                  • Instruction ID: 9d84e59ac7151f7caf92dcd2fae633819e279481621c74ff0a59597acd22528a
                                                                                  • Opcode Fuzzy Hash: 14c9f03641932d7153c154bb414b77852189b75d1473d82c894b9adbe9647435
                                                                                  • Instruction Fuzzy Hash: 46612471A047119BD7209F28DC80B7A77E4AF58328F65053FF686B32D0DA3C89A5875E
                                                                                  Function 00401794 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 349 401794-4017b9 call 402dcb call 405e87 354 4017c3-4017d5 call 406541 call 405e10 lstrcatW 349->354 355 4017bb-4017c1 call 406541 349->355 361 4017da-4017db call 4067ef 354->361 355->361 364 4017e0-4017e4 361->364 365 4017e6-4017f0 call 40689e 364->365 366 401817-40181a 364->366 374 401802-401814 365->374 375 4017f2-401800 CompareFileTime 365->375 368 401822-40183e call 406031 366->368 369 40181c-40181d call 40600c 366->369 376 401840-401843 368->376 377 4018b2-4018db call 4055c6 call 4032d9 368->377 369->368 374->366 375->374 378 401894-40189e call 4055c6 376->378 379 401845-401883 call 406541 * 2 call 40657e call 406541 call 405ba1 376->379 391 4018e3-4018ef SetFileTime 377->391 392 4018dd-4018e1 377->392 389 4018a7-4018ad 378->389 379->364 412 401889-40188a 379->412 393 402c58 389->393 395 4018f5-401900 CloseHandle 391->395 392->391 392->395 397 402c5a-402c5e 393->397 398 401906-401909 395->398 399 402c4f-402c52 395->399 401 40190b-40191c call 40657e lstrcatW 398->401 402 40191e-401921 call 40657e 398->402 399->393 407 401926-4023c7 call 405ba1 401->407 402->407 407->397 415 402953-40295a 407->415 412->389 414 40188c-40188d 412->414 414->378 415->399
                                                                                  APIs
                                                                                  • lstrcatW.KERNEL32(00000000,00000000,C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,C:\Users\user\AppData\Roaming\InstallerPDW,?,?,00000031), ref: 004017D5
                                                                                  • CompareFileTime.KERNEL32(-00000014,?,C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,00000000,00000000,C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,C:\Users\user\AppData\Roaming\InstallerPDW,?,?,00000031), ref: 004017FA
                                                                                    • Part of subcall function 00406541: lstrcpynW.KERNEL32(?,?,00000400,0040368E,00428A20,NSIS Error,?,00000008,0000000A,0000000C), ref: 0040654E
                                                                                    • Part of subcall function 004055C6: lstrlenW.KERNEL32(00421EE8,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,00403412,00000000,?), ref: 004055FE
                                                                                    • Part of subcall function 004055C6: lstrlenW.KERNEL32(00403412,00421EE8,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,00403412,00000000), ref: 0040560E
                                                                                    • Part of subcall function 004055C6: lstrcatW.KERNEL32(00421EE8,00403412,00403412,00421EE8,00000000,00418EC0,00000000), ref: 00405621
                                                                                    • Part of subcall function 004055C6: SetWindowTextW.USER32(00421EE8,00421EE8), ref: 00405633
                                                                                    • Part of subcall function 004055C6: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405659
                                                                                    • Part of subcall function 004055C6: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405673
                                                                                    • Part of subcall function 004055C6: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405681
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                  • String ID: C:\Users\user\AppData\Roaming\InstallerPDW$C:\Users\user\AppData\Roaming\InstallerPDW$C:\Users\user\AppData\Roaming\InstallerPDW\install.exe
                                                                                  • API String ID: 1941528284-34621816
                                                                                  • Opcode ID: b5c9de8d8c973790bb063ac1906df9c73b5cc822e409ceab015e7b2e817133de
                                                                                  • Instruction ID: 43cdcdb3dd666cfde73f7e2270c9ebc879cf542ec353fd5a36f292582218c0dc
                                                                                  • Opcode Fuzzy Hash: b5c9de8d8c973790bb063ac1906df9c73b5cc822e409ceab015e7b2e817133de
                                                                                  • Instruction Fuzzy Hash: 0141B431910604BACB117BA9DD86DBE3AB5EF45329F21427FF412B10E1CB3C8A91966D
                                                                                  Function 004032D9 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 416 4032d9-4032f0 417 4032f2 416->417 418 4032f9-403301 416->418 417->418 419 403303 418->419 420 403308-40330d 418->420 419->420 421 40331d-40332a call 4034be 420->421 422 40330f-403318 call 4034d4 420->422 426 403330-403334 421->426 427 403475 421->427 422->421 428 40333a-40335a GetTickCount call 406a90 426->428 429 40345e-403460 426->429 430 403477-403478 427->430 440 4034b4 428->440 442 403360-403368 428->442 431 403462-403465 429->431 432 4034a9-4034ad 429->432 434 4034b7-4034bb 430->434 435 403467 431->435 436 40346a-403473 call 4034be 431->436 437 40347a-403480 432->437 438 4034af 432->438 435->436 436->427 449 4034b1 436->449 443 403482 437->443 444 403485-403493 call 4034be 437->444 438->440 440->434 446 40336a 442->446 447 40336d-40337b call 4034be 442->447 443->444 444->427 453 403495-40349a call 4060e3 444->453 446->447 447->427 454 403381-40338a 447->454 449->440 456 40349f-4034a1 453->456 457 403390-4033ad call 406ab0 454->457 458 4034a3-4034a6 456->458 459 40345a-40345c 456->459 462 4033b3-4033ca GetTickCount 457->462 463 403456-403458 457->463 458->432 459->430 464 403415-403417 462->464 465 4033cc-4033d4 462->465 463->430 468 403419-40341d 464->468 469 40344a-40344e 464->469 466 4033d6-4033da 465->466 467 4033dc-403412 MulDiv wsprintfW call 4055c6 465->467 466->464 466->467 467->464 471 403432-403438 468->471 472 40341f-403424 call 4060e3 468->472 469->442 473 403454 469->473 476 40343e-403442 471->476 477 403429-40342b 472->477 473->440 476->457 478 403448 476->478 477->459 479 40342d-403430 477->479 478->440 479->476
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: CountTick$wsprintf
                                                                                  • String ID: ... %d%%
                                                                                  • API String ID: 551687249-2449383134
                                                                                  • Opcode ID: e7fa7c67b3f0a3124cb3a29f9b55057277156487209fd06c273e2d2da92cacc6
                                                                                  • Instruction ID: 37f968fffa50e4a1d2003f203ee40286d056d648d4267fa9fd8a089c231f80ea
                                                                                  • Opcode Fuzzy Hash: e7fa7c67b3f0a3124cb3a29f9b55057277156487209fd06c273e2d2da92cacc6
                                                                                  • Instruction Fuzzy Hash: 39517E71900219EBCB11DF65D944BAF3FA8AF40766F14417BF804BB2C1D7789E408BA9
                                                                                  Function 004068C5 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36libraryCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 480 4068c5-4068e5 GetSystemDirectoryW 481 4068e7 480->481 482 4068e9-4068eb 480->482 481->482 483 4068fc-4068fe 482->483 484 4068ed-4068f6 482->484 486 4068ff-406932 wsprintfW LoadLibraryExW 483->486 484->483 485 4068f8-4068fa 484->485 485->486
                                                                                  APIs
                                                                                  • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068DC
                                                                                  • wsprintfW.USER32 ref: 00406917
                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 0040692B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                  • String ID: %s%S.dll$UXTHEME
                                                                                  • API String ID: 2200240437-1106614640
                                                                                  • Opcode ID: 7a73cbb44207cafadb11ab8eaaa41fd963bfa172cfc882b2dd9c54e233860d96
                                                                                  • Instruction ID: 5a11031caceee5166790be9fdf4905626ac305c011281564bfcfed8699633c36
                                                                                  • Opcode Fuzzy Hash: 7a73cbb44207cafadb11ab8eaaa41fd963bfa172cfc882b2dd9c54e233860d96
                                                                                  • Instruction Fuzzy Hash: 4FF0FC31501219A6CF10BB68DD0DF9B375C9B00304F10847EA546F10E0EB78D768C798
                                                                                  Function 00406060 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 487 406060-40606c 488 40606d-4060a1 GetTickCount GetTempFileNameW 487->488 489 4060b0-4060b2 488->489 490 4060a3-4060a5 488->490 492 4060aa-4060ad 489->492 490->488 491 4060a7 490->491 491->492
                                                                                  APIs
                                                                                  • GetTickCount.KERNEL32 ref: 0040607E
                                                                                  • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,0040351A,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403806), ref: 00406099
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: CountFileNameTempTick
                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                  • API String ID: 1716503409-44229769
                                                                                  • Opcode ID: 017de5c5da22b1c6cf72d7a8a287ef2c48f88e3ac937424cf3c6df762bd8e462
                                                                                  • Instruction ID: 6ac4114a0c6328616d68196ae331b9967fc339ed7b26ce04d623ba2336a1d7a6
                                                                                  • Opcode Fuzzy Hash: 017de5c5da22b1c6cf72d7a8a287ef2c48f88e3ac937424cf3c6df762bd8e462
                                                                                  • Instruction Fuzzy Hash: D4F09076B40204BBEB00CF69ED05F9FB7ACEB95750F11803AFA01F7180E6B099548768
                                                                                  Function 004015E6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 576 4015e6-4015fa call 402dcb call 405ebb 581 401656-401659 576->581 582 4015fc-40160f call 405e3d 576->582 584 401688-40231b call 401423 581->584 585 40165b-40167a call 401423 call 406541 SetCurrentDirectoryW 581->585 590 401611-401614 582->590 591 401629-40162c call 405aef 582->591 600 402c4f-402c5e 584->600 585->600 602 401680-401683 585->602 590->591 596 401616-40161d call 405b0c 590->596 599 401631-401633 591->599 596->591 606 40161f-401627 call 405a95 596->606 603 401635-40163a 599->603 604 40164c-401654 599->604 602->600 607 401649 603->607 608 40163c-401647 GetFileAttributesW 603->608 604->581 604->582 606->599 607->604 608->604 608->607
                                                                                  APIs
                                                                                    • Part of subcall function 00405EBB: CharNextW.USER32(?,?,00425710,?,00405F2F,00425710,00425710,75923420,?,C:\Users\user\AppData\Local\Temp\,00405C6D,?,75923420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Confirm Me.exe"), ref: 00405EC9
                                                                                    • Part of subcall function 00405EBB: CharNextW.USER32(00000000), ref: 00405ECE
                                                                                    • Part of subcall function 00405EBB: CharNextW.USER32(00000000), ref: 00405EE6
                                                                                  • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040163F
                                                                                    • Part of subcall function 00405A95: CreateDirectoryW.KERNEL32(0042C800,?), ref: 00405AD7
                                                                                  • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Roaming\InstallerPDW,?,00000000,000000F0), ref: 00401672
                                                                                  Strings
                                                                                  • C:\Users\user\AppData\Roaming\InstallerPDW, xrefs: 00401665
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                  • String ID: C:\Users\user\AppData\Roaming\InstallerPDW
                                                                                  • API String ID: 1892508949-2836118411
                                                                                  • Opcode ID: c36ccd13c9a283ca8d795bfad3eca716141a8b7893b4bace7a93f3399a62e58a
                                                                                  • Instruction ID: 707209c2395922376f9f001c82b8f9212c950a3f0646f554414056ec45e3a30b
                                                                                  • Opcode Fuzzy Hash: c36ccd13c9a283ca8d795bfad3eca716141a8b7893b4bace7a93f3399a62e58a
                                                                                  • Instruction Fuzzy Hash: DC11B231504514EBDF206FA5CD415AF36B0EF14368B25493FE942B22F1D63E4A81DA9D
                                                                                  Function 00407094 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 612 407094-40709a 613 40709c-40709e 612->613 614 40709f-4070bd 612->614 613->614 615 407390-40739d 614->615 616 4072cb-4072e0 614->616 617 4073c7-4073cb 615->617 618 4072e2-4072f8 616->618 619 4072fa-407310 616->619 620 40742b-40743e 617->620 621 4073cd-4073ee 617->621 622 407313-40731a 618->622 619->622 623 407347-40734d 620->623 624 4073f0-407405 621->624 625 407407-40741a 621->625 626 407341 622->626 627 40731c-407320 622->627 632 406af2 623->632 633 4074fa 623->633 628 40741d-407424 624->628 625->628 626->623 629 407326-40733e 627->629 630 4074cf-4074d9 627->630 634 4073c4 628->634 635 407426 628->635 629->626 636 4074e5-4074f8 630->636 638 406af9-406afd 632->638 639 406c39-406c5a 632->639 640 406b9e-406ba2 632->640 641 406c0e-406c12 632->641 637 4074fd-407501 633->637 634->617 645 4073a9-4073c1 635->645 646 4074db 635->646 636->637 638->636 647 406b03-406b10 638->647 639->616 643 406ba8-406bc1 640->643 644 40744e-407458 640->644 648 406c18-406c2c 641->648 649 40745d-407467 641->649 650 406bc4-406bc8 643->650 644->636 645->634 646->636 647->633 651 406b16-406b5c 647->651 652 406c2f-406c37 648->652 649->636 650->640 653 406bca-406bd0 650->653 654 406b84-406b86 651->654 655 406b5e-406b62 651->655 652->639 652->641 656 406bd2-406bd9 653->656 657 406bfa-406c0c 653->657 660 406b94-406b9c 654->660 661 406b88-406b92 654->661 658 406b64-406b67 GlobalFree 655->658 659 406b6d-406b7b GlobalAlloc 655->659 662 406be4-406bf4 GlobalAlloc 656->662 663 406bdb-406bde GlobalFree 656->663 657->652 658->659 659->633 664 406b81 659->664 660->650 661->660 661->661 662->633 662->657 663->662 664->654
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2ff22e2e2fe9ce3de78e7ddd3335664d820a6fec416f6b591a6c72a947d9530d
                                                                                  • Instruction ID: 57bf2fd90c69a3a2134d3ca1d9604f9a54cf20ddad3feead76618616929b2f58
                                                                                  • Opcode Fuzzy Hash: 2ff22e2e2fe9ce3de78e7ddd3335664d820a6fec416f6b591a6c72a947d9530d
                                                                                  • Instruction Fuzzy Hash: 17A15471E04229CBDF28CFA8C8546ADBBB1FF44305F10846ED816BB281D7786A86DF45
                                                                                  Function 00407295 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 665 407295-407299 666 4072bb-4072c8 665->666 667 40729b-40739d 665->667 669 4072cb-4072e0 666->669 675 4073c7-4073cb 667->675 670 4072e2-4072f8 669->670 671 4072fa-407310 669->671 674 407313-40731a 670->674 671->674 676 407341 674->676 677 40731c-407320 674->677 678 40742b-40743e 675->678 679 4073cd-4073ee 675->679 682 407347-40734d 676->682 680 407326-40733e 677->680 681 4074cf-4074d9 677->681 678->682 683 4073f0-407405 679->683 684 407407-40741a 679->684 680->676 686 4074e5-4074f8 681->686 688 406af2 682->688 689 4074fa 682->689 690 40741d-407424 683->690 684->690 687 4074fd-407501 686->687 691 406af9-406afd 688->691 692 406c39-406c5a 688->692 693 406b9e-406ba2 688->693 694 406c0e-406c12 688->694 689->687 695 4073c4 690->695 696 407426 690->696 691->686 699 406b03-406b10 691->699 692->669 697 406ba8-406bc1 693->697 698 40744e-407458 693->698 700 406c18-406c2c 694->700 701 40745d-407467 694->701 695->675 704 4073a9-4073c1 696->704 705 4074db 696->705 703 406bc4-406bc8 697->703 698->686 699->689 706 406b16-406b5c 699->706 707 406c2f-406c37 700->707 701->686 703->693 708 406bca-406bd0 703->708 704->695 705->686 709 406b84-406b86 706->709 710 406b5e-406b62 706->710 707->692 707->694 711 406bd2-406bd9 708->711 712 406bfa-406c0c 708->712 715 406b94-406b9c 709->715 716 406b88-406b92 709->716 713 406b64-406b67 GlobalFree 710->713 714 406b6d-406b7b GlobalAlloc 710->714 717 406be4-406bf4 GlobalAlloc 711->717 718 406bdb-406bde GlobalFree 711->718 712->707 713->714 714->689 719 406b81 714->719 715->703 716->715 716->716 717->689 717->712 718->717 719->709
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0bdb7e84a84856003d11171116f50dfbd9bb9a779b2e7a3e4899fdc47cedc848
                                                                                  • Instruction ID: 6b1c66eb9f97b1ade68f1d395623a9ed29f1776dbc94043a645b3c6b65beda35
                                                                                  • Opcode Fuzzy Hash: 0bdb7e84a84856003d11171116f50dfbd9bb9a779b2e7a3e4899fdc47cedc848
                                                                                  • Instruction Fuzzy Hash: C5912270E04228CBDF28CF98C854BADBBB1FF44305F14816AD856BB281D778A986DF45
                                                                                  Function 00406FAB Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 720 406fab-406faf 721 406fb5-406fb9 720->721 722 407066-407078 720->722 723 4074fa 721->723 724 406fbf-406fd3 721->724 731 4072cb-4072e0 722->731 728 4074fd-407501 723->728 725 407499-4074a3 724->725 726 406fd9-406fe2 724->726 732 4074e5-4074f8 725->732 729 406fe4 726->729 730 406fe7-407017 726->730 729->730 736 406ae3-406aec 730->736 733 4072e2-4072f8 731->733 734 4072fa-407310 731->734 732->728 737 407313-40731a 733->737 734->737 736->723 738 406af2 736->738 739 407341-40734d 737->739 740 40731c-407320 737->740 741 406af9-406afd 738->741 742 406c39-406c5a 738->742 743 406b9e-406ba2 738->743 744 406c0e-406c12 738->744 739->736 745 407326-40733e 740->745 746 4074cf-4074d9 740->746 741->732 750 406b03-406b10 741->750 742->731 748 406ba8-406bc1 743->748 749 40744e-407458 743->749 751 406c18-406c2c 744->751 752 40745d-407467 744->752 745->739 746->732 753 406bc4-406bc8 748->753 749->732 750->723 754 406b16-406b5c 750->754 755 406c2f-406c37 751->755 752->732 753->743 756 406bca-406bd0 753->756 757 406b84-406b86 754->757 758 406b5e-406b62 754->758 755->742 755->744 759 406bd2-406bd9 756->759 760 406bfa-406c0c 756->760 763 406b94-406b9c 757->763 764 406b88-406b92 757->764 761 406b64-406b67 GlobalFree 758->761 762 406b6d-406b7b GlobalAlloc 758->762 765 406be4-406bf4 GlobalAlloc 759->765 766 406bdb-406bde GlobalFree 759->766 760->755 761->762 762->723 767 406b81 762->767 763->753 764->763 764->764 765->723 765->760 766->765 767->757
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: be7a598e94a0405de8a772e3f69c54869daecda94b4303a07673bf76e2652f1c
                                                                                  • Instruction ID: ce41943af36f178b06a8ef9aeec7331a28cc36c4f565c07526a7a1ecbc0683f6
                                                                                  • Opcode Fuzzy Hash: be7a598e94a0405de8a772e3f69c54869daecda94b4303a07673bf76e2652f1c
                                                                                  • Instruction Fuzzy Hash: 8C813571E04228CFDF24CFA8C844BADBBB1FB45305F24816AD456BB281D778A986DF45
                                                                                  Function 00406AB0 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 768 406ab0-406ad3 769 406ad5-406ad8 768->769 770 406add-406ae0 768->770 771 4074fd-407501 769->771 772 406ae3-406aec 770->772 773 406af2 772->773 774 4074fa 772->774 775 406af9-406afd 773->775 776 406c39-4072e0 773->776 777 406b9e-406ba2 773->777 778 406c0e-406c12 773->778 774->771 781 406b03-406b10 775->781 782 4074e5-4074f8 775->782 787 4072e2-4072f8 776->787 788 4072fa-407310 776->788 779 406ba8-406bc1 777->779 780 40744e-407458 777->780 783 406c18-406c2c 778->783 784 40745d-407467 778->784 786 406bc4-406bc8 779->786 780->782 781->774 789 406b16-406b5c 781->789 782->771 790 406c2f-406c37 783->790 784->782 786->777 791 406bca-406bd0 786->791 792 407313-40731a 787->792 788->792 793 406b84-406b86 789->793 794 406b5e-406b62 789->794 790->776 790->778 795 406bd2-406bd9 791->795 796 406bfa-406c0c 791->796 797 407341-40734d 792->797 798 40731c-407320 792->798 801 406b94-406b9c 793->801 802 406b88-406b92 793->802 799 406b64-406b67 GlobalFree 794->799 800 406b6d-406b7b GlobalAlloc 794->800 803 406be4-406bf4 GlobalAlloc 795->803 804 406bdb-406bde GlobalFree 795->804 796->790 797->772 805 407326-40733e 798->805 806 4074cf-4074d9 798->806 799->800 800->774 808 406b81 800->808 801->786 802->801 802->802 803->774 803->796 804->803 805->797 806->782 808->793
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 32d59b201beac9d8f322f7ad5055b4a277c8e7969ed8db35c8d1fbf5724c7b18
                                                                                  • Instruction ID: 8f4657df29e0a6c4f41eae1c6e560b42ebe12933d6c33c39fa024371cffe791d
                                                                                  • Opcode Fuzzy Hash: 32d59b201beac9d8f322f7ad5055b4a277c8e7969ed8db35c8d1fbf5724c7b18
                                                                                  • Instruction Fuzzy Hash: F4815771E04228DBDF24CFA8C8447ADBBB1FF44315F10816AD856BB281D7786986DF45
                                                                                  Function 00406EFE Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 809 406efe-406f02 810 406f20-406f63 809->810 811 406f04-406f1b 809->811 812 4072cb-4072e0 810->812 811->812 813 4072e2-4072f8 812->813 814 4072fa-407310 812->814 815 407313-40731a 813->815 814->815 816 407341-40734d 815->816 817 40731c-407320 815->817 824 406af2 816->824 825 4074fa 816->825 818 407326-40733e 817->818 819 4074cf-4074d9 817->819 818->816 822 4074e5-4074f8 819->822 823 4074fd-407501 822->823 826 406af9-406afd 824->826 827 406c39-406c5a 824->827 828 406b9e-406ba2 824->828 829 406c0e-406c12 824->829 825->823 826->822 832 406b03-406b10 826->832 827->812 830 406ba8-406bc1 828->830 831 40744e-407458 828->831 833 406c18-406c2c 829->833 834 40745d-407467 829->834 835 406bc4-406bc8 830->835 831->822 832->825 836 406b16-406b5c 832->836 837 406c2f-406c37 833->837 834->822 835->828 838 406bca-406bd0 835->838 839 406b84-406b86 836->839 840 406b5e-406b62 836->840 837->827 837->829 841 406bd2-406bd9 838->841 842 406bfa-406c0c 838->842 845 406b94-406b9c 839->845 846 406b88-406b92 839->846 843 406b64-406b67 GlobalFree 840->843 844 406b6d-406b7b GlobalAlloc 840->844 847 406be4-406bf4 GlobalAlloc 841->847 848 406bdb-406bde GlobalFree 841->848 842->837 843->844 844->825 849 406b81 844->849 845->835 846->845 846->846 847->825 847->842 848->847 849->839
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5ad3ccd1842de9fa96a72a1c56b2a37abd66cddd4bfb2a4aa43cc43f3deb674d
                                                                                  • Instruction ID: 467485e0bb60f7ca81b57cb4e762169b1f98b62e9d0b722d18e83a7fcf81438f
                                                                                  • Opcode Fuzzy Hash: 5ad3ccd1842de9fa96a72a1c56b2a37abd66cddd4bfb2a4aa43cc43f3deb674d
                                                                                  • Instruction Fuzzy Hash: 04711375E04228CBDF24CFA8C844BADBBF1FB48305F15806AD856B7281D778A986DF45
                                                                                  Function 0040701C Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 702cc36666a341df00ed023e166d9505421316bb70e071c2ca241f15019959e6
                                                                                  • Instruction ID: 8594309fab6a939f8579025671b20e25c27ad2f20b93bd04310bc8f9388019e2
                                                                                  • Opcode Fuzzy Hash: 702cc36666a341df00ed023e166d9505421316bb70e071c2ca241f15019959e6
                                                                                  • Instruction Fuzzy Hash: A6713471E04228CBDF28CF98C844BADBBB1FF45305F14806AD816BB281D778A986DF45
                                                                                  Function 00406F68 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 97fac772243d771687d70cd7bd51d4e603ca3fb4096038018fdbee07d45d8760
                                                                                  • Instruction ID: 804367245b599a5d262e6525417658d62bb0317a144133a249ff79fbb491f744
                                                                                  • Opcode Fuzzy Hash: 97fac772243d771687d70cd7bd51d4e603ca3fb4096038018fdbee07d45d8760
                                                                                  • Instruction Fuzzy Hash: 04712571E04228CBDF28CF98C854BADBBB1FF44305F15806AD856B7281C778A986DF45
                                                                                  Function 004069E0 Relevance: 4.5, APIs: 3, Instructions: 27synchronizationCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • WaitForSingleObject.KERNEL32(?,00000064), ref: 004069F1
                                                                                  • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00406A06
                                                                                  • GetExitCodeProcess.KERNELBASE(?,?), ref: 00406A13
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: ObjectSingleWait$CodeExitProcess
                                                                                  • String ID:
                                                                                  • API String ID: 2567322000-0
                                                                                  • Opcode ID: 2f96d25466b50161d36a247ea1857d3da149f4b0ac0fce789d184ce1e3082720
                                                                                  • Instruction ID: acb36e27aab87908a79ffd06662c499a3f36dd0ca49ed4bb2a313832a7c32036
                                                                                  • Opcode Fuzzy Hash: 2f96d25466b50161d36a247ea1857d3da149f4b0ac0fce789d184ce1e3082720
                                                                                  • Instruction Fuzzy Hash: 09E09272600208BBDB009B54CD01D9E7B6ADB45704F110036BA05B6190C6B5AE62DB98
                                                                                  Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                  • SendMessageW.USER32(0040A2D8,00000402,00000000), ref: 004013F4
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend
                                                                                  • String ID:
                                                                                  • API String ID: 3850602802-0
                                                                                  • Opcode ID: 24120cd7971efbcf380a3cfcf85aef56aa5faf56da28ec4d1ccb8bb0957475b6
                                                                                  • Instruction ID: 2b867b2a322a557ec20ecaa395e060e0be7e2a6973b32d365fcb6e947ad1390c
                                                                                  • Opcode Fuzzy Hash: 24120cd7971efbcf380a3cfcf85aef56aa5faf56da28ec4d1ccb8bb0957475b6
                                                                                  • Instruction Fuzzy Hash: 9E01F4327242209BE7195B389D05B6B3798E710314F10863FF855F66F1DA78CC429B4C
                                                                                  Function 00405B24 Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CreateProcessW.KERNELBASE(00000000,0042C800,00000000,00000000,00000000,04000000,00000000,00000000,00425F10,?,?,?,0042C800,?), ref: 00405B4D
                                                                                  • CloseHandle.KERNEL32(?,?,?,0042C800,?), ref: 00405B5A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: CloseCreateHandleProcess
                                                                                  • String ID:
                                                                                  • API String ID: 3712363035-0
                                                                                  • Opcode ID: ab728716b39bc4ae5022fc4c28ab15e9e5542c8e0cf41f1555c5a84b4fa30c9d
                                                                                  • Instruction ID: 3e6b85693243cf5959e47e0a5ce0ecee53803ede082a99688cf67a66356fc275
                                                                                  • Opcode Fuzzy Hash: ab728716b39bc4ae5022fc4c28ab15e9e5542c8e0cf41f1555c5a84b4fa30c9d
                                                                                  • Instruction Fuzzy Hash: 3AE0BFB4A10219BFFB10AB64ED05F7B77BCF704604F418825BD10F2551D774A9148A7C
                                                                                  Function 00406935 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetModuleHandleA.KERNEL32(?,00000020,?,0040362C,0000000C,?,?,?,?,?,?,?,?), ref: 00406947
                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00406962
                                                                                    • Part of subcall function 004068C5: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068DC
                                                                                    • Part of subcall function 004068C5: wsprintfW.USER32 ref: 00406917
                                                                                    • Part of subcall function 004068C5: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 0040692B
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                  • String ID:
                                                                                  • API String ID: 2547128583-0
                                                                                  • Opcode ID: 38b25401b771ecf209a524bd0999a173af8b0ad39984603ae0a2953bb283c85e
                                                                                  • Instruction ID: 5f896a6f513cb693e05c26686958cbb9026995673407ad46a654cc37c4de4e39
                                                                                  • Opcode Fuzzy Hash: 38b25401b771ecf209a524bd0999a173af8b0ad39984603ae0a2953bb283c85e
                                                                                  • Instruction Fuzzy Hash: BCE0CD73604310EBD61067755D0493773E89F85B50302483EF947F2140D734DC32A7AA
                                                                                  Function 00406031 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetFileAttributesW.KERNELBASE(00000003,004030E2,00437800,80000000,00000003), ref: 00406035
                                                                                  • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00406057
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: File$AttributesCreate
                                                                                  • String ID:
                                                                                  • API String ID: 415043291-0
                                                                                  • Opcode ID: 6be4d53c09d0ea7202590e2ef391dde9d68f005235e9a58d36352f422cb06a2c
                                                                                  • Instruction ID: 9d50a09f5748d4f60ef03139cc16a9656d1073ae209d3065c053d14625e31d4c
                                                                                  • Opcode Fuzzy Hash: 6be4d53c09d0ea7202590e2ef391dde9d68f005235e9a58d36352f422cb06a2c
                                                                                  • Instruction Fuzzy Hash: 87D09E31654301AFEF098F20DE16F2EBAA2EB84B00F11552CB682941E0DA715819DB15
                                                                                  Function 0040600C Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetFileAttributesW.KERNELBASE(?,?,00405C11,?,?,00000000,00405DE7,?,?,?,?), ref: 00406011
                                                                                  • SetFileAttributesW.KERNEL32(?,00000000), ref: 00406025
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: AttributesFile
                                                                                  • String ID:
                                                                                  • API String ID: 3188754299-0
                                                                                  • Opcode ID: bc30e5c928ed30f9cb3e730bb3a024ff28878b527ec9bdb2640fa07c227b463d
                                                                                  • Instruction ID: fbd6844141adfc982ff7d741096df028d7bbee698e850df9006aa2ae5f51d9dd
                                                                                  • Opcode Fuzzy Hash: bc30e5c928ed30f9cb3e730bb3a024ff28878b527ec9bdb2640fa07c227b463d
                                                                                  • Instruction Fuzzy Hash: 24D0C972504221AFC2103728EE0889BBF55DB542717028A35F8A9A22B0CB304C668694
                                                                                  Function 00405AEF Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CreateDirectoryW.KERNELBASE(?,00000000,0040350F,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403806,?,00000008,0000000A,0000000C), ref: 00405AF5
                                                                                  • GetLastError.KERNEL32(?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00405B03
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: CreateDirectoryErrorLast
                                                                                  • String ID:
                                                                                  • API String ID: 1375471231-0
                                                                                  • Opcode ID: 7ce514c051633c67dabed91c1ba2c830ad6f4192d7236d4c27a26ed09d9cb01d
                                                                                  • Instruction ID: c3646108da72950d5b730f2af08982bf7448ccd78712563759f5c9f930c8cbe9
                                                                                  • Opcode Fuzzy Hash: 7ce514c051633c67dabed91c1ba2c830ad6f4192d7236d4c27a26ed09d9cb01d
                                                                                  • Instruction Fuzzy Hash: 11C04C70244906DAD6509B219F0C71779A0EB50781F195839A586E50A0DA34B455D92D
                                                                                  Function 004060E3 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,0040349F,00000000,00414EC0,?,00414EC0,?,000000FF,00000004,00000000), ref: 004060F7
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileWrite
                                                                                  • String ID:
                                                                                  • API String ID: 3934441357-0
                                                                                  • Opcode ID: 4494c28c6fc58b77f7b94402ffbb10e79d92760fb9961e7d9dbcb201027e3d13
                                                                                  • Instruction ID: b9d802e93a63440494d75fc60edee4ff4d41d1542efeb3ab79d4fb436c6ecda5
                                                                                  • Opcode Fuzzy Hash: 4494c28c6fc58b77f7b94402ffbb10e79d92760fb9961e7d9dbcb201027e3d13
                                                                                  • Instruction Fuzzy Hash: 91E08C3220422AABEF109E909C04EEB3B6CEB003A0F014432FD26E6050D271E9319BA4
                                                                                  Function 004060B4 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004034D1,00000000,00000000,00403328,000000FF,00000004,00000000,00000000,00000000), ref: 004060C8
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileRead
                                                                                  • String ID:
                                                                                  • API String ID: 2738559852-0
                                                                                  • Opcode ID: 076a4193e787d8b2f8fcded04b516b0b1a94860d7d4352c54bed072072f3bbd3
                                                                                  • Instruction ID: 0a9ed9335d9fcbf33a9b7557f86da276afb46ac39f2db62fb679b5cfb923300a
                                                                                  • Opcode Fuzzy Hash: 076a4193e787d8b2f8fcded04b516b0b1a94860d7d4352c54bed072072f3bbd3
                                                                                  • Instruction Fuzzy Hash: C1E0BF32250269ABDF109E559C00AAB775CEB05251F014436B955E7150D671E92197A4
                                                                                  Function 004034D4 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403267,?), ref: 004034E2
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: FilePointer
                                                                                  • String ID:
                                                                                  • API String ID: 973152223-0
                                                                                  • Opcode ID: 9851be0de28bb9513f6e500a0df6ea838ed72b99fd7baa621d8f85bec57c8f40
                                                                                  • Instruction ID: 1f5c7ae16c2334422adcad36111bde95194575cbdac9b1f52e29a9f6e91cc98e
                                                                                  • Opcode Fuzzy Hash: 9851be0de28bb9513f6e500a0df6ea838ed72b99fd7baa621d8f85bec57c8f40
                                                                                  • Instruction Fuzzy Hash: 34B01271240300BFDA214F00DF09F057B21ABA0700F10C034B388380F086711035EB0D
                                                                                  Function 00401FC9 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 004055C6: lstrlenW.KERNEL32(00421EE8,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,00403412,00000000,?), ref: 004055FE
                                                                                    • Part of subcall function 004055C6: lstrlenW.KERNEL32(00403412,00421EE8,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,00403412,00000000), ref: 0040560E
                                                                                    • Part of subcall function 004055C6: lstrcatW.KERNEL32(00421EE8,00403412,00403412,00421EE8,00000000,00418EC0,00000000), ref: 00405621
                                                                                    • Part of subcall function 004055C6: SetWindowTextW.USER32(00421EE8,00421EE8), ref: 00405633
                                                                                    • Part of subcall function 004055C6: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405659
                                                                                    • Part of subcall function 004055C6: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405673
                                                                                    • Part of subcall function 004055C6: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405681
                                                                                    • Part of subcall function 00405B24: CreateProcessW.KERNELBASE(00000000,0042C800,00000000,00000000,00000000,04000000,00000000,00000000,00425F10,?,?,?,0042C800,?), ref: 00405B4D
                                                                                    • Part of subcall function 00405B24: CloseHandle.KERNEL32(?,?,?,0042C800,?), ref: 00405B5A
                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00402010
                                                                                    • Part of subcall function 004069E0: WaitForSingleObject.KERNEL32(?,00000064), ref: 004069F1
                                                                                    • Part of subcall function 004069E0: GetExitCodeProcess.KERNELBASE(?,?), ref: 00406A13
                                                                                    • Part of subcall function 00406488: wsprintfW.USER32 ref: 00406495
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                  • String ID:
                                                                                  • API String ID: 2972824698-0
                                                                                  • Opcode ID: fb29f583f3ae972f7de9a09f3c8f29acbd7e441c65da05129cd19d38f05b70ed
                                                                                  • Instruction ID: 2b527fce213089fa12a92f7baeb69a5519dacc7bd52e038cdd259e112745fe09
                                                                                  • Opcode Fuzzy Hash: fb29f583f3ae972f7de9a09f3c8f29acbd7e441c65da05129cd19d38f05b70ed
                                                                                  • Instruction Fuzzy Hash: D0F09632904611ABDF30BBA59A895DF76B49F0035CF21413FE202B25D5C6BD4E41E76E
                                                                                  Function 00403B39 Relevance: 1.3, APIs: 1, Instructions: 11COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CloseHandle.KERNEL32(FFFFFFFF,00403A6C,?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403B44
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: CloseHandle
                                                                                  • String ID:
                                                                                  • API String ID: 2962429428-0
                                                                                  • Opcode ID: 4fffb8c71d51b546a7e2127151d0507ebb76f0821c6fee4e4994e39edc86062b
                                                                                  • Instruction ID: 8dac91232a398f62bf45de51be5dc2ff74670ad6c91f22ea1f9351e9d641195c
                                                                                  • Opcode Fuzzy Hash: 4fffb8c71d51b546a7e2127151d0507ebb76f0821c6fee4e4994e39edc86062b
                                                                                  • Instruction Fuzzy Hash: 4BC0123050870896D5247F799E4FF093A249B40339B608325B0B9B10F2D73CA659596D

                                                                                  Non-executed Functions

                                                                                  Function 00405705 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetDlgItem.USER32(?,00000403), ref: 00405763
                                                                                  • GetDlgItem.USER32(?,000003EE), ref: 00405772
                                                                                  • GetClientRect.USER32(?,?), ref: 004057AF
                                                                                  • GetSystemMetrics.USER32(00000002), ref: 004057B6
                                                                                  • SendMessageW.USER32(?,00001061,00000000,?), ref: 004057D7
                                                                                  • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004057E8
                                                                                  • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004057FB
                                                                                  • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405809
                                                                                  • SendMessageW.USER32(?,00001024,00000000,?), ref: 0040581C
                                                                                  • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040583E
                                                                                  • ShowWindow.USER32(?,00000008), ref: 00405852
                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 00405873
                                                                                  • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405883
                                                                                  • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 0040589C
                                                                                  • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004058A8
                                                                                  • GetDlgItem.USER32(?,000003F8), ref: 00405781
                                                                                    • Part of subcall function 004044F5: SendMessageW.USER32(00000028,?,00000001,00404320), ref: 00404503
                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 004058C5
                                                                                  • CreateThread.KERNEL32(00000000,00000000,Function_00005699,00000000), ref: 004058D3
                                                                                  • CloseHandle.KERNEL32(00000000), ref: 004058DA
                                                                                  • ShowWindow.USER32(00000000), ref: 004058FE
                                                                                  • ShowWindow.USER32(?,00000008), ref: 00405903
                                                                                  • ShowWindow.USER32(00000008), ref: 0040594D
                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405981
                                                                                  • CreatePopupMenu.USER32 ref: 00405992
                                                                                  • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004059A6
                                                                                  • GetWindowRect.USER32(?,?), ref: 004059C6
                                                                                  • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004059DF
                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A17
                                                                                  • OpenClipboard.USER32(00000000), ref: 00405A27
                                                                                  • EmptyClipboard.USER32 ref: 00405A2D
                                                                                  • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A39
                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00405A43
                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A57
                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00405A77
                                                                                  • SetClipboardData.USER32(0000000D,00000000), ref: 00405A82
                                                                                  • CloseClipboard.USER32 ref: 00405A88
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                  • String ID: {
                                                                                  • API String ID: 590372296-366298937
                                                                                  • Opcode ID: 3824989ea0536e5c3d89d87b24ed579d9185aa06a8fa494c1d573172a0034d7b
                                                                                  • Instruction ID: 1ec4b4c3d0988b91a44b02e8c0f1a80d5eff4bd371306251f5288e66bb296ab7
                                                                                  • Opcode Fuzzy Hash: 3824989ea0536e5c3d89d87b24ed579d9185aa06a8fa494c1d573172a0034d7b
                                                                                  • Instruction Fuzzy Hash: 4FB139B1900608FFDB11AFA0DD89AAE7B79FB04354F40813AFA41B61A0CB744E51DF68
                                                                                  Function 004049B1 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetDlgItem.USER32(?,000003FB), ref: 00404A00
                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 00404A2A
                                                                                  • SHBrowseForFolderW.SHELL32(?), ref: 00404ADB
                                                                                  • CoTaskMemFree.OLE32(00000000), ref: 00404AE6
                                                                                  • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,00422F08,00000000,?,?), ref: 00404B18
                                                                                  • lstrcatW.KERNEL32(?,C:\Users\user\AppData\Roaming\InstallerPDW\install.exe), ref: 00404B24
                                                                                  • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404B36
                                                                                    • Part of subcall function 00405B85: GetDlgItemTextW.USER32(?,?,00000400,00404B6D), ref: 00405B98
                                                                                    • Part of subcall function 004067EF: CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Confirm Me.exe",75923420,C:\Users\user\AppData\Local\Temp\,00000000,004034F7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403806,?,00000008,0000000A,0000000C), ref: 00406852
                                                                                    • Part of subcall function 004067EF: CharNextW.USER32(?,?,?,00000000,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00406861
                                                                                    • Part of subcall function 004067EF: CharNextW.USER32(?,"C:\Users\user\Desktop\Confirm Me.exe",75923420,C:\Users\user\AppData\Local\Temp\,00000000,004034F7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403806,?,00000008,0000000A,0000000C), ref: 00406866
                                                                                    • Part of subcall function 004067EF: CharPrevW.USER32(?,?,75923420,C:\Users\user\AppData\Local\Temp\,00000000,004034F7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403806,?,00000008,0000000A,0000000C), ref: 00406879
                                                                                  • GetDiskFreeSpaceW.KERNEL32(00420ED8,?,?,0000040F,?,00420ED8,00420ED8,?,00000001,00420ED8,?,?,000003FB,?), ref: 00404BF9
                                                                                  • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404C14
                                                                                    • Part of subcall function 00404D6D: lstrlenW.KERNEL32(00422F08,00422F08,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404E0E
                                                                                    • Part of subcall function 00404D6D: wsprintfW.USER32 ref: 00404E17
                                                                                    • Part of subcall function 00404D6D: SetDlgItemTextW.USER32(?,00422F08), ref: 00404E2A
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                  • String ID: A$C:\Users\user\AppData\Roaming\InstallerPDW$C:\Users\user\AppData\Roaming\InstallerPDW\install.exe
                                                                                  • API String ID: 2624150263-4197309331
                                                                                  • Opcode ID: 935987cb4f9461c6069e20587a72eda96bebf85d42a230f0735d58c75f334840
                                                                                  • Instruction ID: bc895223e5afc39127eca44d4d62e4eac8fcc33aadfc8ea3f63fda85b43113f0
                                                                                  • Opcode Fuzzy Hash: 935987cb4f9461c6069e20587a72eda96bebf85d42a230f0735d58c75f334840
                                                                                  • Instruction Fuzzy Hash: 15A190B1A01208ABDB11DFA6DD45AAFB7B8EF84304F11403BF611B62D1D77C9A418B6D
                                                                                  Function 00405C4D Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • DeleteFileW.KERNEL32(?,?,75923420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Confirm Me.exe"), ref: 00405C76
                                                                                  • lstrcatW.KERNEL32(00424F10,\*.*,00424F10,?,?,75923420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Confirm Me.exe"), ref: 00405CBE
                                                                                  • lstrcatW.KERNEL32(?,0040A014,?,00424F10,?,?,75923420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Confirm Me.exe"), ref: 00405CE1
                                                                                  • lstrlenW.KERNEL32(?,?,0040A014,?,00424F10,?,?,75923420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Confirm Me.exe"), ref: 00405CE7
                                                                                  • FindFirstFileW.KERNEL32(00424F10,?,?,?,0040A014,?,00424F10,?,?,75923420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Confirm Me.exe"), ref: 00405CF7
                                                                                  • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405D97
                                                                                  • FindClose.KERNEL32(00000000), ref: 00405DA6
                                                                                  Strings
                                                                                  • \*.*, xrefs: 00405CB8
                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405C5A
                                                                                  • "C:\Users\user\Desktop\Confirm Me.exe", xrefs: 00405C56
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                  • String ID: "C:\Users\user\Desktop\Confirm Me.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                  • API String ID: 2035342205-2472746302
                                                                                  • Opcode ID: a58a7e6cf5cd5b323d99b2e7efe97abcbadf979a8ae7158d9cb99184f307206c
                                                                                  • Instruction ID: c1737a7785d2a2f908f5f44de07c4aee1227101a85bdbc8c56ed50a571596083
                                                                                  • Opcode Fuzzy Hash: a58a7e6cf5cd5b323d99b2e7efe97abcbadf979a8ae7158d9cb99184f307206c
                                                                                  • Instruction Fuzzy Hash: 3241C430800A14BADB216B65CD4DABF7678DF41758F14813BF802B21D1D77C4AC19EAE
                                                                                  Function 0040689E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • FindFirstFileW.KERNEL32(75923420,00425F58,00425710,00405F61,00425710,00425710,00000000,00425710,00425710,75923420,?,C:\Users\user\AppData\Local\Temp\,00405C6D,?,75923420,C:\Users\user\AppData\Local\Temp\), ref: 004068A9
                                                                                  • FindClose.KERNEL32(00000000), ref: 004068B5
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: Find$CloseFileFirst
                                                                                  • String ID: X_B
                                                                                  • API String ID: 2295610775-941606717
                                                                                  • Opcode ID: 368a1c0a689282c2aa5195ddf357efb180b92b440bed087baa82a07527058284
                                                                                  • Instruction ID: f67f359cedd367be1f2f51a398ada2a6aadcf11014009cc1af4821528039bb17
                                                                                  • Opcode Fuzzy Hash: 368a1c0a689282c2aa5195ddf357efb180b92b440bed087baa82a07527058284
                                                                                  • Instruction Fuzzy Hash: 68D0123251A5205BC64067396E0C84B7B58AF153717268A36F5AAF21E0CB348C6A969C
                                                                                  Function 004021CF Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CoCreateInstance.OLE32(004084DC,?,00000001,004084CC,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040224E
                                                                                  Strings
                                                                                  • C:\Users\user\AppData\Roaming\InstallerPDW, xrefs: 0040228E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: CreateInstance
                                                                                  • String ID: C:\Users\user\AppData\Roaming\InstallerPDW
                                                                                  • API String ID: 542301482-2836118411
                                                                                  • Opcode ID: ec76f5dd5f6190a963fe1f4db377f7e09c486038d8c33d2ab9c4d7fc07912888
                                                                                  • Instruction ID: 7c9e104ca8be0d6b13ead4f97a80eb64338f0e545dbf3bddd9310e0b0504cb73
                                                                                  • Opcode Fuzzy Hash: ec76f5dd5f6190a963fe1f4db377f7e09c486038d8c33d2ab9c4d7fc07912888
                                                                                  • Instruction Fuzzy Hash: 54410575A00209AFCB00DFE4CA89AAD7BB5FF48318B20457EF505EB2D1DB799981CB54
                                                                                  Function 00402930 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040293F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileFindFirst
                                                                                  • String ID:
                                                                                  • API String ID: 1974802433-0
                                                                                  • Opcode ID: 524e4a2d0749f7f0ec3d708758e26d8cf669eba3af850705a6e167e6690b8ed8
                                                                                  • Instruction ID: 9ac6bcba1e22606d8a3f98507846f809c14ae5b1cd4137618ecf9cbbc0e374ac
                                                                                  • Opcode Fuzzy Hash: 524e4a2d0749f7f0ec3d708758e26d8cf669eba3af850705a6e167e6690b8ed8
                                                                                  • Instruction Fuzzy Hash: D6F08C71A04115AFD710EBA4DA499AEB378EF14328F6001BBE116F31E5D7B88E419B29
                                                                                  Function 00404F2D Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetDlgItem.USER32(?,000003F9), ref: 00404F45
                                                                                  • GetDlgItem.USER32(?,00000408), ref: 00404F50
                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 00404F9A
                                                                                  • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404FB1
                                                                                  • SetWindowLongW.USER32(?,000000FC,0040553A), ref: 00404FCA
                                                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404FDE
                                                                                  • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404FF0
                                                                                  • SendMessageW.USER32(?,00001109,00000002), ref: 00405006
                                                                                  • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00405012
                                                                                  • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00405024
                                                                                  • DeleteObject.GDI32(00000000), ref: 00405027
                                                                                  • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00405052
                                                                                  • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 0040505E
                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 004050F9
                                                                                  • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00405129
                                                                                    • Part of subcall function 004044F5: SendMessageW.USER32(00000028,?,00000001,00404320), ref: 00404503
                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 0040513D
                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 0040516B
                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00405179
                                                                                  • ShowWindow.USER32(?,00000005), ref: 00405189
                                                                                  • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405284
                                                                                  • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004052E9
                                                                                  • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004052FE
                                                                                  • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405322
                                                                                  • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405342
                                                                                  • ImageList_Destroy.COMCTL32(?), ref: 00405357
                                                                                  • GlobalFree.KERNEL32(?), ref: 00405367
                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004053E0
                                                                                  • SendMessageW.USER32(?,00001102,?,?), ref: 00405489
                                                                                  • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405498
                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 004054C3
                                                                                  • ShowWindow.USER32(?,00000000), ref: 00405511
                                                                                  • GetDlgItem.USER32(?,000003FE), ref: 0040551C
                                                                                  • ShowWindow.USER32(00000000), ref: 00405523
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                  • String ID: $M$N
                                                                                  • API String ID: 2564846305-813528018
                                                                                  • Opcode ID: a09e9907cf1d85342395cb53904611de706c132920ab67d22d4dedafd93240b8
                                                                                  • Instruction ID: 4e4e2263315175f506fe38719dbb0ef9e1096acd748b53dfdf66ec3fe5014b92
                                                                                  • Opcode Fuzzy Hash: a09e9907cf1d85342395cb53904611de706c132920ab67d22d4dedafd93240b8
                                                                                  • Instruction Fuzzy Hash: BA029C70A00608AFDB20DF64DD45AAF7BB5FB44314F10817AE610BA2E1D7B98A42DF18
                                                                                  Function 00403FC1 Relevance: 51.4, APIs: 34, Instructions: 357windowstringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403FFD
                                                                                  • ShowWindow.USER32(?), ref: 0040401D
                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 0040402F
                                                                                  • ShowWindow.USER32(?,00000004), ref: 00404048
                                                                                  • DestroyWindow.USER32 ref: 0040405C
                                                                                  • SetWindowLongW.USER32(?,00000000,00000000), ref: 00404075
                                                                                  • GetDlgItem.USER32(?,?), ref: 00404094
                                                                                  • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 004040A8
                                                                                  • IsWindowEnabled.USER32(00000000), ref: 004040AF
                                                                                  • GetDlgItem.USER32(?,00000001), ref: 0040415A
                                                                                  • GetDlgItem.USER32(?,00000002), ref: 00404164
                                                                                  • SetClassLongW.USER32(?,000000F2,?), ref: 0040417E
                                                                                  • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004041CF
                                                                                  • GetDlgItem.USER32(?,00000003), ref: 00404275
                                                                                  • ShowWindow.USER32(00000000,?), ref: 00404296
                                                                                  • EnableWindow.USER32(?,?), ref: 004042A8
                                                                                  • EnableWindow.USER32(?,?), ref: 004042C3
                                                                                  • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004042D9
                                                                                  • EnableMenuItem.USER32(00000000), ref: 004042E0
                                                                                  • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004042F8
                                                                                  • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040430B
                                                                                  • lstrlenW.KERNEL32(00422F08,?,00422F08,00000000), ref: 00404335
                                                                                  • SetWindowTextW.USER32(?,00422F08), ref: 00404349
                                                                                  • ShowWindow.USER32(?,0000000A), ref: 0040447D
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: Window$Item$MessageSendShow$EnableLong$Menu$ClassDestroyEnabledSystemTextlstrlen
                                                                                  • String ID:
                                                                                  • API String ID: 1860320154-0
                                                                                  • Opcode ID: 4b3fe02cb5795506d30df4e66f46237e59566fdbff82c58b44480cf0eb866077
                                                                                  • Instruction ID: f4824fcfb4375dbde2e3aa314f90dcffafac0cdac9d9fdfce080a9e5a5e1030c
                                                                                  • Opcode Fuzzy Hash: 4b3fe02cb5795506d30df4e66f46237e59566fdbff82c58b44480cf0eb866077
                                                                                  • Instruction Fuzzy Hash: E7C1CEB1600200BBCB216F61EE49E2B3A68FB95719F41053EF751B11F0CB795882DB2E
                                                                                  Function 0040467F Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 0040471D
                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 00404731
                                                                                  • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 0040474E
                                                                                  • GetSysColor.USER32(?), ref: 0040475F
                                                                                  • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 0040476D
                                                                                  • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040477B
                                                                                  • lstrlenW.KERNEL32(?), ref: 00404780
                                                                                  • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040478D
                                                                                  • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004047A2
                                                                                  • GetDlgItem.USER32(?,0000040A), ref: 004047FB
                                                                                  • SendMessageW.USER32(00000000), ref: 00404802
                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 0040482D
                                                                                  • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404870
                                                                                  • LoadCursorW.USER32(00000000,00007F02), ref: 0040487E
                                                                                  • SetCursor.USER32(00000000), ref: 00404881
                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 0040489A
                                                                                  • SetCursor.USER32(00000000), ref: 0040489D
                                                                                  • SendMessageW.USER32(00000111,00000001,00000000), ref: 004048CC
                                                                                  • SendMessageW.USER32(00000010,00000000,00000000), ref: 004048DE
                                                                                  Strings
                                                                                  • N, xrefs: 0040481B
                                                                                  • C:\Users\user\AppData\Roaming\InstallerPDW\install.exe, xrefs: 0040485C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                  • String ID: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe$N
                                                                                  • API String ID: 3103080414-389302496
                                                                                  • Opcode ID: 4011bf91f23cdad070dcf702cd0082b1ea04741390be1e297b86103e4649bf75
                                                                                  • Instruction ID: 9930e5d90db5dccbb26e86255d6156f8bb9eb7c4e216bd2cc4efdce7ef6c99e8
                                                                                  • Opcode Fuzzy Hash: 4011bf91f23cdad070dcf702cd0082b1ea04741390be1e297b86103e4649bf75
                                                                                  • Instruction Fuzzy Hash: 8E6180B1A00209BFDB10AF64DD85A6A7B69FB84354F00843AF605B62D0D7B8AD51DF98
                                                                                  Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                  • BeginPaint.USER32(?,?), ref: 00401047
                                                                                  • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                  • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                  • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                  • DeleteObject.GDI32(?), ref: 004010ED
                                                                                  • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                  • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                  • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                  • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                  • DrawTextW.USER32(00000000,00428A20,000000FF,00000010,00000820), ref: 00401156
                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                  • DeleteObject.GDI32(?), ref: 00401165
                                                                                  • EndPaint.USER32(?,?), ref: 0040116E
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                  • String ID: F
                                                                                  • API String ID: 941294808-1304234792
                                                                                  • Opcode ID: fcc37e75e13d0dca8524aaa06a8ee829d240d30c68f9aadea354bd02ab1c226a
                                                                                  • Instruction ID: d1034cbb9d528375343357a353c0022e70e8214492c202610c441178c5bfc5cd
                                                                                  • Opcode Fuzzy Hash: fcc37e75e13d0dca8524aaa06a8ee829d240d30c68f9aadea354bd02ab1c226a
                                                                                  • Instruction Fuzzy Hash: FC417B71800249AFCB058FA5DE459AFBBB9FF45314F00802EF592AA1A0CB74DA55DFA4
                                                                                  Function 00406187 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406322,?,?), ref: 004061C2
                                                                                  • GetShortPathNameW.KERNEL32(?,004265A8,00000400), ref: 004061CB
                                                                                    • Part of subcall function 00405F96: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,0040627B,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA6
                                                                                    • Part of subcall function 00405F96: lstrlenA.KERNEL32(00000000,?,00000000,0040627B,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD8
                                                                                  • GetShortPathNameW.KERNEL32(?,00426DA8,00000400), ref: 004061E8
                                                                                  • wsprintfA.USER32 ref: 00406206
                                                                                  • GetFileSize.KERNEL32(00000000,00000000,00426DA8,C0000000,00000004,00426DA8,?,?,?,?,?), ref: 00406241
                                                                                  • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406250
                                                                                  • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406288
                                                                                  • SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,004261A8,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004062DE
                                                                                  • GlobalFree.KERNEL32(00000000), ref: 004062EF
                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004062F6
                                                                                    • Part of subcall function 00406031: GetFileAttributesW.KERNELBASE(00000003,004030E2,00437800,80000000,00000003), ref: 00406035
                                                                                    • Part of subcall function 00406031: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00406057
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                  • String ID: %ls=%ls$[Rename]
                                                                                  • API String ID: 2171350718-461813615
                                                                                  • Opcode ID: ad23c2c12608704314c1a1c2d98a70ea5e027cecb5ac03fef5858bd56b87dd73
                                                                                  • Instruction ID: 01145b8f81eafc368a5e669bb7cc9688017d9d0d23ed4dcd6a8783cd941829b9
                                                                                  • Opcode Fuzzy Hash: ad23c2c12608704314c1a1c2d98a70ea5e027cecb5ac03fef5858bd56b87dd73
                                                                                  • Instruction Fuzzy Hash: DF31353060072ABBD6207B659D49F2B3A5CDF41754F12007EF902F62D2EA3D9C2586BD
                                                                                  Function 004067EF Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Confirm Me.exe",75923420,C:\Users\user\AppData\Local\Temp\,00000000,004034F7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403806,?,00000008,0000000A,0000000C), ref: 00406852
                                                                                  • CharNextW.USER32(?,?,?,00000000,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00406861
                                                                                  • CharNextW.USER32(?,"C:\Users\user\Desktop\Confirm Me.exe",75923420,C:\Users\user\AppData\Local\Temp\,00000000,004034F7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403806,?,00000008,0000000A,0000000C), ref: 00406866
                                                                                  • CharPrevW.USER32(?,?,75923420,C:\Users\user\AppData\Local\Temp\,00000000,004034F7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403806,?,00000008,0000000A,0000000C), ref: 00406879
                                                                                  Strings
                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 004067F0
                                                                                  • "C:\Users\user\Desktop\Confirm Me.exe", xrefs: 00406833
                                                                                  • *?|<>/":, xrefs: 00406841
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: Char$Next$Prev
                                                                                  • String ID: "C:\Users\user\Desktop\Confirm Me.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                  • API String ID: 589700163-2329359883
                                                                                  • Opcode ID: d9890b2689dddc4776a4db6af1629ac80bd1bcc56ba6148264ccbff8cf15ab87
                                                                                  • Instruction ID: 55fd55a6259970f18c414665dfb8d2eb8684f68ced2253b2c35ece4a8e009edc
                                                                                  • Opcode Fuzzy Hash: d9890b2689dddc4776a4db6af1629ac80bd1bcc56ba6148264ccbff8cf15ab87
                                                                                  • Instruction Fuzzy Hash: 0E11E61780221295DB303B15CC40ABB62E8EF54750F16C43FE999732C0E77C4C9286BD
                                                                                  Function 00404527 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetWindowLongW.USER32(?,000000EB), ref: 00404544
                                                                                  • GetSysColor.USER32(00000000), ref: 00404582
                                                                                  • SetTextColor.GDI32(?,00000000), ref: 0040458E
                                                                                  • SetBkMode.GDI32(?,?), ref: 0040459A
                                                                                  • GetSysColor.USER32(?), ref: 004045AD
                                                                                  • SetBkColor.GDI32(?,?), ref: 004045BD
                                                                                  • DeleteObject.GDI32(?), ref: 004045D7
                                                                                  • CreateBrushIndirect.GDI32(?), ref: 004045E1
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                  • String ID:
                                                                                  • API String ID: 2320649405-0
                                                                                  • Opcode ID: 9dba601b91aff6ac4bf2e5f3eaee39d76022ea5146a5c84035e03d3d84c8d27c
                                                                                  • Instruction ID: d41769c693a3b03867a7fa47e0dc02698e8003aaa16d7874add0ef0652afaaee
                                                                                  • Opcode Fuzzy Hash: 9dba601b91aff6ac4bf2e5f3eaee39d76022ea5146a5c84035e03d3d84c8d27c
                                                                                  • Instruction Fuzzy Hash: 5A2195B1500704BFCB349F39DD08A477BF8AF41714B00892EEA96A22E0DB38DA44CB54
                                                                                  Function 00402711 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ReadFile.KERNEL32(?,?,?,?), ref: 0040277D
                                                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 004027B8
                                                                                  • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027DB
                                                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027F1
                                                                                    • Part of subcall function 00406112: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00406128
                                                                                  • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 0040289D
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                  • String ID: 9
                                                                                  • API String ID: 163830602-2366072709
                                                                                  • Opcode ID: 91519286727b7715e667a28de049f7dc24ed8e1d9bfc14afdf41a8c3697f6d43
                                                                                  • Instruction ID: 7b917313dc97d271e667d5624dbaf811d8953be2b726cd25112f37da0e7500b1
                                                                                  • Opcode Fuzzy Hash: 91519286727b7715e667a28de049f7dc24ed8e1d9bfc14afdf41a8c3697f6d43
                                                                                  • Instruction Fuzzy Hash: 35511E75D04119AADF20EFD4CA84AAEB779FF44304F14817BE501B62D0D7B89D828B58
                                                                                  Function 004055C6 Relevance: 10.6, APIs: 7, Instructions: 72stringwindowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • lstrlenW.KERNEL32(00421EE8,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,00403412,00000000,?), ref: 004055FE
                                                                                  • lstrlenW.KERNEL32(00403412,00421EE8,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,00403412,00000000), ref: 0040560E
                                                                                  • lstrcatW.KERNEL32(00421EE8,00403412,00403412,00421EE8,00000000,00418EC0,00000000), ref: 00405621
                                                                                  • SetWindowTextW.USER32(00421EE8,00421EE8), ref: 00405633
                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405659
                                                                                  • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405673
                                                                                  • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405681
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                  • String ID:
                                                                                  • API String ID: 2531174081-0
                                                                                  • Opcode ID: a9fafcf7327b9621bb894f8e2d9ac48d1397335c234e36f420f2517ccdad5277
                                                                                  • Instruction ID: 832834c51e0bf9a0f82df7ca1b5cea98aaac4e2da268f37eaeed00ca70cd3c8d
                                                                                  • Opcode Fuzzy Hash: a9fafcf7327b9621bb894f8e2d9ac48d1397335c234e36f420f2517ccdad5277
                                                                                  • Instruction Fuzzy Hash: BA21A175900558BACB119FA5DD84DCFBF79EF45350F50843AF904B22A0C77A4A41CF58
                                                                                  Function 00404E7B Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404E96
                                                                                  • GetMessagePos.USER32 ref: 00404E9E
                                                                                  • ScreenToClient.USER32(?,?), ref: 00404EB8
                                                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404ECA
                                                                                  • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404EF0
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: Message$Send$ClientScreen
                                                                                  • String ID: f
                                                                                  • API String ID: 41195575-1993550816
                                                                                  • Opcode ID: 3b05e908374c5eb3ed0cc07743cf8bdf4b6f619b857b2f4ef42225a5e6fc1927
                                                                                  • Instruction ID: 6d9709cdd774db07ceaeaaa3ef1e8ea5a4c7015a7cc254b2929396571b15d8ef
                                                                                  • Opcode Fuzzy Hash: 3b05e908374c5eb3ed0cc07743cf8bdf4b6f619b857b2f4ef42225a5e6fc1927
                                                                                  • Instruction Fuzzy Hash: 7E015E71900218BADB00DB94DD85BFEBBBCAF95B11F10412BBB51B61D0C7B49A418BA4
                                                                                  Function 00402FB8 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FD6
                                                                                  • MulDiv.KERNEL32(02E366AD,00000064,02E366B1), ref: 00403001
                                                                                  • wsprintfW.USER32 ref: 00403011
                                                                                  • SetWindowTextW.USER32(?,?), ref: 00403021
                                                                                  • SetDlgItemTextW.USER32(?,00000406,?), ref: 00403033
                                                                                  Strings
                                                                                  • verifying installer: %d%%, xrefs: 0040300B
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: Text$ItemTimerWindowwsprintf
                                                                                  • String ID: verifying installer: %d%%
                                                                                  • API String ID: 1451636040-82062127
                                                                                  • Opcode ID: 7c72eb226873640f15370cd8631d515f33e7e0e766319f11269e715f4bf9c46b
                                                                                  • Instruction ID: 92b1fa929db6ad6423e495ae3c8b7d5051599f53ef0535b5d141126ce54988b0
                                                                                  • Opcode Fuzzy Hash: 7c72eb226873640f15370cd8631d515f33e7e0e766319f11269e715f4bf9c46b
                                                                                  • Instruction Fuzzy Hash: 41014F70640208BBEF209F60DD49FEE3B69BB04345F008039FA02A51D0DBB99A559F58
                                                                                  Function 00402975 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029D6
                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029F2
                                                                                  • GlobalFree.KERNEL32(?), ref: 00402A2B
                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00402A3E
                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A5A
                                                                                  • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A6D
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                  • String ID:
                                                                                  • API String ID: 2667972263-0
                                                                                  • Opcode ID: b07bb42a36a53ac2b652948ec131e563e6f6be8de0f89c4bf93d81cf64cebf1f
                                                                                  • Instruction ID: 30dd54c89a4cddf194586c2a2fc5346a944fd6f702074eaf72055d986495362b
                                                                                  • Opcode Fuzzy Hash: b07bb42a36a53ac2b652948ec131e563e6f6be8de0f89c4bf93d81cf64cebf1f
                                                                                  • Instruction Fuzzy Hash: 0C31B171D00128BBCF21AFA5DE49D9E7E79AF44324F20423AF415762E1CB798D418FA8
                                                                                  Function 00402ECE Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402F22
                                                                                  • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F6E
                                                                                  • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F77
                                                                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F8E
                                                                                  • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F99
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: CloseEnum$DeleteValue
                                                                                  • String ID:
                                                                                  • API String ID: 1354259210-0
                                                                                  • Opcode ID: 2404979ab5d72bd1f47e4c5d2100d154d2dcf156ce7fec90999c2a50aae3b712
                                                                                  • Instruction ID: d442e96e729bea3163a88d870f4d25619929b9fa7009ff0cba57fd90435ded5e
                                                                                  • Opcode Fuzzy Hash: 2404979ab5d72bd1f47e4c5d2100d154d2dcf156ce7fec90999c2a50aae3b712
                                                                                  • Instruction Fuzzy Hash: 8B212A7150010ABFDF129F94CE89EEF7A7DEB54388F110076B909B21A0D7B58E54AA68
                                                                                  Function 00401DA6 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetDlgItem.USER32(?,?), ref: 00401DBF
                                                                                  • GetClientRect.USER32(?,?), ref: 00401E0A
                                                                                  • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E3A
                                                                                  • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E4E
                                                                                  • DeleteObject.GDI32(00000000), ref: 00401E5E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                  • String ID:
                                                                                  • API String ID: 1849352358-0
                                                                                  • Opcode ID: 24d559174ba8d1ea0ff588d178efc5a8b4b5bc163578ff463a4868f6c49c4eb4
                                                                                  • Instruction ID: eb17948d85696e98a42b5b2e026cdebc0bad80675354e43e8e08d2e827efe14e
                                                                                  • Opcode Fuzzy Hash: 24d559174ba8d1ea0ff588d178efc5a8b4b5bc163578ff463a4868f6c49c4eb4
                                                                                  • Instruction Fuzzy Hash: 94213B72D00119AFCB05DF98DE45AEEBBB5EB08300F14003AF945F62A0D7349D81DB98
                                                                                  Function 00401E73 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetDC.USER32(?), ref: 00401E76
                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E90
                                                                                  • MulDiv.KERNEL32(00000000,00000000), ref: 00401E98
                                                                                  • ReleaseDC.USER32(?,00000000), ref: 00401EA9
                                                                                  • CreateFontIndirectW.GDI32(0040CDC8), ref: 00401EF8
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                  • String ID:
                                                                                  • API String ID: 3808545654-0
                                                                                  • Opcode ID: ef63408107684041e4866229634915ac86451c59f948bd83cb9cb27aef798f6a
                                                                                  • Instruction ID: 1d77b42acd886a27ae9f5cf53f8bcf428a8cf24ec4295262a5ba191a384267e2
                                                                                  • Opcode Fuzzy Hash: ef63408107684041e4866229634915ac86451c59f948bd83cb9cb27aef798f6a
                                                                                  • Instruction Fuzzy Hash: 9E01B171950250EFEB005BB4AE8AADD3FB0AF59300F10497AF142BA1E2CAB804049B2C
                                                                                  Function 00401C68 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CD8
                                                                                  • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CF0
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend$Timeout
                                                                                  • String ID: !
                                                                                  • API String ID: 1777923405-2657877971
                                                                                  • Opcode ID: e5ebd0c2485f00d6c9f151be0d8d18ef0011f408847e131bf1e0c601e94fb195
                                                                                  • Instruction ID: 7915d77c0e8d2f35ba529c4d8f0c1bf85837a2641dbb4ead1ffb962ccc12b17a
                                                                                  • Opcode Fuzzy Hash: e5ebd0c2485f00d6c9f151be0d8d18ef0011f408847e131bf1e0c601e94fb195
                                                                                  • Instruction Fuzzy Hash: CC218071D1421AAEEB05AFA4D94AAFE7BB0EF44304F10453FF505B61D0D7B88941DB98
                                                                                  Function 00404D6D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • lstrlenW.KERNEL32(00422F08,00422F08,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404E0E
                                                                                  • wsprintfW.USER32 ref: 00404E17
                                                                                  • SetDlgItemTextW.USER32(?,00422F08), ref: 00404E2A
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: ItemTextlstrlenwsprintf
                                                                                  • String ID: %u.%u%s%s
                                                                                  • API String ID: 3540041739-3551169577
                                                                                  • Opcode ID: 808c56ceb77bc8fa6bb0a4fcfba6dc4e55d7e9e185af3d36fc5e6f51395c7837
                                                                                  • Instruction ID: 531ff4d773969165704d770d32cd75e70745a6e311be36c98e560407ed735fca
                                                                                  • Opcode Fuzzy Hash: 808c56ceb77bc8fa6bb0a4fcfba6dc4e55d7e9e185af3d36fc5e6f51395c7837
                                                                                  • Instruction Fuzzy Hash: 1711EB73A0422837DB0056ADAC46E9E3698DF85374F250237FA66F21D5D978CC2142D8
                                                                                  Function 00405E10 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403509,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403806,?,00000008,0000000A,0000000C), ref: 00405E16
                                                                                  • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403509,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403806,?,00000008,0000000A,0000000C), ref: 00405E20
                                                                                  • lstrcatW.KERNEL32(?,0040A014,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00405E32
                                                                                  Strings
                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405E10
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: CharPrevlstrcatlstrlen
                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                  • API String ID: 2659869361-823278215
                                                                                  • Opcode ID: 1ad634ba4b40e47f3a67f9c69e663da68b942b7adec5edae9754e9c2c01f4b37
                                                                                  • Instruction ID: 6241345b1480893618f3385b5901a002ffa6f457481071e3b6de6f74fd74f6f8
                                                                                  • Opcode Fuzzy Hash: 1ad634ba4b40e47f3a67f9c69e663da68b942b7adec5edae9754e9c2c01f4b37
                                                                                  • Instruction Fuzzy Hash: 00D05E71101634AAC2117B48AC08CDF62AC9E46344341402AF141B20A5C7785A5186ED
                                                                                  Function 0040303E Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • DestroyWindow.USER32(00000000,00000000,0040321C,00000001), ref: 00403051
                                                                                  • GetTickCount.KERNEL32 ref: 0040306F
                                                                                  • CreateDialogParamW.USER32(0000006F,00000000,00402FB8,00000000), ref: 0040308C
                                                                                  • ShowWindow.USER32(00000000,00000005), ref: 0040309A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                  • String ID:
                                                                                  • API String ID: 2102729457-0
                                                                                  • Opcode ID: 33eae82cd865283ad0f9b1d758b5427aa2cdbcf5f418f2cf2359be72f6e08548
                                                                                  • Instruction ID: 1fe6cbc8f6a725ad0ac4e372fd1d3cf1f1d396d39c9c490f6de0fad46aa3fa9f
                                                                                  • Opcode Fuzzy Hash: 33eae82cd865283ad0f9b1d758b5427aa2cdbcf5f418f2cf2359be72f6e08548
                                                                                  • Instruction Fuzzy Hash: 1CF05431602621ABC6316F54FD08A9B7BA9FB44B13F41087AF045B11A9CB7948828B9C
                                                                                  Function 00405F18 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 00406541: lstrcpynW.KERNEL32(?,?,00000400,0040368E,00428A20,NSIS Error,?,00000008,0000000A,0000000C), ref: 0040654E
                                                                                    • Part of subcall function 00405EBB: CharNextW.USER32(?,?,00425710,?,00405F2F,00425710,00425710,75923420,?,C:\Users\user\AppData\Local\Temp\,00405C6D,?,75923420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Confirm Me.exe"), ref: 00405EC9
                                                                                    • Part of subcall function 00405EBB: CharNextW.USER32(00000000), ref: 00405ECE
                                                                                    • Part of subcall function 00405EBB: CharNextW.USER32(00000000), ref: 00405EE6
                                                                                  • lstrlenW.KERNEL32(00425710,00000000,00425710,00425710,75923420,?,C:\Users\user\AppData\Local\Temp\,00405C6D,?,75923420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Confirm Me.exe"), ref: 00405F71
                                                                                  • GetFileAttributesW.KERNEL32(00425710,00425710,00425710,00425710,00425710,00425710,00000000,00425710,00425710,75923420,?,C:\Users\user\AppData\Local\Temp\,00405C6D,?,75923420,C:\Users\user\AppData\Local\Temp\), ref: 00405F81
                                                                                  Strings
                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F18
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                  • API String ID: 3248276644-823278215
                                                                                  • Opcode ID: db39f955a116f1e539d990513461dc7a207fa728de065fffbfa736c70f2b9a34
                                                                                  • Instruction ID: 8289fae0aeb6f8c8bb33a18b648b52325edb3dacd4d1dfbf908f72671121fed4
                                                                                  • Opcode Fuzzy Hash: db39f955a116f1e539d990513461dc7a207fa728de065fffbfa736c70f2b9a34
                                                                                  • Instruction Fuzzy Hash: 5EF0F435115E6326E722373A5C49AAF1A04CEC6324B59053BF8A5B22C1DF3C8D5389BE
                                                                                  Function 0040553A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • IsWindowVisible.USER32(?), ref: 00405569
                                                                                  • CallWindowProcW.USER32(?,?,?,?), ref: 004055BA
                                                                                    • Part of subcall function 0040450C: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040451E
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: Window$CallMessageProcSendVisible
                                                                                  • String ID:
                                                                                  • API String ID: 3748168415-3916222277
                                                                                  • Opcode ID: 8a6e7ab2b2ebc920f12c2d5b2b2096f2e9954bb0ec9a095f665350d4b71d8349
                                                                                  • Instruction ID: e9ac82e17096a71ceb81da4f6da7be56a9305aae285fff99253fdd5fe3b389a1
                                                                                  • Opcode Fuzzy Hash: 8a6e7ab2b2ebc920f12c2d5b2b2096f2e9954bb0ec9a095f665350d4b71d8349
                                                                                  • Instruction Fuzzy Hash: 6B017171200609BFDF315F11DD84AAB3A66FB84754F100037FA00B51E5C7BA8D52AE69
                                                                                  Function 0040640F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00421EE8,?,00000800,00000000,?,00421EE8,?,?,C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,?,00000000,00406680,80000002), ref: 00406455
                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00406460
                                                                                  Strings
                                                                                  • C:\Users\user\AppData\Roaming\InstallerPDW\install.exe, xrefs: 00406416
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: CloseQueryValue
                                                                                  • String ID: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe
                                                                                  • API String ID: 3356406503-1086682460
                                                                                  • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                  • Instruction ID: ab0cc6cc405738cc07c99bf25685dc2411b0540f073fb059e05756a610da7e73
                                                                                  • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                  • Instruction Fuzzy Hash: 4F015E72510209AADF218F51CC05EDB3BA8EB54354F01403AFD5992150D738D968DB94
                                                                                  Function 00403B7E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • FreeLibrary.KERNEL32(?,75923420,00000000,C:\Users\user\AppData\Local\Temp\,00403B56,00403A6C,?,?,00000008,0000000A,0000000C), ref: 00403B98
                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00403B9F
                                                                                  Strings
                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00403B7E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: Free$GlobalLibrary
                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                  • API String ID: 1100898210-823278215
                                                                                  • Opcode ID: 628ac1cb43285a1a84ac4c7f875ed8910a03c7a164280e3efa8a6a131abbe062
                                                                                  • Instruction ID: 6342289a3e1e3ca18c24491f6708bfd4349b13536718f8c5743bc800c8661b5d
                                                                                  • Opcode Fuzzy Hash: 628ac1cb43285a1a84ac4c7f875ed8910a03c7a164280e3efa8a6a131abbe062
                                                                                  • Instruction Fuzzy Hash: FBE08C329015205BC6211F19ED04B1A77B86F45B27F06402AE8807B26287B82C838FD8
                                                                                  Function 00405E5C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,0040310E,C:\Users\user\Desktop,C:\Users\user\Desktop,00437800,00437800,80000000,00000003), ref: 00405E62
                                                                                  • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,0040310E,C:\Users\user\Desktop,C:\Users\user\Desktop,00437800,00437800,80000000,00000003), ref: 00405E72
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: CharPrevlstrlen
                                                                                  • String ID: C:\Users\user\Desktop
                                                                                  • API String ID: 2709904686-1246513382
                                                                                  • Opcode ID: 4d9a109f9f2e29ac56c0736ccbd4fa6bf3a04a93e1f4050107f2eb61dc35f761
                                                                                  • Instruction ID: b9e9e75b8ba1df67f9f167ecd7c14c3df7ff164ad8267efb590a8552da577330
                                                                                  • Opcode Fuzzy Hash: 4d9a109f9f2e29ac56c0736ccbd4fa6bf3a04a93e1f4050107f2eb61dc35f761
                                                                                  • Instruction Fuzzy Hash: 81D0A7B3400930DAC3127718EC04D9F77ACEF1634074A443AE580B7165D7785D8186EC
                                                                                  Function 00405F96 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,0040627B,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA6
                                                                                  • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405FBE
                                                                                  • CharNextA.USER32(00000000,?,00000000,0040627B,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FCF
                                                                                  • lstrlenA.KERNEL32(00000000,?,00000000,0040627B,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD8
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2302571918.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.2302511722.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302649485.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2302744590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.2303038252.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_Confirm Me.jbxd
                                                                                  Similarity
                                                                                  • API ID: lstrlen$CharNextlstrcmpi
                                                                                  • String ID:
                                                                                  • API String ID: 190613189-0
                                                                                  • Opcode ID: 2e04212541fd7d2d0fc4f715182178ccf0de62a07a1c27cf83518a5c6c9cf375
                                                                                  • Instruction ID: c3aaa261a9e4bb9915bd58c77e7651ea6c0a11e303954dac61c17192ece284d7
                                                                                  • Opcode Fuzzy Hash: 2e04212541fd7d2d0fc4f715182178ccf0de62a07a1c27cf83518a5c6c9cf375
                                                                                  • Instruction Fuzzy Hash: F7F06231105459EFDB029BA5DD00D9EBBA8EF15254B2540BAE840F7250D678DE019B69

                                                                                  Execution Graph

                                                                                  Execution Coverage:23.2%
                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                  Signature Coverage:3.9%
                                                                                  Total number of Nodes:686
                                                                                  Total number of Limit Nodes:13
                                                                                  execution_graph 1727 404040 1728 404070 FindResourceExA 1727->1728 1729 40405a 1727->1729 1730 4040b4 LoadResource 1728->1730 1731 40426c SetLastError 1728->1731 1732 404110 atoi 1730->1732 1733 4040cd LockResource 1730->1733 1734 404284 fprintf 1731->1734 1735 404126 1732->1735 1736 404208 1732->1736 1733->1732 1740 4040de 1733->1740 1734->1732 1755 402cb0 1735->1755 1738 402cb0 45 API calls 1736->1738 1741 40413b 1738->1741 1739 404155 1742 4041a5 strcpy 1739->1742 1744 404168 1739->1744 1745 40423a 1739->1745 1740->1732 1740->1734 1743 404103 1740->1743 1741->1739 1748 402cb0 45 API calls 1741->1748 1746 4041c3 fprintf 1742->1746 1747 4041f4 1742->1747 1743->1732 1749 402cb0 45 API calls 1744->1749 1750 402cb0 45 API calls 1745->1750 1746->1747 1748->1739 1753 40417d 1749->1753 1750->1753 1752 404197 1752->1729 1752->1742 1753->1752 1754 402cb0 45 API calls 1753->1754 1754->1752 1756 402d50 FindResourceExA 1755->1756 1757 402cd3 1755->1757 1760 402d94 LoadResource 1756->1760 1761 402e39 SetLastError 1756->1761 1758 402d10 1757->1758 1759 402cd8 1757->1759 1765 402ce3 1758->1765 1766 402920 39 API calls 1758->1766 1759->1765 1767 402920 39 API calls 1759->1767 1762 402e00 atoi 1760->1762 1763 402dad LockResource 1760->1763 1761->1762 1762->1759 1763->1762 1769 402dbe 1763->1769 1764 402ce8 1764->1741 1765->1764 1772 402920 1765->1772 1766->1765 1767->1765 1769->1762 1771 402ddf fprintf 1769->1771 1770 402d26 1770->1741 1771->1762 1773 402970 RegOpenKeyExA 1772->1773 1774 402946 fprintf 1772->1774 1776 4029a4 1773->1776 1777 4029ac memset memset memset 1773->1777 1774->1773 1776->1770 1778 402a4f RegEnumKeyExA 1777->1778 1779 402aa9 strcpy strlen 1778->1779 1780 402c8b RegCloseKey 1778->1780 1781 402ac7 1779->1781 1782 402acd strcat 1779->1782 1780->1770 1781->1782 1783 402bf0 fprintf 1782->1783 1784 402aec strchr 1782->1784 1783->1770 1785 402b07 strlen 1784->1785 1786 402b1b strcpy 1784->1786 1785->1786 1787 402c30 strncpy strlen strcat 1785->1787 1788 402b33 strcmp 1786->1788 1787->1788 1793 402a37 1788->1793 1789 402bd6 fprintf 1789->1770 1790 402a18 strcmp 1791 402b5f strcmp 1790->1791 1790->1793 1791->1793 1793->1778 1793->1789 1793->1790 1793->1791 1795 402b98 strcpy strcpy 1793->1795 1796 4027a0 memset RegOpenKeyExA 1793->1796 1795->1789 1795->1793 1797 402830 memset RegQueryValueExA 1796->1797 1798 402814 1796->1798 1799 4028ed RegCloseKey 1797->1799 1801 402894 1797->1801 1798->1793 1799->1798 1800 402906 strcpy 1799->1800 1800->1798 1801->1801 1802 4028e3 1801->1802 1803 4028bd strlen 1801->1803 1808 402690 memset 1802->1808 1805 4028d2 strcat 1803->1805 1806 4028cc 1803->1806 1805->1802 1806->1805 1809 402708 strcpy 1808->1809 1810 4026c9 1808->1810 1812 402776 strlen 1809->1812 1813 40271e strlen 1809->1813 1811 4026f9 1810->1811 1814 4026e0 fprintf 1810->1814 1815 4026db 1810->1815 1811->1799 1816 40272d strcat _stat 1812->1816 1813->1816 1814->1811 1815->1814 1816->1810 1818 402762 SetLastError 1816->1818 1818->1810 2149 401000 2150 401061 2149->2150 2151 40101e 2149->2151 2152 40102a signal 2150->2152 2154 401025 2150->2154 2155 401087 2150->2155 2153 401080 2151->2153 2151->2154 2157 4010bb signal 2152->2157 2160 401041 2152->2160 2153->2155 2156 4010e2 signal 2153->2156 2154->2152 2159 401071 2154->2159 2155->2160 2161 40108e signal 2155->2161 2158 401129 signal 2156->2158 2156->2160 2157->2160 2158->2160 2161->2160 2162 40110f signal 2161->2162 2162->2160 2163 403700 GlobalMemoryStatusEx 2168 4033f0 FindResourceExA 2163->2168 2166 4033f0 18 API calls 2167 403781 2166->2167 2169 403450 LoadResource 2168->2169 2170 4036e8 SetLastError 2168->2170 2171 4034c0 atoi FindResourceExA 2169->2171 2172 403468 LockResource 2169->2172 2173 4036d0 SetLastError 2171->2173 2174 40350e LoadResource 2171->2174 2172->2171 2178 403479 2172->2178 2173->2170 2175 403580 atoi 2174->2175 2176 403527 LockResource 2174->2176 2183 4035ce 2175->2183 2176->2175 2177 403538 2176->2177 2177->2175 2181 40355f fprintf 2177->2181 2178->2171 2179 40349f fprintf 2178->2179 2179->2171 2180 403651 2180->2166 2181->2175 2182 403604 2185 40366a fprintf 2182->2185 2186 40360d strcat strlen _itoa strlen 2182->2186 2183->2180 2183->2182 2184 4036a7 fprintf 2183->2184 2184->2182 2185->2186 2186->2180 1819 401dc5 1820 401dd0 GetModuleHandleA GetProcAddress 1819->1820 1821 401e00 GetCurrentProcess 1820->1821 1822 401e13 1820->1822 1821->1822 1823 401e48 1822->1823 1824 401e33 fprintf 1822->1824 1824->1823 2187 401b87 memset strncpy strlen fopen 1825 40124a _setmode 1826 4011bb 1825->1826 1827 4011e0 1826->1827 1828 4011c0 _setmode 1826->1828 1829 401200 __p__fmode 1827->1829 1830 4011e5 _setmode 1827->1830 1828->1827 1831 406b30 1829->1831 1830->1829 1832 401212 __p__environ 1831->1832 1833 406a10 427 API calls 1832->1833 1834 401237 _cexit ExitProcess 1833->1834 1835 40334c 1836 403350 GetCurrentDirectoryA 1835->1836 1850 40320b 1836->1850 1837 4032f0 fprintf 1837->1850 1838 403160 strchr 1840 40317b strchr 1838->1840 1841 4033cc strcat 1838->1841 1839 4032e0 1840->1839 1842 40319d strncat strncat strlen 1840->1842 1841->1839 1843 403317 strncat 1842->1843 1842->1850 1843->1850 1844 403335 strcat 1844->1836 1844->1850 1845 403377 strcat 1845->1850 1846 40326c strstr 1847 403291 GetEnvironmentVariableA 1846->1847 1846->1850 1849 4033b2 strcat 1847->1849 1847->1850 1849->1850 1850->1836 1850->1837 1850->1838 1850->1839 1850->1844 1850->1845 1850->1846 1851 4023b0 strstr 1850->1851 1852 4023d6 strstr 1851->1852 1853 402448 strchr strrchr 1851->1853 1852->1853 1856 4023f0 strstr 1852->1856 1854 402503 RegOpenKeyExA 1853->1854 1855 402485 RegOpenKeyExA 1853->1855 1858 4024ae RegQueryValueExA RegCloseKey 1854->1858 1859 40252c 1854->1859 1857 4024f4 1855->1857 1855->1858 1856->1853 1860 40240a strstr 1856->1860 1857->1850 1858->1857 1859->1855 1860->1853 1861 402424 strstr 1860->1861 1861->1853 1862 40243e 1861->1862 1862->1850 1863 4030cc 1864 4030d0 strcat strlen 1863->1864 1865 401fcc 1866 401fd0 FormatMessageA 1865->1866 1867 402013 strlen strcat LocalFree 1866->1867 1868 402096 fprintf 1866->1868 1868->1867 1869 402e4e 1870 402e50 1869->1870 1871 402e70 1870->1871 1872 402ea1 1870->1872 1873 402cb0 45 API calls 1871->1873 1874 402cb0 45 API calls 1872->1874 1875 402e81 1873->1875 1874->1875 1507 401290 __set_app_type 1510 401150 SetUnhandledExceptionFilter 1507->1510 1524 406b60 1510->1524 1512 40116e __getmainargs 1513 401200 __p__fmode 1512->1513 1514 4011a8 1512->1514 1525 406b30 1513->1525 1516 4011bb 1514->1516 1520 40124a _setmode 1514->1520 1517 4011e0 1516->1517 1518 4011c0 _setmode 1516->1518 1517->1513 1521 4011e5 _setmode 1517->1521 1518->1517 1520->1516 1521->1513 1524->1512 1526 401212 __p__environ 1525->1526 1527 406a10 1526->1527 1528 406a24 1527->1528 1529 406a29 GetCommandLineA GetStartupInfoA 1528->1529 1530 406a42 GetModuleHandleA 1529->1530 1532 406b00 1530->1532 1535 4013b0 1532->1535 1592 405d30 1535->1592 1537 4013c7 1538 4013d2 1537->1538 1539 40185b memset 1537->1539 1540 4013d5 1538->1540 1682 4021a0 FindResourceExA 1538->1682 1541 4020c0 5 API calls 1539->1541 1696 401ed0 GetLastError 1540->1696 1544 401888 1541->1544 1547 4018bc FindWindowExA 1544->1547 1551 40188e ShowWindow SetForegroundWindow 1544->1551 1553 4018e9 GetWindowTextA strstr 1544->1553 1545 4013fc 1548 401402 strstr 1545->1548 1549 40141b 1545->1549 1546 4013da 1550 401237 _cexit ExitProcess 1546->1550 1547->1544 1548->1549 1554 4021a0 5 API calls 1549->1554 1552 401c10 fclose 1551->1552 1552->1544 1553->1551 1555 401915 FindWindowExA 1553->1555 1556 40142f 1554->1556 1555->1544 1555->1553 1557 40143c 1556->1557 1558 4021a0 5 API calls 1556->1558 1559 401458 CreateWindowExA 1557->1559 1561 401591 1557->1561 1560 4015f5 1558->1560 1562 401616 1559->1562 1583 4014cc 1559->1583 1560->1557 1563 4015fd strstr 1560->1563 1565 4014d6 SetTimer 1561->1565 1566 4017ee 1561->1566 1587 40159b fprintf 1561->1587 1588 4015cc 1561->1588 1712 406830 CloseHandle CloseHandle 1561->1712 1716 4020c0 FindResourceExA 1562->1716 1563->1557 1563->1562 1565->1540 1565->1583 1571 401837 fwrite 1566->1571 1572 4017fc 1566->1572 1567 401642 1569 401646 atoi 1567->1569 1570 40165d 1567->1570 1569->1570 1573 4021a0 5 API calls 1570->1573 1571->1572 1724 406830 CloseHandle CloseHandle 1572->1724 1575 401686 1573->1575 1577 4016a3 1575->1577 1578 40168a strstr 1575->1578 1576 401801 1580 401c10 fclose 1576->1580 1581 4021a0 5 API calls 1577->1581 1578->1577 1579 40155d GetMessageA 1582 401547 TranslateMessage DispatchMessageA 1579->1582 1579->1583 1580->1546 1584 4016b9 LoadImageA 1581->1584 1582->1579 1583->1540 1583->1561 1583->1565 1583->1566 1583->1579 1689 406860 1583->1689 1584->1540 1586 4016f4 7 API calls 1584->1586 1586->1561 1587->1561 1589 401817 fprintf 1588->1589 1590 4015da 1588->1590 1589->1571 1713 401c10 1590->1713 1725 406c70 1592->1725 1594 405d3d GetModuleHandleA 1595 405d70 memset GetModuleFileNameA 1594->1595 1596 405d60 1594->1596 1597 406350 1595->1597 1598 405df8 strrchr 1595->1598 1596->1537 1597->1537 1598->1597 1599 405e1c 1598->1599 1600 401c30 12 API calls 1599->1600 1601 405e35 1600->1601 1601->1596 1602 405e3f GetModuleHandleA GetProcAddress 1601->1602 1603 405e68 GetCurrentProcess 1602->1603 1604 405e7b 1602->1604 1603->1604 1605 405eb0 FindResourceExA 1604->1605 1606 405e96 1604->1606 1607 405e9b fprintf 1604->1607 1608 405ee3 LoadResource 1605->1608 1609 40638b SetLastError 1605->1609 1606->1607 1607->1605 1610 405f35 FindResourceExA 1608->1610 1611 405efc LockResource 1608->1611 1612 4063a6 SetLastError 1609->1612 1610->1612 1613 405f68 LoadResource 1610->1613 1611->1610 1614 405f0d 1611->1614 1619 4063c1 SetLastError 1612->1619 1615 405f81 LockResource 1613->1615 1616 405fba FindResourceExA 1613->1616 1614->1610 1624 40641f fprintf 1614->1624 1615->1616 1622 405f92 1615->1622 1617 406361 SetLastError 1616->1617 1618 405fed LoadResource 1616->1618 1646 406323 1617->1646 1620 40600a LockResource 1618->1620 1618->1646 1621 4063dc SetLastError 1619->1621 1629 40601f 1620->1629 1620->1646 1626 4063f7 fprintf 1621->1626 1622->1616 1627 406447 fprintf 1622->1627 1623 40632c fprintf 1623->1597 1624->1610 1628 406047 memset FindResourceExA 1626->1628 1627->1616 1628->1619 1630 406097 LoadResource 1628->1630 1629->1626 1629->1628 1631 4060b0 LockResource 1630->1631 1632 4060c1 1630->1632 1631->1632 1633 406138 memset memset GetCurrentDirectoryA FindResourceExA 1632->1633 1634 4060ef CreateMutexA GetLastError 1632->1634 1643 406796 fprintf 1632->1643 1633->1621 1636 4061bd LoadResource 1633->1636 1634->1633 1635 40646f 1634->1635 1637 406482 fprintf 1635->1637 1638 406478 1635->1638 1639 406266 1636->1639 1640 4061da LockResource 1636->1640 1637->1596 1638->1596 1641 404740 162 API calls 1639->1641 1640->1639 1648 4061eb 1640->1648 1642 406278 1641->1642 1642->1596 1644 406282 6 API calls 1642->1644 1643->1632 1645 4064c0 strlen strcat SetEnvironmentVariableA 1644->1645 1644->1646 1645->1646 1649 406502 1645->1649 1646->1597 1646->1623 1647 406214 strncpy strlen 1651 406239 1647->1651 1652 40623f strcat _chdir 1647->1652 1648->1647 1650 4067b9 fprintf 1648->1650 1654 4051e0 38 API calls 1649->1654 1650->1647 1651->1652 1652->1639 1653 4064a6 fprintf 1652->1653 1653->1639 1655 406514 FindResourceExA 1654->1655 1656 406811 SetLastError 1655->1656 1657 40655b LoadResource 1655->1657 1658 4065c4 atoi 1657->1658 1659 406574 LockResource 1657->1659 1660 4067e2 strlen 1658->1660 1661 4065df strlen 1658->1661 1659->1658 1666 406585 1659->1666 1664 4067f7 1660->1664 1662 406600 strcat GlobalMemoryStatusEx 1661->1662 1663 4065f4 1661->1663 1665 4033f0 18 API calls 1662->1665 1663->1662 1664->1656 1667 406671 1665->1667 1666->1658 1668 4065a6 fprintf 1666->1668 1669 4033f0 18 API calls 1667->1669 1668->1658 1670 4066af memset 1669->1670 1671 403790 16 API calls 1670->1671 1672 4066d6 1671->1672 1673 403100 27 API calls 1672->1673 1674 4066fa 1673->1674 1675 405390 85 API calls 1674->1675 1676 406706 1675->1676 1677 405b60 14 API calls 1676->1677 1678 406711 1677->1678 1678->1638 1679 406724 fprintf 1678->1679 1679->1638 1680 406747 fprintf 1679->1680 1680->1638 1681 40676b strlen fprintf 1680->1681 1681->1596 1683 40227d SetLastError 1682->1683 1684 4021ed LoadResource 1682->1684 1683->1545 1685 402260 1684->1685 1686 402206 LockResource 1684->1686 1685->1545 1686->1685 1687 402217 1686->1687 1687->1685 1688 40223f fprintf 1687->1688 1688->1685 1690 406c70 1689->1690 1691 406870 6 API calls 1690->1691 1692 406970 1691->1692 1693 40694d 1691->1693 1692->1583 1694 406983 WaitForSingleObject GetExitCodeProcess CloseHandle CloseHandle 1693->1694 1695 406954 1693->1695 1694->1695 1695->1583 1697 402058 fprintf 1696->1697 1698 401eeb 1696->1698 1700 402077 fprintf 1697->1700 1699 401fd0 FormatMessageA 1698->1699 1701 401fa0 MessageBoxA 1698->1701 1702 401f01 1698->1702 1703 402013 strlen strcat LocalFree 1699->1703 1704 402096 fprintf 1699->1704 1700->1704 1701->1699 1707 401f16 1701->1707 1705 401f70 printf 1702->1705 1706 401f0a puts 1702->1706 1703->1546 1704->1703 1705->1707 1706->1707 1707->1700 1708 401f62 1707->1708 1709 401f2c ShellExecuteA 1707->1709 1710 401f90 fclose 1708->1710 1711 401f6b 1708->1711 1709->1708 1710->1546 1711->1546 1712->1561 1714 401c21 fclose 1713->1714 1715 401c1f 1713->1715 1714->1546 1715->1546 1717 40215b SetLastError 1716->1717 1718 4020fb LoadResource 1716->1718 1719 402170 1717->1719 1718->1719 1720 402114 LockResource 1718->1720 1719->1567 1720->1719 1721 402125 1720->1721 1722 40214f 1721->1722 1723 402179 fprintf 1721->1723 1722->1567 1723->1722 1724->1576 1726 406c76 1725->1726 1882 402e50 1883 402e70 1882->1883 1884 402ea1 1882->1884 1885 402cb0 45 API calls 1883->1885 1886 402cb0 45 API calls 1884->1886 1887 402e81 1885->1887 1886->1887 1888 401dd0 GetModuleHandleA GetProcAddress 1889 401e00 GetCurrentProcess 1888->1889 1891 401e13 1888->1891 1889->1891 1890 401e48 1891->1890 1892 401e33 fprintf 1891->1892 1892->1890 1893 4030d0 strcat strlen 1894 4012d0 memset 1895 4020c0 5 API calls 1894->1895 1896 401309 1895->1896 1897 401311 FindWindowExA 1896->1897 1898 40138d 1896->1898 1897->1898 1899 401338 1897->1899 1900 401340 GetWindowTextA strstr 1899->1900 1901 401397 1900->1901 1902 401368 FindWindowExA 1900->1902 1902->1898 1902->1900 1903 4050d0 1904 406c70 1903->1904 1905 4050e0 6 API calls 1904->1905 1906 4051a0 strlen strcat SetEnvironmentVariableA 1905->1906 1907 40516e 1905->1907 1906->1907 1910 4051d6 1906->1910 1908 405183 fprintf 1907->1908 1909 405177 1907->1909 1908->1909 2193 405010 2194 406c70 2193->2194 2195 40501d memset GetEnvironmentVariableA strlen 2194->2195 2196 405086 strlen strcat SetEnvironmentVariableA 2195->2196 2197 405077 2195->2197 1911 403659 1912 403660 1911->1912 1913 40366a fprintf 1912->1913 1914 40360d strcat strlen _itoa strlen 1912->1914 1913->1914 1915 403651 1914->1915 1916 401959 1917 401960 GetWindowThreadProcessId 1916->1917 1918 401993 GetWindowLongA 1917->1918 1919 401987 1917->1919 1918->1919 1920 4019ae ShowWindow 1918->1920 1920->1919 1921 405cdc 1927 405c6c 1921->1927 1922 405c50 strcpy strstr 1923 405ca5 1922->1923 1922->1927 1924 405c40 1923->1924 1925 405cae strlen strcat 1923->1925 1925->1924 1926 405c70 strchr 1926->1927 1928 405c8b strstr 1926->1928 1927->1922 1927->1926 1927->1928 1928->1923 1928->1926 2198 40261c 2199 402620 2198->2199 2200 402660 strlen 2199->2200 2201 402633 strlen 2199->2201 2202 402675 strcat 2200->2202 2203 40266f 2200->2203 2204 402642 2201->2204 2205 402648 strcat 2201->2205 2203->2202 2204->2205 2206 406a9c 2207 406aa0 GetModuleHandleA 2206->2207 2209 406b00 2207->2209 2210 4013b0 424 API calls 2209->2210 2211 406b1a 2210->2211 1929 4052de 1930 4052e0 SetEnvironmentVariableA 1929->1930 1931 4052ff strtok 1930->1931 1932 405364 1931->1932 1933 40530a strchr 1931->1933 1937 403100 1933->1937 1936 405346 fprintf 1936->1930 1938 406c70 1937->1938 1939 403110 memset memset 1938->1939 1940 4032e0 1939->1940 1941 40315f 1939->1941 1940->1930 1940->1936 1941->1940 1942 403160 strchr 1941->1942 1947 403335 strcat 1941->1947 1948 403350 GetCurrentDirectoryA 1941->1948 1949 4032f0 fprintf 1941->1949 1950 403377 strcat 1941->1950 1951 40326c strstr 1941->1951 1953 4023b0 11 API calls 1941->1953 1943 40317b strchr 1942->1943 1944 4033cc strcat 1942->1944 1943->1940 1945 40319d strncat strncat strlen 1943->1945 1944->1940 1945->1941 1946 403317 strncat 1945->1946 1946->1941 1947->1941 1947->1948 1948->1941 1949->1941 1950->1941 1951->1941 1952 403291 GetEnvironmentVariableA 1951->1952 1952->1941 1954 4033b2 strcat 1952->1954 1953->1941 1954->1941 1955 402ede 1956 402ee0 1955->1956 1957 402ff0 1956->1957 1958 402ef7 1956->1958 1959 402cb0 45 API calls 1957->1959 1960 402cb0 45 API calls 1958->1960 1962 403005 1959->1962 1961 402f0c 1960->1961 1963 402f26 1961->1963 1964 402cb0 45 API calls 1961->1964 1962->1963 1966 402cb0 45 API calls 1962->1966 1965 402f90 strcpy 1963->1965 1967 402f43 1963->1967 1968 403027 1963->1968 1964->1963 1969 402fad fprintf 1965->1969 1970 402fde 1965->1970 1966->1963 1971 402cb0 45 API calls 1967->1971 1972 402cb0 45 API calls 1968->1972 1969->1970 1974 402f58 1971->1974 1975 40303c 1972->1975 1977 402cb0 45 API calls 1974->1977 1978 402f76 1974->1978 1976 402cb0 45 API calls 1975->1976 1975->1978 1976->1978 1977->1978 1978->1965 1978->1970 1979 401e60 1980 401ea0 MessageBoxA 1979->1980 1982 401e73 printf 1979->1982 1983 401960 GetWindowThreadProcessId 1984 401993 GetWindowLongA 1983->1984 1985 401987 1983->1985 1984->1985 1986 4019ae ShowWindow 1984->1986 1986->1985 1987 4019e0 1988 401a20 GetExitCodeProcess 1987->1988 1989 4019ef 1987->1989 1990 401a73 1988->1990 1991 401a46 KillTimer PostQuitMessage 1988->1991 1992 401a90 ShowWindow 1989->1992 1993 4019fc 1989->1993 1990->1991 1996 401a6f 1990->1996 1991->1996 1992->1988 1997 401abd 1992->1997 1994 401b00 EnumWindows 1993->1994 1995 401a12 1993->1995 1994->1988 1995->1988 1997->1988 1998 401acb KillTimer 1997->1998 1999 401ed0 13 API calls 1998->1999 2000 401ae7 PostQuitMessage 1999->2000 2000->1988 2001 402ee0 2002 402ff0 2001->2002 2003 402ef7 2001->2003 2004 402cb0 45 API calls 2002->2004 2005 402cb0 45 API calls 2003->2005 2007 403005 2004->2007 2006 402f0c 2005->2006 2008 402f26 2006->2008 2009 402cb0 45 API calls 2006->2009 2007->2008 2011 402cb0 45 API calls 2007->2011 2010 402f90 strcpy 2008->2010 2012 402f43 2008->2012 2013 403027 2008->2013 2009->2008 2014 402fad fprintf 2010->2014 2015 402fde 2010->2015 2011->2008 2016 402cb0 45 API calls 2012->2016 2017 402cb0 45 API calls 2013->2017 2014->2015 2019 402f58 2016->2019 2020 40303c 2017->2020 2022 402cb0 45 API calls 2019->2022 2023 402f76 2019->2023 2021 402cb0 45 API calls 2020->2021 2020->2023 2021->2023 2022->2023 2023->2010 2023->2015 2024 4025e0 strlen 2025 402601 2024->2025 2212 402620 2213 402660 strlen 2212->2213 2214 402633 strlen 2212->2214 2215 402675 strcat 2213->2215 2216 40266f 2213->2216 2217 402642 2214->2217 2218 402648 strcat 2214->2218 2216->2215 2217->2218 2219 401b20 GetModuleHandleA 2220 401b40 2219->2220 2026 404069 2027 404070 FindResourceExA 2026->2027 2028 4040b4 LoadResource 2027->2028 2029 40426c SetLastError 2027->2029 2030 404110 atoi 2028->2030 2031 4040cd LockResource 2028->2031 2032 404284 fprintf 2029->2032 2033 404126 2030->2033 2034 404208 2030->2034 2031->2030 2038 4040de 2031->2038 2032->2030 2035 402cb0 45 API calls 2033->2035 2036 402cb0 45 API calls 2034->2036 2039 40413b 2035->2039 2036->2039 2037 404155 2040 4041a5 strcpy 2037->2040 2042 404168 2037->2042 2043 40423a 2037->2043 2038->2030 2038->2032 2041 404103 2038->2041 2039->2037 2046 402cb0 45 API calls 2039->2046 2044 4041c3 fprintf 2040->2044 2045 4041f4 2040->2045 2041->2030 2047 402cb0 45 API calls 2042->2047 2048 402cb0 45 API calls 2043->2048 2044->2045 2046->2037 2051 40417d 2047->2051 2048->2051 2050 404197 2050->2040 2052 40405a 2050->2052 2051->2050 2053 402cb0 45 API calls 2051->2053 2053->2050 2054 401269 2055 401270 __set_app_type 2054->2055 2056 401150 436 API calls 2055->2056 2057 401288 2056->2057 2058 4013e9 2059 4013f0 2058->2059 2060 4021a0 5 API calls 2059->2060 2061 4013fc 2060->2061 2062 401402 strstr 2061->2062 2063 40141b 2061->2063 2062->2063 2064 4021a0 5 API calls 2063->2064 2065 40142f 2064->2065 2066 40143c 2065->2066 2067 4021a0 5 API calls 2065->2067 2068 401458 CreateWindowExA 2066->2068 2080 4014cc 2066->2080 2069 4015f5 2067->2069 2070 401616 2068->2070 2068->2080 2069->2066 2071 4015fd strstr 2069->2071 2072 4020c0 5 API calls 2070->2072 2071->2066 2071->2070 2075 401642 2072->2075 2073 4014d6 SetTimer 2076 4013d5 2073->2076 2073->2080 2074 4017ee 2082 401837 fwrite 2074->2082 2083 4017fc 2074->2083 2078 401646 atoi 2075->2078 2079 40165d 2075->2079 2081 401ed0 13 API calls 2076->2081 2077 406860 10 API calls 2077->2080 2078->2079 2084 4021a0 5 API calls 2079->2084 2080->2073 2080->2074 2080->2076 2080->2077 2090 40155d GetMessageA 2080->2090 2097 40159b fprintf 2080->2097 2098 4015cc 2080->2098 2103 406830 CloseHandle CloseHandle 2080->2103 2102 4013da 2081->2102 2082->2083 2104 406830 CloseHandle CloseHandle 2083->2104 2086 401686 2084->2086 2088 4016a3 2086->2088 2089 40168a strstr 2086->2089 2087 401801 2091 401c10 fclose 2087->2091 2092 4021a0 5 API calls 2088->2092 2089->2088 2090->2080 2093 401547 TranslateMessage DispatchMessageA 2090->2093 2091->2102 2094 4016b9 LoadImageA 2092->2094 2093->2090 2094->2076 2096 4016f4 7 API calls 2094->2096 2096->2080 2097->2080 2099 401817 fprintf 2098->2099 2100 4015da 2098->2100 2099->2082 2101 401c10 fclose 2100->2101 2101->2102 2103->2080 2104->2087 2221 402829 2222 402830 memset RegQueryValueExA 2221->2222 2223 4028ed RegCloseKey 2222->2223 2225 402894 2222->2225 2224 402906 strcpy 2223->2224 2226 402814 2223->2226 2224->2226 2225->2225 2227 4028e3 2225->2227 2228 4028bd strlen 2225->2228 2229 402690 8 API calls 2227->2229 2230 4028d2 strcat 2228->2230 2231 4028cc 2228->2231 2232 4028eb 2229->2232 2230->2227 2231->2230 2232->2223 2105 402bec 2106 402bf0 fprintf 2105->2106 2107 401270 __set_app_type 2108 401150 436 API calls 2107->2108 2109 401288 2108->2109 2233 4022b0 FindResourceExA 2234 4022fd LoadResource 2233->2234 2235 40237f SetLastError atoi 2233->2235 2236 402370 atoi 2234->2236 2237 402316 LockResource 2234->2237 2237->2236 2238 402327 2237->2238 2238->2236 2239 40234f fprintf 2238->2239 2239->2236 2110 403071 2111 403080 GetModuleFileNameA 2110->2111 2112 4030b0 strrchr 2111->2112 2113 4030c5 2111->2113 2112->2113 2114 4039f1 2115 403a00 memset FindResourceExA 2114->2115 2116 403b38 SetLastError 2115->2116 2117 403a5a LoadResource 2115->2117 2118 403ad0 2116->2118 2119 403ad9 2116->2119 2117->2118 2120 403a72 LockResource 2117->2120 2118->2119 2121 403ae3 CreateMutexA GetLastError 2118->2121 2120->2118 2125 403a83 2120->2125 2121->2119 2122 403b28 2121->2122 2123 403b31 2122->2123 2124 403b59 fprintf 2122->2124 2124->2123 2125->2118 2126 403aaf fprintf 2125->2126 2126->2118 2240 402531 2241 402540 strchr 2240->2241 2242 40257d 2241->2242 2243 40256d strlen 2241->2243 2244 402597 strncpy strlen 2242->2244 2243->2242 2243->2244 2127 403b77 memset memset GetCurrentDirectoryA FindResourceExA 2128 403c10 LoadResource 2127->2128 2129 403cd7 SetLastError 2127->2129 2130 403cd0 2128->2130 2131 403c2d LockResource 2128->2131 2131->2130 2133 403c42 2131->2133 2132 403c73 strncpy strlen 2135 403c98 2132->2135 2136 403c9e strcat _chdir 2132->2136 2133->2132 2134 403cf4 fprintf 2133->2134 2134->2132 2135->2136 2136->2130 2137 403cbb fprintf 2136->2137 2137->2130 2138 401afc 2139 401b00 EnumWindows 2138->2139 2140 401a20 GetExitCodeProcess 2139->2140 2141 401a73 2140->2141 2142 401a46 KillTimer PostQuitMessage 2140->2142 2141->2142 2143 401a6f 2141->2143 2142->2143 2144 40397e 2145 403900 2144->2145 2146 403968 _close 2145->2146 2147 403957 strlen 2145->2147 2148 403976 2146->2148 2147->2146

                                                                                  Callgraph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  • Opacity -> Relevance
                                                                                  • Disassembly available
                                                                                  callgraph 0 Function_00404040 97 Function_00402CB0 0->97 1 Function_00404740 37 Function_00403D20 1->37 96 Function_004042B0 1->96 1->97 2 Function_00401149 3 Function_0040124A 31 Function_00406A10 3->31 48 Function_00406B30 3->48 4 Function_0040334C 100 Function_004023B0 4->100 5 Function_00402E4E 5->97 6 Function_00402E50 6->97 7 Function_00401E50 8 Function_00401150 17 Function_00406B60 8->17 8->31 8->48 9 Function_00403659 10 Function_00406859 11 Function_00401959 12 Function_00405B5E 13 Function_00401E60 14 Function_00401960 15 Function_00406860 22 Function_00406C70 15->22 16 Function_00405B60 16->22 18 Function_00404069 18->97 19 Function_00401269 19->8 20 Function_00401270 20->8 21 Function_00406B70 23 Function_00403071 24 Function_00403B77 25 Function_0040397E 26 Function_00406C00 98 Function_004012B0 26->98 27 Function_00401000 27->17 28 Function_00406A00 29 Function_00403100 29->22 29->100 30 Function_00403700 72 Function_004033F0 30->72 31->22 31->26 95 Function_004013B0 31->95 32 Function_00401C10 33 Function_00405010 33->22 34 Function_00403D17 35 Function_0040261C 36 Function_0040291C 37->22 37->29 84 Function_00402690 37->84 38 Function_00402620 39 Function_00401B20 40 Function_00402920 92 Function_004027A0 40->92 41 Function_00402829 41->84 42 Function_00401C2C 43 Function_0040682C 44 Function_00405D2C 45 Function_00405D30 45->1 45->16 45->22 45->29 46 Function_00401C30 45->46 63 Function_004051E0 45->63 45->72 82 Function_00405390 45->82 83 Function_00403790 45->83 46->22 47 Function_00406830 49 Function_00402531 50 Function_004020C0 51 Function_00401DC5 52 Function_004030CC 53 Function_00401FCC 54 Function_00406ACE 54->95 55 Function_00401DD0 56 Function_004030D0 57 Function_00401ED0 58 Function_004012D0 58->50 59 Function_004050D0 59->22 60 Function_00405CDC 61 Function_004052DE 61->29 62 Function_00402EDE 62->97 63->22 63->29 64 Function_004019E0 64->57 65 Function_00402EE0 65->97 66 Function_004025E0 67 Function_004069E0 68 Function_004033E5 69 Function_00406CE9 70 Function_004013E9 70->15 70->32 70->47 70->50 70->57 93 Function_004021A0 70->93 71 Function_00402BEC 91 Function_00406CA0 72->91 73 Function_004069F0 74 Function_004039F1 75 Function_00406BF9 76 Function_00401AFC 77 Function_00401B87 78 Function_00405387 79 Function_00403789 80 Function_0040268C 81 Function_0040398E 82->22 82->29 85 Function_00401290 85->8 86 Function_00402199 87 Function_00402799 88 Function_00406B99 88->98 89 Function_00406A9C 89->95 90 Function_00406BA0 90->98 92->84 94 Function_004042A7 95->15 95->32 95->45 95->47 95->50 95->57 95->93 97->40 99 Function_004022B0 101 Function_004020B9 102 Function_004012BC

                                                                                  Executed Functions

                                                                                  Function 00405D30 Relevance: 163.4, APIs: 70, Strings: 23, Instructions: 688librarystringloaderCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 0 405d30-405d5e call 406c70 GetModuleHandleA 3 405d70-405df2 memset GetModuleFileNameA 0->3 4 405d60-405d6e 0->4 5 406350-406360 3->5 6 405df8-405e16 strrchr 3->6 6->5 7 405e1c-405e39 call 401c30 6->7 7->4 10 405e3f-405e66 GetModuleHandleA GetProcAddress 7->10 11 405e68-405e7b GetCurrentProcess 10->11 12 405e7e-405e85 10->12 11->12 13 405eb0-405edd FindResourceExA 12->13 14 405e87-405e94 12->14 18 405ee3-405efa LoadResource 13->18 19 40638b-40639e SetLastError 13->19 16 405e96 14->16 17 405e9b-405eab fprintf 14->17 16->17 17->13 20 405f35-405f62 FindResourceExA 18->20 21 405efc-405f0b LockResource 18->21 22 4063a6-4063b9 SetLastError 19->22 20->22 23 405f68-405f7f LoadResource 20->23 21->20 24 405f0d 21->24 32 4063c1-4063d4 SetLastError 22->32 25 405f81-405f90 LockResource 23->25 26 405fba-405fe7 FindResourceExA 23->26 27 405f0f-405f1c 24->27 25->26 28 405f92 25->28 29 406361-406374 SetLastError 26->29 30 405fed-406004 LoadResource 26->30 27->27 31 405f1e-405f26 27->31 33 405f94-405fa1 28->33 34 406377-40637e 29->34 30->34 35 40600a-406019 LockResource 30->35 31->20 36 405f28-405f2f 31->36 37 4063dc-4063ef SetLastError 32->37 33->33 38 405fa3-405fab 33->38 34->5 40 406380-406389 34->40 35->34 39 40601f 35->39 36->20 41 40641f-406442 fprintf 36->41 45 4063f7-40641a fprintf 37->45 38->26 42 405fad-405fb4 38->42 43 406021-40602e 39->43 44 406335-406349 fprintf 40->44 41->20 42->26 46 406447-40646a fprintf 42->46 43->43 47 406030-406038 43->47 44->5 48 406047-406091 memset FindResourceExA 45->48 46->26 47->48 49 40603a-406041 47->49 48->32 50 406097-4060ae LoadResource 48->50 49->45 49->48 51 4060b0-4060bf LockResource 50->51 52 4060e6-4060ed 50->52 51->52 53 4060c1 51->53 54 406138-4061b7 memset * 2 GetCurrentDirectoryA FindResourceExA 52->54 55 4060ef-406132 CreateMutexA GetLastError 52->55 56 4060c3-4060cd 53->56 54->37 58 4061bd-4061d4 LoadResource 54->58 55->54 57 40646f-406476 55->57 56->56 59 4060cf-4060d7 56->59 60 406482-4064a1 fprintf 57->60 61 406478-40647d 57->61 62 406266-40627c call 404740 58->62 63 4061da-4061e9 LockResource 58->63 59->52 65 4060d9-4060e0 59->65 60->4 61->4 62->4 70 406282-40631d memset strcpy strlen memset GetEnvironmentVariableA strlen 62->70 63->62 66 4061eb 63->66 65->52 68 406796-4067b4 fprintf 65->68 69 4061ed-4061fb 66->69 68->52 69->69 71 4061fd-406205 69->71 72 4064c0-4064fc strlen strcat SetEnvironmentVariableA 70->72 73 406323-40632a 70->73 74 406214-406237 strncpy strlen 71->74 75 406207-40620e 71->75 72->73 77 406502-406555 call 4051e0 FindResourceExA 72->77 73->5 76 40632c-406331 73->76 79 406239 74->79 80 40623f-406260 strcat _chdir 74->80 75->74 78 4067b9-4067dd fprintf 75->78 76->44 84 406811-406824 SetLastError 77->84 85 40655b-406572 LoadResource 77->85 78->74 79->80 80->62 81 4064a6-4064bb fprintf 80->81 81->62 86 4065c4-4065d9 atoi 85->86 87 406574-406583 LockResource 85->87 89 4067e2-4067f5 strlen 86->89 90 4065df-4065f2 strlen 86->90 87->86 88 406585 87->88 91 406587-406591 88->91 94 406803-406808 89->94 95 4067f7-4067fc 89->95 92 406600-406701 strcat GlobalMemoryStatusEx call 4033f0 * 2 memset call 403790 call 403100 call 405390 90->92 93 4065f4-4065f9 90->93 91->91 96 406593-40659b 91->96 108 406706-406718 call 405b60 92->108 93->92 94->84 95->94 96->86 98 40659d-4065a4 96->98 98->86 100 4065a6-4065bf fprintf 98->100 100->86 111 406724-406745 fprintf 108->111 112 40671a-40671f 108->112 111->112 113 406747-406769 fprintf 111->113 112->4 113->112 114 40676b-406791 strlen fprintf 113->114 114->4
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: ModuleResource$Handle$AddressCurrentFileFindLoadLockNameProcProcessfprintfmemsetstrrchr
                                                                                  • String ID: -Dfile.encoding=UTF-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\COPYRIGHT;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre$-Xms$-Xmx$An error occurred while starting the application.$Args length:%d/32768 chars$C:\Users\user\AppData\Roaming\InstallerPDW$C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe$Error:%s$Instance already exists.$IsWow64Process$Laun$Launcher args:%s$Launcher:%s$Resource %d:%s$Startup error message not defined.$WOW64:%s$Working dir:%s$\bin$appendToPathVar failed.$bin\java.exe$bin\javaw.exe$ch4j$yes
                                                                                  • API String ID: 919401838-3912622273
                                                                                  • Opcode ID: e98f0b280fdfade851ebe13318b98efc7c14c0c3f0ba294e535c625494688a31
                                                                                  • Instruction ID: bf9eff1d8a15de45e5a137a0cf06cc9be9fda6a92e4b939ea636d94b2118cc52
                                                                                  • Opcode Fuzzy Hash: e98f0b280fdfade851ebe13318b98efc7c14c0c3f0ba294e535c625494688a31
                                                                                  • Instruction Fuzzy Hash: 6A521EB09087018BD714EF29D58025EBBE1EF84344F15C87FE889AB391DB7C89658F4A
                                                                                  Function 00404740 Relevance: 88.1, APIs: 43, Strings: 7, Instructions: 553stringCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 185 404740-404794 FindResourceExA 186 40479a-4047b1 LoadResource 185->186 187 404c7b-404c8b SetLastError 185->187 188 404810-404859 FindResourceExA 186->188 189 4047b3-4047c2 LockResource 186->189 193 404c93-404ca6 SetLastError 187->193 190 404cae-404cc1 SetLastError 188->190 191 40485f-404876 LoadResource 188->191 189->188 192 4047c4-4047c9 189->192 197 404cc9-404ce0 call 402cb0 190->197 194 4048e0-4048f7 strchr 191->194 195 404878-404887 LockResource 191->195 196 4047d0-4047da 192->196 193->190 199 4048f9-404907 strlen 194->199 200 40490d-40491d strcpy 194->200 195->194 198 404889-40488c 195->198 196->196 201 4047dc-4047e4 196->201 211 404ce6-404cee 197->211 212 404f7d-404f92 call 402cb0 197->212 203 404890-40489d 198->203 199->200 204 404afc-404b4c strncpy strlen strcat 199->204 205 404922-404950 FindResourceExA 200->205 201->188 206 4047e6-4047ed 201->206 203->203 209 40489f-4048a7 203->209 204->205 205->193 210 404956-40496c LoadResource 205->210 206->188 207 4047ef-40480d fprintf 206->207 207->188 209->194 213 4048a9-4048b0 209->213 214 4049e0-4049f7 strchr 210->214 215 40496e-40497d LockResource 210->215 217 404cf4-404d10 strcpy 211->217 218 404a39-404a53 call 403d20 211->218 237 404f97-404fae call 402cb0 212->237 213->194 221 4048b2-4048d9 fprintf 213->221 219 4049f9-404a07 strlen 214->219 220 404a0d-404a1d strcpy 214->220 215->214 222 40497f-404981 215->222 225 404a55-404a5f 217->225 226 404d16-404d22 217->226 218->225 239 404a97-404aa6 call 4042b0 218->239 219->220 227 404aa7-404af7 strncpy strlen strcat 219->227 228 404a22-404a2a 220->228 221->194 223 404990-40499d 222->223 223->223 230 40499f-4049a7 223->230 231 404d24 226->231 232 404d29-404d47 fprintf 226->232 227->228 233 404a60-404a6d call 403d20 228->233 234 404a2c-404a33 228->234 230->214 236 4049a9-4049b0 230->236 231->232 232->225 246 404a72-404a74 233->246 234->218 238 404b51-404b8f FindResourceExA 234->238 236->214 241 4049b2-4049d9 fprintf 236->241 254 404fb4-404fc0 237->254 255 404e97-404e9f 237->255 244 404f33-404f43 SetLastError 238->244 245 404b95-404bac LoadResource 238->245 241->214 257 404f4b-404f62 call 402cb0 244->257 250 404bea-404bfa atoi 245->250 251 404bae-404bbd LockResource 245->251 246->225 247 404a76-404a84 246->247 252 404a8a-404a95 247->252 253 404d7e-404dbb FindResourceExA 247->253 258 404c00-404c18 call 402cb0 250->258 259 404d4c-404d63 call 402cb0 250->259 251->250 256 404bbf-404bc1 251->256 252->225 252->239 264 404dc1-404dd8 LoadResource 253->264 265 404fc9-404fd9 SetLastError 253->265 254->265 255->252 260 404ea5-404ec1 strcpy 255->260 262 404bd0-404bda 256->262 275 404e55-404e5d 257->275 276 404f68-404f74 257->276 278 404c1a-404c2a call 402cb0 258->278 279 404c2f-404c37 258->279 259->279 283 404d69-404d75 259->283 270 404ec3-404ecf 260->270 271 404ef4-404efb 260->271 262->262 273 404bdc-404be4 262->273 267 404e10-404e20 atoi 264->267 268 404dda-404de9 LockResource 264->268 285 404fe1-404fff fprintf 265->285 267->257 282 404e26-404e3e call 402cb0 267->282 268->267 277 404deb 268->277 280 404ed1 270->280 281 404ed6-404eef fprintf 270->281 284 404f03-404f0a 271->284 273->250 273->284 275->260 291 404e5f-404e62 275->291 276->212 286 404ded-404df7 277->286 278->279 279->217 288 404c3d-404c40 279->288 280->281 281->271 282->275 298 404e40-404e50 call 402cb0 282->298 283->253 284->250 290 404f10-404f2e fprintf 284->290 285->267 286->286 292 404df9-404e01 286->292 288->197 293 404c46-404c5e call 402cb0 288->293 290->250 291->237 295 404e68-404e80 call 402cb0 291->295 292->267 296 404e03-404e0a 292->296 293->211 304 404c64-404c79 call 402cb0 293->304 295->255 303 404e82-404e92 call 402cb0 295->303 296->267 296->285 298->275 303->255 304->211
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: Resource$FindLoadLock$fprintf$ErrorLaststrchrstrcpystrlen
                                                                                  • String ID: 1.8.0$1.8.0$C:\Users\user\AppData\Roaming\InstallerPDW\jre$C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe$Resource %d:%s$Runtime used:%s (%s-bit)$true
                                                                                  • API String ID: 1095060389-3188585005
                                                                                  • Opcode ID: 1e1ebbd2596e796659a365ff710677ee0d78a079d6b67fc0678fadb0c843e369
                                                                                  • Instruction ID: 877def55760d6699fa8b0a675f498fd38e355f95ffd6f34839a3e279e3ce58b8
                                                                                  • Opcode Fuzzy Hash: 1e1ebbd2596e796659a365ff710677ee0d78a079d6b67fc0678fadb0c843e369
                                                                                  • Instruction Fuzzy Hash: 70225DB4A083019BD700AF65D64435FBBE1AB84344F01C87FE989AB3C2D77C9955DB8A
                                                                                  Function 004013B0 Relevance: 58.1, APIs: 27, Strings: 6, Instructions: 365stringtimewindowCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 308 4013b0-4013cc call 405d30 311 4013d2-4013d3 308->311 312 40185b-40188a memset call 4020c0 308->312 313 4013f0-401400 call 4021a0 311->313 314 4013d5-4013da call 401ed0 311->314 321 4018bc-4018e1 FindWindowExA 312->321 322 40188c 312->322 324 401402-401415 strstr 313->324 325 40141b-401436 call 4021a0 313->325 326 4013df-4013e6 314->326 321->322 323 4018e3 321->323 327 40188e-4018b2 ShowWindow SetForegroundWindow call 401c10 322->327 329 4018e9-40190f GetWindowTextA strstr 323->329 324->325 330 40180d-401812 324->330 336 4015e9-4015f7 call 4021a0 325->336 337 40143c 325->337 327->321 329->327 333 401915-401938 FindWindowExA 329->333 330->325 333->329 335 40193a 333->335 335->322 339 401441-40144e 336->339 346 4015fd-401610 strstr 336->346 337->339 340 401450-401452 339->340 341 401458-4014c6 CreateWindowExA 339->341 340->341 343 4017e6-4017e8 340->343 344 40161b-401644 call 4020c0 341->344 345 4014cc-4014d4 341->345 348 4014d6-401504 SetTimer 343->348 351 4017ee 343->351 355 401646-401657 atoi 344->355 356 401668-401688 call 4021a0 344->356 345->348 349 40150a-40151a call 406860 345->349 346->339 350 401616 346->350 348->314 348->349 357 40151f-401521 349->357 350->344 354 4017f3-4017fa 351->354 358 401837-401859 fwrite 354->358 359 4017fc-401808 call 406830 call 401c10 354->359 360 40165d-401662 355->360 361 40193f-401944 355->361 369 4016a3-4016ee call 4021a0 LoadImageA 356->369 370 40168a-40169d strstr 356->370 357->314 363 401527-40152f 357->363 358->359 359->326 360->356 361->356 366 401531-401539 363->366 367 40153f-401545 363->367 366->354 366->367 371 40155d-40157c GetMessageA 367->371 369->314 382 4016f4-4017de SendMessageA GetWindowRect GetSystemMetrics * 2 SetWindowPos ShowWindow UpdateWindow 369->382 370->369 373 401949-40194e 370->373 375 401547-40155a TranslateMessage DispatchMessageA 371->375 376 40157e-401586 371->376 373->369 375->371 379 4015b0-4015bc call 406830 376->379 380 401588-40158f 376->380 387 4015cc-4015d4 379->387 388 4015be-4015c6 379->388 380->379 383 401591-401599 380->383 385 4017e1 382->385 383->379 386 40159b-4015ab fprintf 383->386 385->343 386->379 389 401817-40182d fprintf 387->389 390 4015da-4015e4 call 401c10 387->390 388->385 388->387 389->358 390->326
                                                                                  APIs
                                                                                    • Part of subcall function 00405D30: GetModuleHandleA.KERNEL32(?,004013C7), ref: 00405D4D
                                                                                  • strstr.MSVCRT ref: 0040140E
                                                                                  • CreateWindowExA.USER32 ref: 004014B1
                                                                                  • SetTimer.USER32 ref: 004014FA
                                                                                  • GetMessageA.USER32 ref: 00401572
                                                                                    • Part of subcall function 00401ED0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,004013DA), ref: 00401ED7
                                                                                    • Part of subcall function 00401ED0: puts.MSVCRT ref: 00401F11
                                                                                    • Part of subcall function 00401ED0: ShellExecuteA.SHELL32 ref: 00401F5A
                                                                                  • memset.MSVCRT ref: 00401873
                                                                                  • ShowWindow.USER32 ref: 0040189A
                                                                                  • SetForegroundWindow.USER32 ref: 004018A5
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: Window$CreateErrorExecuteForegroundHandleLastMessageModuleShellShowTimermemsetputsstrstr
                                                                                  • String ID: --l4j-dont-wait$--l4j-no-splash$--l4j-no-splash-err$Exit code:%d$Exit code:%d, restarting the application!$STATIC
                                                                                  • API String ID: 2862500452-2488410787
                                                                                  • Opcode ID: ef69a45fb9a8d98a3e7d4beaa163ba7c94590803dc5b94dc991fefc783aab643
                                                                                  • Instruction ID: 24b147bc9a002fea4a62b88368d981a48f0c15b8e85cb8378e8374e035e88a4e
                                                                                  • Opcode Fuzzy Hash: ef69a45fb9a8d98a3e7d4beaa163ba7c94590803dc5b94dc991fefc783aab643
                                                                                  • Instruction Fuzzy Hash: CBE14CB19083018BD714EF3AD54131BBAE5AF84344F01C93FE989A73A1DB78D8519B8B
                                                                                  Function 00401150 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: _setmode$ExceptionExitFilterProcessUnhandled__getmainargs__p__environ__p__fmode_cexit
                                                                                  • String ID:
                                                                                  • API String ID: 3695137517-0
                                                                                  • Opcode ID: 60854d5bb89194ddad18fca627b3fed1a2910dcd429b76d8ba96fdf7a2bac1dc
                                                                                  • Instruction ID: 9b036dcc62e5206002a8964a93b809c6819fe7ae1a2a78e05521c6610f765c41
                                                                                  • Opcode Fuzzy Hash: 60854d5bb89194ddad18fca627b3fed1a2910dcd429b76d8ba96fdf7a2bac1dc
                                                                                  • Instruction Fuzzy Hash: 34212AB4A053048FC704FF65D58161ABBF5BF88344F01C93EE895A73A6DB389850CB5A
                                                                                  Function 00405390 Relevance: 121.2, APIs: 58, Strings: 11, Instructions: 479stringfileCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 115 405390-40545e call 406c70 memset * 4 FindResourceExA 118 405464-40547b LoadResource 115->118 119 405a9e-405ab1 SetLastError 115->119 120 4054cd-405517 FindResourceExA 118->120 121 40547d-40548c LockResource 118->121 122 405ab9-405ad3 strcat strlen 119->122 124 405a83-405a96 SetLastError 120->124 125 40551d-405533 LoadResource 120->125 121->120 123 40548e 121->123 126 405ad8-405add 122->126 127 405490-40549a 123->127 124->119 128 405535-405544 LockResource 125->128 129 405597-4055c4 FindResourceExA 125->129 136 405ae9-405b0b strcat strlen 126->136 127->127 132 40549c-4054a4 127->132 128->129 133 405546-405549 128->133 130 4058e6-4058f9 SetLastError 129->130 131 4055ca-4055e1 LoadResource 129->131 134 4058fc-4058fe 130->134 131->134 135 4055e7-4055f6 LockResource 131->135 132->120 137 4054a6-4054ad 132->137 138 405550-40555e 133->138 139 405900-405942 strlen strcat strlen 134->139 140 40595b-4059a9 strlen strncat strlen 134->140 135->134 141 4055fc-4055fe 135->141 136->126 137->120 142 4054af-4054c8 fprintf 137->142 138->138 143 405560-405568 138->143 144 405947-40595a 139->144 146 4059b7-4059d9 strcat strlen 140->146 147 4059ab-4059b0 140->147 145 405600-40560d 141->145 142->120 143->129 148 40556a-405571 143->148 145->145 150 40560f-405617 145->150 146->144 147->146 148->129 149 405573-405592 fprintf 148->149 149->129 151 405626-405653 FindResourceExA 150->151 152 405619-405620 150->152 154 405a39-405a4c SetLastError 151->154 155 405659-405670 LoadResource 151->155 152->151 153 405b0d-405b30 fprintf 152->153 153->151 157 405a4f-405a56 154->157 156 405676-405685 LockResource 155->156 155->157 156->157 158 40568b 156->158 159 4056b4-405713 call 403100 strlen 157->159 160 405a5c-405a7e fwrite 157->160 162 40568d-40569b 158->162 159->122 165 405719-405720 159->165 160->159 162->162 164 40569d-4056a5 162->164 164->159 166 4056a7-4056ae 164->166 165->136 167 405726-405741 strtok 165->167 166->159 168 405b35-405b59 fprintf 166->168 169 405897-4058e5 strlen * 2 strcat 167->169 170 405747-405749 167->170 168->159 171 405750-405757 170->171 172 40575d-405770 strpbrk 171->172 173 4059de-405a06 fprintf strpbrk 171->173 174 405776-40578b strrchr 172->174 175 405a0c-405a34 strcat strlen 172->175 173->174 173->175 176 405792-4057d2 strncpy _findfirst 174->176 177 40578d-40578f 174->177 178 405878-405891 strtok 175->178 179 405870-405873 _findclose 176->179 180 4057d8-4057de 176->180 177->176 178->169 178->171 179->178 181 4057f6-405837 strcpy strcat strlen 180->181 182 4057e0-4057f4 _findnext 181->182 183 405839-405868 fprintf _findnext 181->183 182->179 182->181 183->181 184 40586a 183->184 184->179
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: Resource$strlen$strcat$ErrorFindLastLoadLockfprintfmemset$_findnextstrpbrkstrtok$_findclose_findfirstfwritestrcpystrncatstrncpystrrchr
                                                                                  • String ID: " :%s$-Dfile.encoding=UTF-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\COPYRIGHT;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre$-cla$-jar$-jar$Add classpath:%s$Resource %d:%s$org.develnext.jphp.ext.javafx.FXLauncher$sspa$th "$true
                                                                                  • API String ID: 689643918-2559466555
                                                                                  • Opcode ID: f3cc387d6fe282e7dd2616dd62daa608cb237d8618ec9fd67493d2c34684ebff
                                                                                  • Instruction ID: 45e07854ae54010095be9281c7dcb4a820f195fbc1c947dc7b9175b2af9540e9
                                                                                  • Opcode Fuzzy Hash: f3cc387d6fe282e7dd2616dd62daa608cb237d8618ec9fd67493d2c34684ebff
                                                                                  • Instruction Fuzzy Hash: AE1261B09087018BD710AF29C54065BBBE5EF94304F0589BFE8C9AB391D77D8995CF8A
                                                                                  Function 00403D20 Relevance: 44.0, APIs: 18, Strings: 7, Instructions: 207stringCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 393 403d20-403d7d call 406c70 memset FindResourceExA 396 403e91-403ea9 SetLastError 393->396 397 403d83-403d9a LoadResource 393->397 398 403eb0-403eb9 396->398 397->398 399 403da0-403daf LockResource 397->399 399->398 400 403db5-403db9 399->400 401 403dc0-403dca 400->401 401->401 402 403dcc-403dd4 401->402 403 403de3-403e1e memset call 403100 402->403 404 403dd6-403ddd 402->404 408 403fc4-403fd4 fprintf 403->408 409 403e24-403e2b 403->409 404->403 406 403fde-403ffc fprintf 404->406 406->403 408->406 410 403e3a-403e45 strcpy 409->410 411 403e2d-403e34 409->411 413 403e4a-403e51 call 402690 410->413 411->410 412 403f77-403fa1 strncpy strlen 411->412 415 403fa3-403fa8 412->415 416 403faf-403fbf strcat 412->416 417 403e56-403e58 413->417 415->416 416->413 417->398 418 403e5a-403e62 417->418 419 403e64 418->419 420 403eba-403efb FindResourceExA 418->420 421 403e69-403e90 strcpy 419->421 422 404001-404017 SetLastError 420->422 423 403f01-403f18 LoadResource 420->423 424 403f50-403f6c 422->424 423->424 425 403f1a-403f29 LockResource 423->425 424->421 427 403f72 424->427 425->424 426 403f2b 425->426 428 403f2d-403f37 426->428 427->412 428->428 429 403f39-403f41 428->429 429->424 430 403f43-403f4a 429->430 430->424 431 40401c-40403a fprintf 430->431 431->424
                                                                                  APIs
                                                                                  • memset.MSVCRT ref: 00403D50
                                                                                  • FindResourceExA.KERNEL32(00000003,00412360,?), ref: 00403D73
                                                                                  • LoadResource.KERNEL32(?,?,?,00404A72), ref: 00403D90
                                                                                  • LockResource.KERNEL32(?,?,?,?,?,00404A72), ref: 00403DA3
                                                                                  • memset.MSVCRT ref: 00403DFB
                                                                                  • strcpy.MSVCRT ref: 00403E45
                                                                                  • strcpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,00404A72), ref: 00403E7F
                                                                                  • SetLastError.KERNEL32(?,?,?,00404A72), ref: 00403E98
                                                                                  • FindResourceExA.KERNEL32 ref: 00403EF1
                                                                                  • LoadResource.KERNEL32(?,?,?,?,?,?,?,?,?,?,00404A72), ref: 00403F0E
                                                                                  • LockResource.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00404A72), ref: 00403F1D
                                                                                  • strncpy.MSVCRT ref: 00403F89
                                                                                  • strlen.MSVCRT ref: 00403F95
                                                                                  • strcat.MSVCRT ref: 00403FBA
                                                                                  • fprintf.MSVCRT ref: 00403FD4
                                                                                  • fprintf.MSVCRT ref: 00403FF7
                                                                                  • SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00404A72), ref: 00404008
                                                                                  • fprintf.MSVCRT ref: 00404035
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: Resource$fprintf$ErrorFindLastLoadLockmemsetstrcpy$strcatstrlenstrncpy
                                                                                  • String ID: :$Bundled JRE:%s$C:\Users\user\AppData\Roaming\InstallerPDW\jre$C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe$Resource %d:%s$\$true
                                                                                  • API String ID: 1825146110-3206557958
                                                                                  • Opcode ID: b93b39cbe82f5e2f208a7984e44e89cdccab112937a32fab5cc704911dd864f8
                                                                                  • Instruction ID: a351f2335a7c1ffd526f9bc51b8a145b2b5fd6ff43207c8f2e401759d570546c
                                                                                  • Opcode Fuzzy Hash: b93b39cbe82f5e2f208a7984e44e89cdccab112937a32fab5cc704911dd864f8
                                                                                  • Instruction Fuzzy Hash: 178160B09083019BD710AF29D54035ABFE9EF84344F05C87FE989AB3D1DB7C99558B8A
                                                                                  Function 00403790 Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 171stringCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 432 403790-4037cc FindResourceExA 433 4037d2-4037e9 LoadResource 432->433 434 4039b4-4039c6 SetLastError 432->434 435 40383a-40389f memset strlen strncpy strlen _open 433->435 436 4037eb-4037fa LockResource 433->436 437 4039ce-4039ec fprintf 434->437 438 4038a5-4038ac 435->438 439 403976-40397d 435->439 436->435 440 4037fc-4037fe 436->440 441 403826-403834 strlen 437->441 442 4038b2-4038f4 strlen _read 438->442 443 40399a-4039af fprintf 438->443 444 403800-40380d 440->444 441->435 445 403944-40394f 442->445 446 4038f6-4038f9 442->446 443->442 444->444 447 40380f-403817 444->447 448 403951-403955 445->448 449 403968-403971 _close 445->449 450 403900-403906 446->450 447->441 451 403819-403820 447->451 448->449 452 403957-403962 strlen 448->452 449->439 453 403990-403998 450->453 454 40390c-40391c 450->454 451->437 451->441 452->449 457 403940-403942 453->457 455 403980-403988 454->455 456 40391e-40392c 454->456 455->457 459 40398a-40398c 455->459 456->457 458 40392e-403932 456->458 457->445 457->450 458->457 460 403934 458->460 461 403937-403939 459->461 460->461 461->457
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: strlen$Resource$ErrorFindLastLoadLock_close_open_readmemsetstrncpy
                                                                                  • String ID: Loading:%s$Resource %d:%s$ini
                                                                                  • API String ID: 3498103655-913749543
                                                                                  • Opcode ID: 1aeefc6938f78fb95fdeba6918e8ca31fde1e41f92e779772340ee2ce77c709b
                                                                                  • Instruction ID: ffe5270cda513766b45dd1113f6f5d5a6076afea4e1b231d249c2800047aef03
                                                                                  • Opcode Fuzzy Hash: 1aeefc6938f78fb95fdeba6918e8ca31fde1e41f92e779772340ee2ce77c709b
                                                                                  • Instruction Fuzzy Hash: 4E6181B59083118BDB10AF29C58035EBFE5AF44344F05847FE9C9A7382D7789A51CB8A
                                                                                  Function 00406860 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 105stringprocesssynchronizationCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • memset.MSVCRT ref: 0040689C
                                                                                  • memset.MSVCRT ref: 004068BD
                                                                                  • strcat.MSVCRT ref: 004068DA
                                                                                  • strlen.MSVCRT ref: 004068E2
                                                                                  • strcat.MSVCRT ref: 004068FE
                                                                                  • CreateProcessA.KERNEL32 ref: 00406941
                                                                                  • WaitForSingleObject.KERNEL32(?,?,?,?,?,0040A01C,00000001,00000000,?,0040151F), ref: 00406994
                                                                                  • GetExitCodeProcess.KERNEL32 ref: 004069AC
                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,0040A01C,00000001,00000000,?,0040151F), ref: 004069BD
                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,0040A01C,00000001,00000000,?,0040151F), ref: 004069CE
                                                                                  Strings
                                                                                  • C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe, xrefs: 004068C7
                                                                                  • D, xrefs: 004068A1
                                                                                  • -Dfile.encoding=UTF-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\COPYRIGHT;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre, xrefs: 004068F2
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: CloseHandleProcessmemsetstrcat$CodeCreateExitObjectSingleWaitstrlen
                                                                                  • String ID: -Dfile.encoding=UTF-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\COPYRIGHT;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre$C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe$D
                                                                                  • API String ID: 196992964-758294672
                                                                                  • Opcode ID: 925ee4bed1523179cba05dbda226f6a8605d2966789c7c8ca7956b0a3c785639
                                                                                  • Instruction ID: c9cdd45e2a5c81e006214db6be6d40eb90bac674d27234413dd11b55ebfa4603
                                                                                  • Opcode Fuzzy Hash: 925ee4bed1523179cba05dbda226f6a8605d2966789c7c8ca7956b0a3c785639
                                                                                  • Instruction Fuzzy Hash: EF4129B19083009BD700EF69D58064EFBF0FF84310F02897EE599AB391D7789965CB8A
                                                                                  Function 00402690 Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 73stringCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 470 402690-4026c7 memset 471 402708-40271c strcpy 470->471 472 4026c9-4026d0 470->472 475 402776-402783 strlen 471->475 476 40271e-40272b strlen 471->476 473 4026d2-4026d9 472->473 474 4026f9-402707 472->474 477 4026e0-4026f4 fprintf 473->477 478 4026db 473->478 481 402785 475->481 482 40278b-402794 475->482 479 402733-402738 476->479 480 40272d 476->480 477->474 478->477 483 40273c-40275c strcat _stat 479->483 480->479 481->482 482->483 483->472 484 402762-402771 SetLastError 483->484 484->472
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: strlen$ErrorLast_statfprintfmemsetstrcatstrcpy
                                                                                  • String ID: (OK)$(not found)$Check launcher:%s %s$bin\java.exe$bin\javaw.exe
                                                                                  • API String ID: 1479257852-1030199565
                                                                                  • Opcode ID: 045868294d0a7ed06c315ae385c8820c2325015fc6260560a2149f7d46a293a6
                                                                                  • Instruction ID: e8944f1a8106916e4475c21f7cef91e4a366f81d5ed1b62317d4ded5b41b0450
                                                                                  • Opcode Fuzzy Hash: 045868294d0a7ed06c315ae385c8820c2325015fc6260560a2149f7d46a293a6
                                                                                  • Instruction Fuzzy Hash: A63191B4908705DFD710AF65C58421EBBE0AF44304F16887FE888BB3D1D7B88941CB8A
                                                                                  Function 004013E9 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 128windowstringtimeCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 485 4013e9-401400 call 4021a0 489 401402-401415 strstr 485->489 490 40141b-401436 call 4021a0 485->490 489->490 491 40180d-401812 489->491 494 4015e9-4015f7 call 4021a0 490->494 495 40143c 490->495 491->490 497 401441-40144e 494->497 504 4015fd-401610 strstr 494->504 495->497 498 401450-401452 497->498 499 401458-4014c6 CreateWindowExA 497->499 498->499 501 4017e6-4017e8 498->501 502 40161b-401644 call 4020c0 499->502 503 4014cc-4014d4 499->503 506 4014d6-401504 SetTimer 501->506 509 4017ee 501->509 514 401646-401657 atoi 502->514 515 401668-401688 call 4021a0 502->515 503->506 507 40150a-401521 call 406860 503->507 504->497 508 401616 504->508 506->507 511 4013d5-4013da call 401ed0 506->511 507->511 523 401527-40152f 507->523 508->502 513 4017f3-4017fa 509->513 529 4013df-4013e6 511->529 518 401837-401859 fwrite 513->518 519 4017fc-401808 call 406830 call 401c10 513->519 520 40165d-401662 514->520 521 40193f-401944 514->521 531 4016a3-4016ee call 4021a0 LoadImageA 515->531 532 40168a-40169d strstr 515->532 518->519 519->529 520->515 521->515 527 401531-401539 523->527 528 40153f-401545 523->528 527->513 527->528 533 40155d-40157c GetMessageA 528->533 531->511 544 4016f4-4017de SendMessageA GetWindowRect GetSystemMetrics * 2 SetWindowPos ShowWindow UpdateWindow 531->544 532->531 535 401949-40194e 532->535 537 401547-40155a TranslateMessage DispatchMessageA 533->537 538 40157e-401586 533->538 535->531 537->533 541 4015b0-4015bc call 406830 538->541 542 401588-40158f 538->542 549 4015cc-4015d4 541->549 550 4015be-4015c6 541->550 542->541 545 401591-401599 542->545 547 4017e1 544->547 545->541 548 40159b-4015ab fprintf 545->548 547->501 548->541 551 401817-40182d fprintf 549->551 552 4015da-4015e4 call 401c10 549->552 550->547 550->549 551->518 552->529
                                                                                  APIs
                                                                                    • Part of subcall function 004021A0: FindResourceExA.KERNEL32 ref: 004021DD
                                                                                    • Part of subcall function 004021A0: LoadResource.KERNEL32 ref: 004021FA
                                                                                    • Part of subcall function 004021A0: LockResource.KERNEL32 ref: 00402209
                                                                                    • Part of subcall function 004021A0: fprintf.MSVCRT ref: 00402253
                                                                                  • strstr.MSVCRT ref: 0040140E
                                                                                  • CreateWindowExA.USER32 ref: 004014B1
                                                                                  • SetTimer.USER32 ref: 004014FA
                                                                                  • TranslateMessage.USER32 ref: 0040154A
                                                                                  • DispatchMessageA.USER32 ref: 00401555
                                                                                  • GetMessageA.USER32 ref: 00401572
                                                                                  • fprintf.MSVCRT ref: 004015AB
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageResource$fprintf$CreateDispatchFindLoadLockTimerTranslateWindowstrstr
                                                                                  • String ID: --l4j-no-splash$Exit code:%d, restarting the application!$STATIC
                                                                                  • API String ID: 2241055113-1185063601
                                                                                  • Opcode ID: 33ac18716a739c8569af302160795fed5acb0a4af97f80bbe930cd5371412de7
                                                                                  • Instruction ID: 67a90b80666c473e9742fa792ab923d60fcf46590e4eeb89ab99995b83f5f157
                                                                                  • Opcode Fuzzy Hash: 33ac18716a739c8569af302160795fed5acb0a4af97f80bbe930cd5371412de7
                                                                                  • Instruction Fuzzy Hash: 4F514B71A043058BD714DF2AD94035BB7F1ABC4300F15C83FE989AB3A0EB39C8519B8A
                                                                                  Function 0040124A Relevance: 10.5, APIs: 7, Instructions: 41COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: _setmode$ExitProcess__p__environ__p__fmode_cexit
                                                                                  • String ID:
                                                                                  • API String ID: 2747451157-0
                                                                                  • Opcode ID: 55b44065cfc3671dcbda3173ad3e590a602a7e1e9e535e6ec2c50fd80800269a
                                                                                  • Instruction ID: 6dd9965de3e649a4df042f89f412d9c8f3f420679e1b57de8b71a4d36494cbca
                                                                                  • Opcode Fuzzy Hash: 55b44065cfc3671dcbda3173ad3e590a602a7e1e9e535e6ec2c50fd80800269a
                                                                                  • Instruction Fuzzy Hash: CD1109746057108FC304FF25D9C181A77B1BF88304B12CA7EE986AB3A6C738D850DB4A
                                                                                  Function 00406A10 Relevance: 4.6, APIs: 3, Instructions: 95COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 580 406a10-406a40 call 406c70 call 406c00 GetCommandLineA GetStartupInfoA 585 406a42 580->585 586 406a48-406a5b 580->586 587 406ae6-406afe GetModuleHandleA 585->587 588 406a47 586->588 589 406a5d-406a60 586->589 590 406b00 587->590 591 406b04-406b21 call 4013b0 587->591 588->586 592 406aa0-406ab3 589->592 593 406a62-406a72 589->593 590->591 592->592 597 406ab5-406ab8 592->597 595 406ac0-406acc 593->595 596 406a74-406a7a 593->596 602 406ae0-406ae4 595->602 599 406a80-406a82 596->599 600 406b22-406b26 597->600 601 406aba 597->601 599->595 604 406a84-406a98 599->604 600->595 601->595 602->587 603 406ad0-406add 602->603 603->602 604->599 605 406a9a 604->605 605->595
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: CommandHandleInfoLineModuleStartup
                                                                                  • String ID:
                                                                                  • API String ID: 1628297973-0
                                                                                  • Opcode ID: 426b7e169bc4001adf4ac2880b2c14a6d5950ebf415b9d4ab6f3d543cdd5321b
                                                                                  • Instruction ID: ebf8bf4e4e20132a1a66f6807e23304a966a01df456f573df18988500c29227c
                                                                                  • Opcode Fuzzy Hash: 426b7e169bc4001adf4ac2880b2c14a6d5950ebf415b9d4ab6f3d543cdd5321b
                                                                                  • Instruction Fuzzy Hash: 00215CB67047154FEB147636C4A23AB7BE26F42344F8AC03BC583321C3D23C5AB59A06
                                                                                  Function 00406A9C Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 606 406a9c 607 406aa0-406ab3 606->607 607->607 608 406ab5-406ab8 607->608 609 406b22-406b26 608->609 610 406aba 608->610 611 406ac0-406acc 609->611 610->611 612 406ae0-406ae4 611->612 613 406ad0-406add 612->613 614 406ae6-406afe GetModuleHandleA 612->614 613->612 615 406b00 614->615 616 406b04-406b21 call 4013b0 614->616 615->616
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: HandleModule
                                                                                  • String ID:
                                                                                  • API String ID: 4139908857-0
                                                                                  • Opcode ID: 661c79fa3b8ac9abb4e224266d4cded6d62ffdd14050f3927dba7b757e43ebb2
                                                                                  • Instruction ID: f042ff4e9afc238231ba2f0a1a21a068439de561cfa6daf720de4363d65ecbf7
                                                                                  • Opcode Fuzzy Hash: 661c79fa3b8ac9abb4e224266d4cded6d62ffdd14050f3927dba7b757e43ebb2
                                                                                  • Instruction Fuzzy Hash: 23F0F4B1A047154BDB14AF39C09139BBBF2AF40348F86C43EC987732C2D37C99608A02
                                                                                  Function 00406ACE Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 619 406ace 620 406ad0-406ae4 619->620 622 406ae6-406afe GetModuleHandleA 620->622 623 406b00 622->623 624 406b04-406b21 call 4013b0 622->624 623->624
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: HandleModule
                                                                                  • String ID:
                                                                                  • API String ID: 4139908857-0
                                                                                  • Opcode ID: acdd093e482f5bde7bba130dde77f32350e70ae8059faee5c55a3686f59b36ed
                                                                                  • Instruction ID: 3ce4b8eff68f737e1e19327138148219799e312e833f16ad5da121a4cd60d1db
                                                                                  • Opcode Fuzzy Hash: acdd093e482f5bde7bba130dde77f32350e70ae8059faee5c55a3686f59b36ed
                                                                                  • Instruction Fuzzy Hash: 1DF0A0B6A083244ADB04AF7AC18136AFFF1AF45358F45C47ED985626D2D27C8550CB52
                                                                                  Function 00401290 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 627 401290-4012a3 __set_app_type call 401150 629 4012a8-4012a9 627->629
                                                                                  APIs
                                                                                  • __set_app_type.MSVCRT ref: 0040129D
                                                                                    • Part of subcall function 00401150: SetUnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?,?,004012A8), ref: 00401161
                                                                                    • Part of subcall function 00401150: __getmainargs.MSVCRT ref: 0040119A
                                                                                    • Part of subcall function 00401150: _setmode.MSVCRT ref: 004011D5
                                                                                    • Part of subcall function 00401150: _setmode.MSVCRT ref: 004011FB
                                                                                    • Part of subcall function 00401150: __p__fmode.MSVCRT ref: 00401200
                                                                                    • Part of subcall function 00401150: __p__environ.MSVCRT ref: 00401215
                                                                                    • Part of subcall function 00401150: _cexit.MSVCRT ref: 00401239
                                                                                    • Part of subcall function 00401150: ExitProcess.KERNEL32 ref: 00401241
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: _setmode$ExceptionExitFilterProcessUnhandled__getmainargs__p__environ__p__fmode__set_app_type_cexit
                                                                                  • String ID:
                                                                                  • API String ID: 250851222-0
                                                                                  • Opcode ID: f8f8779216d611a18a63dbf5b8c311eb09e190107aa71f1f2c959bcc01329ce4
                                                                                  • Instruction ID: f3566ed841fe2c78bbec3e3585cf37c7a6b3b3915cdcc1304e07bfa49eda4ab5
                                                                                  • Opcode Fuzzy Hash: f8f8779216d611a18a63dbf5b8c311eb09e190107aa71f1f2c959bcc01329ce4
                                                                                  • Instruction Fuzzy Hash: F3C09B3041421497C3003FB5DC0E359BBA87B05305F41443CD5C967261D67839054796

                                                                                  Non-executed Functions

                                                                                  Function 00401ED0 Relevance: 31.6, APIs: 13, Strings: 5, Instructions: 116stringwindowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,004013DA), ref: 00401ED7
                                                                                  • puts.MSVCRT ref: 00401F11
                                                                                  • ShellExecuteA.SHELL32 ref: 00401F5A
                                                                                  • printf.MSVCRT ref: 00401F89
                                                                                  • fclose.MSVCRT ref: 00401F93
                                                                                  • MessageBoxA.USER32 ref: 00401FBF
                                                                                  • FormatMessageA.KERNEL32(?,?,?,?,?,?,?,?,004013DA), ref: 00401FFD
                                                                                  • strlen.MSVCRT ref: 0040201F
                                                                                  • strcat.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004013DA), ref: 00402040
                                                                                  • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004013DA), ref: 0040204B
                                                                                  • fprintf.MSVCRT ref: 0040206D
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: Message$ErrorExecuteFormatFreeLastLocalShellfclosefprintfprintfputsstrcatstrlen
                                                                                  • String ID: An error occurred while starting the application.$Error msg:%s$Error:%s$Open URL:%s$open
                                                                                  • API String ID: 1449747937-1100426463
                                                                                  • Opcode ID: 1d01a69e9d7fb2250e9da01269d9a9a695086d462b34391a24b83a14a180ea29
                                                                                  • Instruction ID: 2d12064388d49b1e09197d997951df6f1fa04ecba0d9f77cc5412a013d33004a
                                                                                  • Opcode Fuzzy Hash: 1d01a69e9d7fb2250e9da01269d9a9a695086d462b34391a24b83a14a180ea29
                                                                                  • Instruction Fuzzy Hash: 5041F1B0B083019BD704EF29D68525FBAE1BB84344F11C83FE589A7391D77C89559B8B
                                                                                  Function 004042B0 Relevance: 61.5, APIs: 29, Strings: 6, Instructions: 286stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: Resource$FindLoadLockstrlen$strcat$ErrorLastfprintf
                                                                                  • String ID: - $-bit$1.8.0$1.8.0$An error occurred while starting the application.$Resource %d:%s
                                                                                  • API String ID: 484976878-253376002
                                                                                  • Opcode ID: b992894269d4df67585a336ef44875f4a4d0f1fa0297b5c6ea2c178211651a31
                                                                                  • Instruction ID: 34e31f97e9555f3506bafa7709ed99a0cf1f3aa383949e3ef6a0ea41d6191ac0
                                                                                  • Opcode Fuzzy Hash: b992894269d4df67585a336ef44875f4a4d0f1fa0297b5c6ea2c178211651a31
                                                                                  • Instruction Fuzzy Hash: 50B170B07183018BD704EF3AD64035ABAE1BB84344F05C93ED989E7391D77DC9658B9A
                                                                                  Function 00402920 Relevance: 49.2, APIs: 23, Strings: 5, Instructions: 218stringregistryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: strcpy$memsetstrcmpstrlen$fprintfstrcat$EnumOpenstrchrstrncpy
                                                                                  • String ID: %s-bit search:%s...$1.8.0$Check:%s$Ignore:%s$Match:%s
                                                                                  • API String ID: 972160396-125968938
                                                                                  • Opcode ID: c86c034fc67a71293e03635b1d03b0b522562ab163ebdae5596db442e3a19ad0
                                                                                  • Instruction ID: 9a2c2f7deab8620c59848cd1e9c546dad7476eac0264ac07e1180a0b30e31d97
                                                                                  • Opcode Fuzzy Hash: c86c034fc67a71293e03635b1d03b0b522562ab163ebdae5596db442e3a19ad0
                                                                                  • Instruction Fuzzy Hash: 25A12AB49087149BC711EF25C98429EFBF5AF84704F0188BFE489A7391D7789A858F86
                                                                                  Function 00403100 Relevance: 43.9, APIs: 16, Strings: 9, Instructions: 186stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: strcat$strncat$memsetstrchr$CurrentDirectoryEnvironmentVariablestrlenstrstr
                                                                                  • String ID: C:\Users\user\AppData\Roaming\InstallerPDW$C:\Users\user\AppData\Roaming\InstallerPDW\jre$EXEDIR$EXEFILE$HKEY$JREHOMEDIR$OLDPWD$PWD$Substitute:%s = %s
                                                                                  • API String ID: 3324974479-3985667338
                                                                                  • Opcode ID: 6614e760f1d2ee19f4b253176852c44bfd1491407e5a90ce63a812219ddd9ebb
                                                                                  • Instruction ID: ed202c75566bdcf25b9861d036979bf7c043f81e68319857b6959b64db836d4b
                                                                                  • Opcode Fuzzy Hash: 6614e760f1d2ee19f4b253176852c44bfd1491407e5a90ce63a812219ddd9ebb
                                                                                  • Instruction Fuzzy Hash: 80711C759043159BCB54DF25C88025ABBE5FF84314F41C8BEE98DA7381DB389E85CB8A
                                                                                  Function 004033F0 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 228stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  • Heap %s:Requested %d MB / %d%%, Available: %d MB, Heap size: %d MB, xrefs: 00403688
                                                                                  • Heap limit:Reduced %d MB heap size to 32-bit maximum %d MB, xrefs: 004036B0
                                                                                  • Resource %d:%s, xrefs: 004034A3, 00403563
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: Resource$FindLoadLockatoifprintfstrlen$ErrorLast_itoastrcat
                                                                                  • String ID: Heap %s:Requested %d MB / %d%%, Available: %d MB, Heap size: %d MB$Heap limit:Reduced %d MB heap size to 32-bit maximum %d MB$Resource %d:%s
                                                                                  • API String ID: 1284713559-335395982
                                                                                  • Opcode ID: 49b52521ad4b28281b4610723bdc3fecec1105f7fc221ab9df715c009cf8496d
                                                                                  • Instruction ID: 556c7044ae09a008ffae0a8d9fc69ada731a51744f4509117c473fc4c8ef08ad
                                                                                  • Opcode Fuzzy Hash: 49b52521ad4b28281b4610723bdc3fecec1105f7fc221ab9df715c009cf8496d
                                                                                  • Instruction Fuzzy Hash: CC916FB19083159BDB14EF69C58025FBBF5BF88304F05883EE889AB391D738D915CB86
                                                                                  Function 00401C30 Relevance: 36.9, APIs: 12, Strings: 9, Instructions: 108stringfileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: strstr$fprintfmemset$EnvironmentVariablefopenstrlenstrncpy
                                                                                  • String ID: Version:%s$--l4j-debug$--l4j-debug-all$3.9$CmdLine:%s %s$debug$debug-all$j.lo$nch4
                                                                                  • API String ID: 1991431792-3923029096
                                                                                  • Opcode ID: a285fad08061a693a5248468f59be63a75b3341ece323a7797179705ea493636
                                                                                  • Instruction ID: 60ffc86f505bfdbbbba3efb310094abc59b8358325a5033e9b193ab27e218064
                                                                                  • Opcode Fuzzy Hash: a285fad08061a693a5248468f59be63a75b3341ece323a7797179705ea493636
                                                                                  • Instruction Fuzzy Hash: AA411DB49083059BC710AF6AC58056EFBE5EF84754F01C83FE989AB391D738D851DB8A
                                                                                  Function 00405B60 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 121stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  • --l4j-, xrefs: 00405C50, 00405C8E
                                                                                  • -Dfile.encoding=UTF-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\COPYRIGHT;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre, xrefs: 00405C13, 00405C2F, 00405CAE, 00405CCA
                                                                                  • Resource %d:%s, xrefs: 00405D11
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: Resource$strcatstrlenstrstr$ErrorFindLastLoadLockmemsetstrchrstrcpy
                                                                                  • String ID: --l4j-$-Dfile.encoding=UTF-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\COPYRIGHT;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre$Resource %d:%s
                                                                                  • API String ID: 782867121-196463637
                                                                                  • Opcode ID: ac6294b31dbabfa38df6261dad10e70e22e75e7ae9a4ecf5308ff82ecc24c60d
                                                                                  • Instruction ID: d40fd4806269129820aebf3143e2994a5f350a870bc7b93ef3ae692e42a163e9
                                                                                  • Opcode Fuzzy Hash: ac6294b31dbabfa38df6261dad10e70e22e75e7ae9a4ecf5308ff82ecc24c60d
                                                                                  • Instruction Fuzzy Hash: E6414DB0908B019AE714AF29C54432BBAE5EF45704F01C87FE589A73C2D73D88958F9B
                                                                                  Function 004023B0 Relevance: 29.9, APIs: 11, Strings: 6, Instructions: 118stringregistryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: strstr$Open$CloseQueryValuestrchrstrrchr
                                                                                  • String ID: HKEY$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS
                                                                                  • API String ID: 356245303-4236897492
                                                                                  • Opcode ID: a1b4684ee25663612e490b4be978381a64ee457d4bbee82a063a929b877f78fc
                                                                                  • Instruction ID: 2ae7df6790b6f1853f37995f78c893f74154cd1711da3b843cecc37fcb260c67
                                                                                  • Opcode Fuzzy Hash: a1b4684ee25663612e490b4be978381a64ee457d4bbee82a063a929b877f78fc
                                                                                  • Instruction Fuzzy Hash: 2B414FB5D087069BDB00EF69C98425EFBE1BF84314F05883FE988A7381D77899448B96
                                                                                  Function 00403B77 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 111stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  • C:\Users\user\AppData\Roaming\InstallerPDW, xrefs: 00403BCC
                                                                                  • Working dir:%s, xrefs: 00403CBF
                                                                                  • Resource %d:%s, xrefs: 00403CFD
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: Resource$fprintfmemset$CurrentDirectoryErrorFindLastLoadLock_chdirstrcatstrlenstrncpy
                                                                                  • String ID: C:\Users\user\AppData\Roaming\InstallerPDW$Resource %d:%s$Working dir:%s
                                                                                  • API String ID: 422477114-2531277691
                                                                                  • Opcode ID: 9c9ccb99f420a877555200c07f2862f7891259c708e168cf86730445fea71b0e
                                                                                  • Instruction ID: 349f221890d6d40fe71c0e96cafd37487ebf52b12bf3dfd57c186abffd885e97
                                                                                  • Opcode Fuzzy Hash: 9c9ccb99f420a877555200c07f2862f7891259c708e168cf86730445fea71b0e
                                                                                  • Instruction Fuzzy Hash: B1416BB19087119BE700AF29D58135EBFE4EF84344F01883EE989A7381D7389994CB8A
                                                                                  Function 00404040 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 155stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  • C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe, xrefs: 004041A5
                                                                                  • Runtime used:%s (%s-bit), xrefs: 004041DF
                                                                                  • 1.8.0, xrefs: 00404051
                                                                                  • C:\Users\user\AppData\Roaming\InstallerPDW\jre, xrefs: 004041AC
                                                                                  • Resource %d:%s, xrefs: 0040428D
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: Resource$FindLoadLockatoifprintfstrcpy
                                                                                  • String ID: 1.8.0$C:\Users\user\AppData\Roaming\InstallerPDW\jre$C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe$Resource %d:%s$Runtime used:%s (%s-bit)
                                                                                  • API String ID: 1856142485-2890160268
                                                                                  • Opcode ID: d297cc4e5c952a856f3d68dfdf06d37a651345b527a0279046be52caef7b7906
                                                                                  • Instruction ID: 209fe916da85df5c911ae4276ce2f96064c2a1019c36ad74d5d97ab76ae223e1
                                                                                  • Opcode Fuzzy Hash: d297cc4e5c952a856f3d68dfdf06d37a651345b527a0279046be52caef7b7906
                                                                                  • Instruction Fuzzy Hash: A8513AB0A083059BD704AF65D54436EBBE1ABC4304F01C87EE989AB3D2D77D9C919B4A
                                                                                  Function 004051E0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 117stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • memset.MSVCRT ref: 00405211
                                                                                  • memset.MSVCRT ref: 00405228
                                                                                  • FindResourceExA.KERNEL32(?,00000000,?), ref: 00405250
                                                                                  • LoadResource.KERNEL32(?,?,?,00406514), ref: 0040526D
                                                                                  • LockResource.KERNEL32(?,?,?,?,?,00406514), ref: 0040527C
                                                                                  • fprintf.MSVCRT ref: 004052C8
                                                                                  • SetEnvironmentVariableA.KERNEL32 ref: 004052EC
                                                                                  • strtok.MSVCRT(?,?,?,?,00406514), ref: 004052FF
                                                                                  • strchr.MSVCRT ref: 00405316
                                                                                  • fprintf.MSVCRT ref: 0040535A
                                                                                  • SetLastError.KERNEL32(?,?,?,00406514), ref: 00405373
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: Resource$fprintfmemset$EnvironmentErrorFindLastLoadLockVariablestrchrstrtok
                                                                                  • String ID: Resource %d:%s$Set var:%s = %s
                                                                                  • API String ID: 301265589-2172967655
                                                                                  • Opcode ID: 269e6b674d12423d849caec9e5e778c3ff3d2c18b953fcfb33869b71bd7f8dc3
                                                                                  • Instruction ID: afa5dd9bf5237a591f145b88366e3ef618c797e9271656589243b0a106b18b75
                                                                                  • Opcode Fuzzy Hash: 269e6b674d12423d849caec9e5e778c3ff3d2c18b953fcfb33869b71bd7f8dc3
                                                                                  • Instruction Fuzzy Hash: DA4138B0A087019BD710AF2AD58035FBBE4EF88340F41C87EE489A7391D738D9559F9A
                                                                                  Function 004050D0 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 79stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  • C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe, xrefs: 004050F1
                                                                                  • appendToPathVar failed., xrefs: 00405186
                                                                                  • Error:%s, xrefs: 0040518B
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: strlen$EnvironmentVariablememset$fprintfstrcatstrcpy
                                                                                  • String ID: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe$Error:%s$appendToPathVar failed.
                                                                                  • API String ID: 495583820-307720113
                                                                                  • Opcode ID: 1bd0987b0e2fc78d473a59205c3eea85c459be8ceac31c8754d4a8f2c5af2878
                                                                                  • Instruction ID: f6e45bb88e98a1b81569ded4109919bd0ed7862b498e3da174d31cb25c7df640
                                                                                  • Opcode Fuzzy Hash: 1bd0987b0e2fc78d473a59205c3eea85c459be8ceac31c8754d4a8f2c5af2878
                                                                                  • Instruction Fuzzy Hash: 232161B5A087109AD710AF2AD44016FBBE5EFC4704F42C43FE489AB391D73C88528B8A
                                                                                  Function 004039F1 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 103synchronizationCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: Resource$ErrorLastfprintf$CreateFindLoadLockMutexmemset
                                                                                  • String ID: Error:%s$Instance already exists.$Resource %d:%s
                                                                                  • API String ID: 1676011544-3441027790
                                                                                  • Opcode ID: 5d703d892fcee4d035bb5678ce239c4aadbc0211198db526eb703aee52715d62
                                                                                  • Instruction ID: 63ebb8a2186d1c087548a531fdd3118c811b0fdf88078b365d510e972c39d1b2
                                                                                  • Opcode Fuzzy Hash: 5d703d892fcee4d035bb5678ce239c4aadbc0211198db526eb703aee52715d62
                                                                                  • Instruction Fuzzy Hash: 7E414F70A083059BDB14EF39D58135ABBE4AB84344F00C87EE48EE73C1E678D9959F56
                                                                                  Function 004027A0 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 96registrystringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: memset$CloseOpenQueryValuestrcatstrcpystrlen
                                                                                  • String ID: C:\Users\user\AppData\Roaming\InstallerPDW\jre$JavaHome$jre
                                                                                  • API String ID: 2991842512-457368712
                                                                                  • Opcode ID: d8b368d274ae85d4bc000698528c95442d51d74e1ab4d3ee601e9f643d251c95
                                                                                  • Instruction ID: f9c37e86e1fa10c1b6e9cf4516faf301a59072f01b137ca7bee1a517f153a641
                                                                                  • Opcode Fuzzy Hash: d8b368d274ae85d4bc000698528c95442d51d74e1ab4d3ee601e9f643d251c95
                                                                                  • Instruction Fuzzy Hash: 7A4152B5D047159BD710EF29C94425ABBE0EF84310F01C5BEE88DA7381D7789A84CF86
                                                                                  Function 00404069 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 107stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  • C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe, xrefs: 004041A5
                                                                                  • Runtime used:%s (%s-bit), xrefs: 004041DF
                                                                                  • C:\Users\user\AppData\Roaming\InstallerPDW\jre, xrefs: 004041AC
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: Resource$fprintf$ErrorFindLastLoadLockatoistrcpy
                                                                                  • String ID: C:\Users\user\AppData\Roaming\InstallerPDW\jre$C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe$Runtime used:%s (%s-bit)
                                                                                  • API String ID: 440416407-2898645827
                                                                                  • Opcode ID: b3bc536126c4a8c1264af20974626aece3c182a84d0fe9925ec699f1c1c00d30
                                                                                  • Instruction ID: 5389436385b8e7cd97168d55a14ed6d8c30c170912d26635384efc32abc192e5
                                                                                  • Opcode Fuzzy Hash: b3bc536126c4a8c1264af20974626aece3c182a84d0fe9925ec699f1c1c00d30
                                                                                  • Instruction Fuzzy Hash: D3415CB0A043019BD714AF25D58436EBBE1ABC4304F05C87ED989AB3D2D77D9C918B4A
                                                                                  Function 00402829 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 64stringregistryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: CloseQueryValuememsetstrcatstrcpystrlen
                                                                                  • String ID: C:\Users\user\AppData\Roaming\InstallerPDW\jre$JavaHome$jre
                                                                                  • API String ID: 2049115317-457368712
                                                                                  • Opcode ID: 5ea3d1e5677a1b9a5e222b99d69bfb2b1b3225a46dc7237ee8f34001a989facb
                                                                                  • Instruction ID: 0f7c0f34ce8200dd43c2f0bb0ff6e98dc681f3c32799e7a142d2370fabdcc0ea
                                                                                  • Opcode Fuzzy Hash: 5ea3d1e5677a1b9a5e222b99d69bfb2b1b3225a46dc7237ee8f34001a989facb
                                                                                  • Instruction Fuzzy Hash: DB217F759087158AD710EF29C58439ABBE1EF84304F05C9BEE58967381D7789A84CB86
                                                                                  Function 00402CB0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 122COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: Resource$FindLoadLockatoifprintf
                                                                                  • String ID: Resource %d:%s$`O@
                                                                                  • API String ID: 2193512306-2494596910
                                                                                  • Opcode ID: d2c659763aea7fa65e5a142a8afab7499bcdc8dbce1d9b0d6845306160327ef1
                                                                                  • Instruction ID: 0e451c3d1c8705976eb6372eae49d11802872584f9afc5ab120ed64a9f793ad4
                                                                                  • Opcode Fuzzy Hash: d2c659763aea7fa65e5a142a8afab7499bcdc8dbce1d9b0d6845306160327ef1
                                                                                  • Instruction Fuzzy Hash: 1C4151709083059BDB149F29D68426EBBE1EF84300F14847FD885B73D0D6B8DD519B8A
                                                                                  Function 004022B0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 77COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: Resource$atoi$ErrorFindLastLoadLockfprintf
                                                                                  • String ID: Resource %d:%s
                                                                                  • API String ID: 1405122715-3770364717
                                                                                  • Opcode ID: 860e33d9464aaac1aaf4294ce0ce0efbf730c1f33b9003797695dbf45b4547a1
                                                                                  • Instruction ID: 173d0b95324560bc3b63ac67752d65b29fca71815bb9e03dc755f331b579f335
                                                                                  • Opcode Fuzzy Hash: 860e33d9464aaac1aaf4294ce0ce0efbf730c1f33b9003797695dbf45b4547a1
                                                                                  • Instruction Fuzzy Hash: 5B21B2759083018BDB14EF3AD58076FBBE0AF84340F01883EE989A7391D73CD8658B96
                                                                                  Function 004021A0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 89COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: Resource$ErrorFindLastLoadLockfprintf
                                                                                  • String ID: Resource %d:%s$true
                                                                                  • API String ID: 2300709556-1650570159
                                                                                  • Opcode ID: 81dd6341af696f5ba0067316c7a2603a014bd5558d3fa65d953e464f06248ab3
                                                                                  • Instruction ID: edd0d00bdcf57973877bd5b19408a799ab47b92a6fbc58d7c0a8dfc23e37736a
                                                                                  • Opcode Fuzzy Hash: 81dd6341af696f5ba0067316c7a2603a014bd5558d3fa65d953e464f06248ab3
                                                                                  • Instruction Fuzzy Hash: DA21FB72A083155BDB10AF79D54436BBBE4FF80350F05847FE989A73C0D639DA148B95
                                                                                  Function 00401DC5 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 39libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressCurrentHandleModuleProcProcessfprintf
                                                                                  • String ID: IsWow64Process$WOW64:%s$yes
                                                                                  • API String ID: 24026888-2072328098
                                                                                  • Opcode ID: 79cba90a5c32919940d47014e4f11db2286ddd08fea7034ebff4aa08fe6649a9
                                                                                  • Instruction ID: aea4bb79273e8d534990c21f24d6dc2711a2c6fda4608cbe9aad56ecb48cfa11
                                                                                  • Opcode Fuzzy Hash: 79cba90a5c32919940d47014e4f11db2286ddd08fea7034ebff4aa08fe6649a9
                                                                                  • Instruction Fuzzy Hash: 9001677060430597CB00BF75D58521B76E0AB84348F01C83ED5857B381D778DC25CB9A
                                                                                  Function 00401DD0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 37libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressCurrentHandleModuleProcProcessfprintf
                                                                                  • String ID: IsWow64Process$WOW64:%s$yes
                                                                                  • API String ID: 24026888-2072328098
                                                                                  • Opcode ID: 0f449fa4e61134affe168ec5c855c7a0e9b7151d64be7ae9747b5a4d41c4c0fd
                                                                                  • Instruction ID: a217be7bda152947c960663f56388daf3a3792abde6a83131336f65876ccd3cc
                                                                                  • Opcode Fuzzy Hash: 0f449fa4e61134affe168ec5c855c7a0e9b7151d64be7ae9747b5a4d41c4c0fd
                                                                                  • Instruction Fuzzy Hash: 52F03170A0830597DB00BF75D58511F7AE4AB84348F01C83ED985AB3D6EB78DC249B9A
                                                                                  Function 00405CDC Relevance: 12.0, APIs: 6, Strings: 2, Instructions: 45stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  • --l4j-, xrefs: 00405C50, 00405C8E
                                                                                  • -Dfile.encoding=UTF-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\COPYRIGHT;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre, xrefs: 00405CAE, 00405CCA
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: strstr$ErrorLaststrcatstrchrstrcpystrlen
                                                                                  • String ID: --l4j-$-Dfile.encoding=UTF-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\COPYRIGHT;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre
                                                                                  • API String ID: 1304447673-1914445181
                                                                                  • Opcode ID: d165a1be7fc4b68c02de8a7e451452b4915db2d7301cae9c236fcca6c72a7ef8
                                                                                  • Instruction ID: 56afbf9f269423abcfbc407513a566e97e7e4f5f61a7ec7fa9ea9c2cf9926f11
                                                                                  • Opcode Fuzzy Hash: d165a1be7fc4b68c02de8a7e451452b4915db2d7301cae9c236fcca6c72a7ef8
                                                                                  • Instruction Fuzzy Hash: 950109745087109AE710AF65C44436BBAE1EF44304F45887FD589B73C2D77D88518B8A
                                                                                  Function 004019E0 Relevance: 10.6, APIs: 7, Instructions: 74timewindowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: KillMessagePostQuitTimer$CodeEnumExitProcessShowWindowWindows
                                                                                  • String ID:
                                                                                  • API String ID: 1905518172-0
                                                                                  • Opcode ID: ed7f04139cc10e99910bf818abc7fe4566fa36b293454e2dcc1566a67e520c2f
                                                                                  • Instruction ID: 4aa06db3ae75fa459c5dc857b340d842a3fba66811b007700aa9ab28a47e10bc
                                                                                  • Opcode Fuzzy Hash: ed7f04139cc10e99910bf818abc7fe4566fa36b293454e2dcc1566a67e520c2f
                                                                                  • Instruction Fuzzy Hash: 75216F71B053048BC714EF39EA4571A77E1AB80348F00853EE885A73A0D739E915DB9B
                                                                                  Function 004020C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: Resource$ErrorFindLastLoadLockfprintf
                                                                                  • String ID: Resource %d:%s
                                                                                  • API String ID: 2300709556-3770364717
                                                                                  • Opcode ID: 5fdb7a8abfa6b102f5a50e062b281fc94a6f536b858fcc5aa029184cd9954bbf
                                                                                  • Instruction ID: 7b4c6ba3150bb0ca76113f71d5647f24083859b2f22289e308b5470f49ef36ec
                                                                                  • Opcode Fuzzy Hash: 5fdb7a8abfa6b102f5a50e062b281fc94a6f536b858fcc5aa029184cd9954bbf
                                                                                  • Instruction Fuzzy Hash: D321C570A083018BDB00FF39DA8035ABBE4EF44344F00847FE989EB381D278D8558B86
                                                                                  Function 00403659 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  • Heap %s:Requested %d MB / %d%%, Available: %d MB, Heap size: %d MB, xrefs: 00403688
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: strlen$_itoafprintfstrcat
                                                                                  • String ID: Heap %s:Requested %d MB / %d%%, Available: %d MB, Heap size: %d MB
                                                                                  • API String ID: 309510014-1709647519
                                                                                  • Opcode ID: 4c106ecc713cc839283f90cd6b49804e0ebd0d678dfbdb3f99c2325a0ba98a86
                                                                                  • Instruction ID: e9b7ccf47b61d8f8975171a80ab5ecc25053be3e66329a59218f8502b43fd955
                                                                                  • Opcode Fuzzy Hash: 4c106ecc713cc839283f90cd6b49804e0ebd0d678dfbdb3f99c2325a0ba98a86
                                                                                  • Instruction Fuzzy Hash: 2B1115B59083059FCB04DF59C08129EFBF2FF88300F12882EE899AB351C7389855CB86
                                                                                  Function 00401B87 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35stringfileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: fopenmemsetstrlenstrncpy
                                                                                  • String ID: j.lo$nch4
                                                                                  • API String ID: 80595551-1605737849
                                                                                  • Opcode ID: 70a3b17f3908ebedc0b3180f6b19ea0b43561d51c620d0b91f5d0ff4da68ae63
                                                                                  • Instruction ID: 17a981617f60ab97fca732e22f92d21c70fcd95c49624fe496cb553d8773ac1f
                                                                                  • Opcode Fuzzy Hash: 70a3b17f3908ebedc0b3180f6b19ea0b43561d51c620d0b91f5d0ff4da68ae63
                                                                                  • Instruction Fuzzy Hash: 0601E8B5D083049BC714AF25D48155AFBE0FF48314F42C86EA88D9B356D6389954CB96
                                                                                  Function 00401000 Relevance: 9.1, APIs: 6, Instructions: 89COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: signal
                                                                                  • String ID:
                                                                                  • API String ID: 1946981877-0
                                                                                  • Opcode ID: dc29bf9aea78ba53ae1806de999a580e3e5e4b6085ce782c554fd26ddb7216e3
                                                                                  • Instruction ID: 1bbb52622e8a19badba6bad6b28e715f43f04d6c83c205b25cbd975ffaf7a7a3
                                                                                  • Opcode Fuzzy Hash: dc29bf9aea78ba53ae1806de999a580e3e5e4b6085ce782c554fd26ddb7216e3
                                                                                  • Instruction Fuzzy Hash: 63312FB0A042408BD724AF69C58036EB6A0BF49354F16893FD9C5E77E1C6BECCD0974A
                                                                                  Function 00405010 Relevance: 9.1, APIs: 6, Instructions: 53stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: EnvironmentVariablestrlen$memsetstrcat
                                                                                  • String ID:
                                                                                  • API String ID: 2108680700-0
                                                                                  • Opcode ID: d95cb74e045f58805c42f9113675087c7de655c0657359ccab51889906dee4cd
                                                                                  • Instruction ID: 19ba68cff2aee44dae23cc5b56ef49d50704ee26ecf9892f5ebb6658b324295f
                                                                                  • Opcode Fuzzy Hash: d95cb74e045f58805c42f9113675087c7de655c0657359ccab51889906dee4cd
                                                                                  • Instruction Fuzzy Hash: 9D1119B5D087149BCB00EF69C54105DFBF1EF88314F1284BEE888A7355DA385A518BC6
                                                                                  Function 00402620 Relevance: 9.0, APIs: 4, Strings: 2, Instructions: 34stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: strcatstrlen
                                                                                  • String ID: bin\java.exe$bin\javaw.exe
                                                                                  • API String ID: 1179760717-2770878578
                                                                                  • Opcode ID: b65ea48d9e9f20d7926c5458ddd7f93f7f40326ce165c218aab041ff87f19a90
                                                                                  • Instruction ID: 7687c5f18350c46cbce8d6c5260ce5ab4989a23d013a9ddc911cfd2f41cc631c
                                                                                  • Opcode Fuzzy Hash: b65ea48d9e9f20d7926c5458ddd7f93f7f40326ce165c218aab041ff87f19a90
                                                                                  • Instruction Fuzzy Hash: 01F062B4D183049EE710AF39D9C9A1ABBD4AF00308F46487EE4895F3D3D77A8450879A
                                                                                  Function 004052DE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • SetEnvironmentVariableA.KERNEL32 ref: 004052EC
                                                                                  • strtok.MSVCRT(?,?,?,?,00406514), ref: 004052FF
                                                                                  • strchr.MSVCRT ref: 00405316
                                                                                    • Part of subcall function 00403100: memset.MSVCRT ref: 00403136
                                                                                    • Part of subcall function 00403100: memset.MSVCRT ref: 00403151
                                                                                    • Part of subcall function 00403100: strchr.MSVCRT ref: 0040316C
                                                                                    • Part of subcall function 00403100: strchr.MSVCRT ref: 0040318A
                                                                                    • Part of subcall function 00403100: strncat.MSVCRT ref: 004031AF
                                                                                    • Part of subcall function 00403100: strncat.MSVCRT ref: 004031D5
                                                                                    • Part of subcall function 00403100: strlen.MSVCRT ref: 004031EB
                                                                                    • Part of subcall function 00403100: strstr.MSVCRT ref: 0040327E
                                                                                  • fprintf.MSVCRT ref: 0040535A
                                                                                  • SetLastError.KERNEL32(?,?,?,00406514), ref: 00405373
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: strchr$memsetstrncat$EnvironmentErrorLastVariablefprintfstrlenstrstrstrtok
                                                                                  • String ID: Set var:%s = %s
                                                                                  • API String ID: 3263537496-1184643595
                                                                                  • Opcode ID: ee98d8c8936dcdd218bc3ae6b4bee14f3b7f662cf54e9fc7437ca12448ec09f5
                                                                                  • Instruction ID: b35ccef8a7e5673246ed472a237be416f5c44ba05b5604b2d57a73e62d97e0d5
                                                                                  • Opcode Fuzzy Hash: ee98d8c8936dcdd218bc3ae6b4bee14f3b7f662cf54e9fc7437ca12448ec09f5
                                                                                  • Instruction Fuzzy Hash: FA01DAB05087109EC701AF2AC58031EBFE4AF88744F41C87FE4C8AB381D77889519F9A
                                                                                  Function 00401FCC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 32stringwindowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • FormatMessageA.KERNEL32(?,?,?,?,?,?,?,?,004013DA), ref: 00401FFD
                                                                                  • strlen.MSVCRT ref: 0040201F
                                                                                  • strcat.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004013DA), ref: 00402040
                                                                                  • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004013DA), ref: 0040204B
                                                                                  • fprintf.MSVCRT ref: 004020A9
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: FormatFreeLocalMessagefprintfstrcatstrlen
                                                                                  • String ID: An error occurred while starting the application.
                                                                                  • API String ID: 863393273-2110520379
                                                                                  • Opcode ID: 9e24085052815f66a929547d79b0b0ecebc814cf3094997c733abd0dc5bb07b1
                                                                                  • Instruction ID: 48929c70c90143ab4f29c9b601d13be01fb97ec1997cc056402bd9998a5ef999
                                                                                  • Opcode Fuzzy Hash: 9e24085052815f66a929547d79b0b0ecebc814cf3094997c733abd0dc5bb07b1
                                                                                  • Instruction Fuzzy Hash: 730116B0A083018BC300EF69C28025BBBF1BB84314F01886EE8C9A7245D77896548B8A
                                                                                  Function 004012D0 Relevance: 7.6, APIs: 5, Instructions: 68stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • memset.MSVCRT ref: 004012F4
                                                                                    • Part of subcall function 004020C0: FindResourceExA.KERNEL32(?,?,?,00401888), ref: 004020EF
                                                                                    • Part of subcall function 004020C0: LoadResource.KERNEL32 ref: 00402108
                                                                                    • Part of subcall function 004020C0: LockResource.KERNEL32 ref: 00402117
                                                                                  • FindWindowExA.USER32 ref: 0040132A
                                                                                  • GetWindowTextA.USER32 ref: 00401350
                                                                                  • strstr.MSVCRT ref: 0040135F
                                                                                  • FindWindowExA.USER32 ref: 0040137F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: FindResourceWindow$LoadLockTextmemsetstrstr
                                                                                  • String ID:
                                                                                  • API String ID: 1871962372-0
                                                                                  • Opcode ID: 1298e7c1909e02cac85a35fd553868d9f91c7302c22f4e1a6b2c68c72ce7dee5
                                                                                  • Instruction ID: 5d52d5c0b459d14cb6f1974f7d56ade6fd7020e608e51b2663064d8790cfeea0
                                                                                  • Opcode Fuzzy Hash: 1298e7c1909e02cac85a35fd553868d9f91c7302c22f4e1a6b2c68c72ce7dee5
                                                                                  • Instruction Fuzzy Hash: 282160B2A083019BE714AF6AD54129FFBE4EF84354F01C83FE98CD3691E67885548B86
                                                                                  Function 00402EE0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 98stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  • Runtime used:%s (%s-bit), xrefs: 00402FC4
                                                                                  • C:\Users\user\AppData\Roaming\InstallerPDW\jre, xrefs: 00402F90
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: fprintfstrcpy
                                                                                  • String ID: C:\Users\user\AppData\Roaming\InstallerPDW\jre$Runtime used:%s (%s-bit)
                                                                                  • API String ID: 1458319006-3850472854
                                                                                  • Opcode ID: 5561c27fd72a1e767c22225ba6b48e1c42a17190cfea799da6d8e7f1897e806e
                                                                                  • Instruction ID: e570360796af71997f007bbec0ddf7bd71377d3d7eeb5d391251dbc393d587ea
                                                                                  • Opcode Fuzzy Hash: 5561c27fd72a1e767c22225ba6b48e1c42a17190cfea799da6d8e7f1897e806e
                                                                                  • Instruction Fuzzy Hash: CA3139719093019BD715AF24864839FB6A1EB80748F01C87FE8887B3C6D7BD9C419B8A
                                                                                  Function 00402EDE Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 68stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  • Runtime used:%s (%s-bit), xrefs: 00402FC4
                                                                                  • C:\Users\user\AppData\Roaming\InstallerPDW\jre, xrefs: 00402F90
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: fprintfstrcpy
                                                                                  • String ID: C:\Users\user\AppData\Roaming\InstallerPDW\jre$Runtime used:%s (%s-bit)
                                                                                  • API String ID: 1458319006-3850472854
                                                                                  • Opcode ID: e34a0cca9953dcd10a531016e5b932c1cff74b83191ca0bd0e7937265830d13f
                                                                                  • Instruction ID: 2e410cda6b073cc25c187766190d21a1da9afde98849d5476af63c368e3af956
                                                                                  • Opcode Fuzzy Hash: e34a0cca9953dcd10a531016e5b932c1cff74b83191ca0bd0e7937265830d13f
                                                                                  • Instruction Fuzzy Hash: 602181719043059BD7149F15C64439BB7A5EB80348F01C87EE8887B3C6C7BD9C519B89
                                                                                  Function 00403700 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 37COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GlobalMemoryStatusEx.KERNEL32 ref: 00403717
                                                                                    • Part of subcall function 004033F0: FindResourceExA.KERNEL32 ref: 00403440
                                                                                    • Part of subcall function 004033F0: LoadResource.KERNEL32 ref: 0040345C
                                                                                    • Part of subcall function 004033F0: LockResource.KERNEL32 ref: 0040346B
                                                                                    • Part of subcall function 004033F0: fprintf.MSVCRT ref: 004034B3
                                                                                    • Part of subcall function 004033F0: atoi.MSVCRT ref: 004034C3
                                                                                    • Part of subcall function 004033F0: FindResourceExA.KERNEL32 ref: 004034FE
                                                                                    • Part of subcall function 004033F0: LoadResource.KERNEL32 ref: 0040351B
                                                                                    • Part of subcall function 004033F0: LockResource.KERNEL32 ref: 0040352A
                                                                                    • Part of subcall function 004033F0: fprintf.MSVCRT ref: 00403573
                                                                                    • Part of subcall function 004033F0: atoi.MSVCRT ref: 00403583
                                                                                    • Part of subcall function 004033F0: strcat.MSVCRT(?), ref: 0040361A
                                                                                    • Part of subcall function 004033F0: strlen.MSVCRT ref: 00403622
                                                                                    • Part of subcall function 004033F0: _itoa.MSVCRT ref: 00403639
                                                                                    • Part of subcall function 004033F0: strlen.MSVCRT ref: 00403641
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: Resource$FindLoadLockatoifprintfstrlen$GlobalMemoryStatus_itoastrcat
                                                                                  • String ID: -Xms$-Xmx$@
                                                                                  • API String ID: 2157757142-2676391021
                                                                                  • Opcode ID: dff8b46c210c447c65d657b453adb865e188cc97235aba00eb8c1e73047c40b0
                                                                                  • Instruction ID: 0838842f76f9e4a7ac68c74f3cf3971a36c87926e8153908363a189b489a0147
                                                                                  • Opcode Fuzzy Hash: dff8b46c210c447c65d657b453adb865e188cc97235aba00eb8c1e73047c40b0
                                                                                  • Instruction Fuzzy Hash: 1D01D7B09097099FC704DF69E18154EBBF1EF88304F10883EF489A7385D738D9449B46
                                                                                  Function 00401AFC Relevance: 6.0, APIs: 4, Instructions: 26timewindowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: CodeEnumExitKillMessagePostProcessQuitTimerWindows
                                                                                  • String ID:
                                                                                  • API String ID: 405088690-0
                                                                                  • Opcode ID: 9d36f53bfc2b48dcf375a5f439baa85ef358b269035d827499970f5c7433ee0c
                                                                                  • Instruction ID: 4530f2aae7447fe0df29e6f37fc7dc1219e95ab942fdeb78a325eac38ac8bd41
                                                                                  • Opcode Fuzzy Hash: 9d36f53bfc2b48dcf375a5f439baa85ef358b269035d827499970f5c7433ee0c
                                                                                  • Instruction Fuzzy Hash: 87F05EB59093008BC300BF34DA052197AE0AB40348F018A3FE8C5A33D1D77C9558EB9B
                                                                                  Function 00401B20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: HandleModule
                                                                                  • String ID: Laun$ch4j
                                                                                  • API String ID: 4139908857-52159806
                                                                                  • Opcode ID: ba5704b0daeddb5bd746fd9b5eed543a5f99ab6f6a48090e1268a62a4232c58d
                                                                                  • Instruction ID: 3efb9f204aa9b6cf598ae448a7fd9fa3256bf58a8a3bede9923b47c04f3ea8c0
                                                                                  • Opcode Fuzzy Hash: ba5704b0daeddb5bd746fd9b5eed543a5f99ab6f6a48090e1268a62a4232c58d
                                                                                  • Instruction Fuzzy Hash: 30F01CB0A042058BD708EF3EEE053963AE2A784300F04C27ED409CB3B5EBB484618B8D
                                                                                  Function 00402531 Relevance: 5.1, APIs: 4, Instructions: 51stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.2301559991.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000003.00000002.2301522306.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301616155.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301643290.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 00000003.00000002.2301704772.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_400000_install.jbxd
                                                                                  Similarity
                                                                                  • API ID: strlen$strchrstrncpy
                                                                                  • String ID:
                                                                                  • API String ID: 4793283-0
                                                                                  • Opcode ID: c717c3167b26713e1d36be612c62a11c9a96452fabd6d96aff045e23f77e9a9b
                                                                                  • Instruction ID: 1041cfa0432d9ad742072a7b848d71ebc1d8de872eff087a6a568f2cbe167894
                                                                                  • Opcode Fuzzy Hash: c717c3167b26713e1d36be612c62a11c9a96452fabd6d96aff045e23f77e9a9b
                                                                                  • Instruction Fuzzy Hash: 0E11D3B8D04728ABCB009F55C5841AEFBB1EF48310F1684AAE8547B381C779AA41CBC6

                                                                                  Execution Graph

                                                                                  Execution Coverage:1.6%
                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                  Signature Coverage:2.7%
                                                                                  Total number of Nodes:1389
                                                                                  Total number of Limit Nodes:153
                                                                                  execution_graph 59644 6b3db2cd RegOpenKeyExW 59645 6b3db2f9 RegQueryValueExW 59644->59645 59646 6b3db344 59644->59646 59647 6b3db33b RegCloseKey 59645->59647 59648 6b3db31e 59645->59648 59647->59646 59648->59647 59649 6b3c6f48 __EH_prolog3_catch 59650 6b3c6f5d 59649->59650 59656 6b3f4450 59650->59656 59652 6b3c6f62 59653 6b3c7329 _CxxThrowException 59652->59653 59655 6b3c6feb ctype 59652->59655 59654 6b3c7348 59653->59654 59657 6b3f448b GetCurrentThreadId 59656->59657 59658 6b3f44c9 59656->59658 59657->59658 59659 6b3f4499 _CxxThrowException CreateEventW WaitForSingleObject 59657->59659 59658->59652 59659->59652 59660 6b40472c 59661 6b404737 59660->59661 59662 6b40473c 59660->59662 59674 6b404ac4 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 59661->59674 59666 6b404616 59662->59666 59665 6b40474a 59667 6b404622 ___DllMainCRTStartup 59666->59667 59670 6b404649 ___DllMainCRTStartup 59667->59670 59671 6b40467d 59667->59671 59675 6b40440c 59667->59675 59669 6b4046ad 59669->59670 59672 6b40440c __CRT_INIT@12 19 API calls 59669->59672 59670->59665 59671->59669 59671->59670 59673 6b40440c __CRT_INIT@12 19 API calls 59671->59673 59672->59670 59673->59669 59674->59662 59678 6b40444f 59675->59678 59680 6b40441d 59675->59680 59676 6b404532 InterlockedCompareExchange 59676->59680 59681 6b40453c 59676->59681 59677 6b404485 InterlockedCompareExchange 59677->59678 59679 6b40448d 59677->59679 59678->59677 59678->59679 59682 6b404478 Sleep 59678->59682 59695 6b404448 __IsNonwritableInCurrentImage 59678->59695 59684 6b4044a2 _amsg_exit 59679->59684 59685 6b4044ab _initterm_e 59679->59685 59680->59676 59680->59681 59683 6b404527 Sleep 59680->59683 59680->59695 59686 6b40455c DecodePointer 59681->59686 59687 6b40454f _amsg_exit 59681->59687 59682->59677 59683->59676 59688 6b4044e4 59684->59688 59689 6b4044ce _initterm 59685->59689 59685->59695 59690 6b404575 DecodePointer 59686->59690 59691 6b4045f8 59686->59691 59687->59695 59693 6b4044ec InterlockedExchange 59688->59693 59688->59695 59689->59688 59694 6b404588 59690->59694 59692 6b404604 InterlockedExchange 59691->59692 59691->59695 59692->59695 59693->59695 59696 6b4045de free _encoded_null 59694->59696 59697 6b404595 _encoded_null 59694->59697 59695->59671 59696->59691 59697->59694 59698 6b40459f DecodePointer _encoded_null 59697->59698 59699 6b4045b1 DecodePointer DecodePointer 59698->59699 59699->59694 59700 978c59 59740 97db40 59700->59740 59702 978c65 GetStartupInfoW 59703 978c79 HeapSetInformation 59702->59703 59706 978c84 59702->59706 59703->59706 59705 978cd2 59707 978cdd 59705->59707 59853 978c30 66 API calls 3 library calls 59705->59853 59741 97f6fb HeapCreate 59706->59741 59742 97d6c1 GetModuleHandleW 59707->59742 59710 978ce3 59711 978cee __RTC_Initialize 59710->59711 59854 978c30 66 API calls 3 library calls 59710->59854 59767 97f4b6 GetStartupInfoW 59711->59767 59715 978d08 GetCommandLineA 59780 97f41f GetEnvironmentStringsW 59715->59780 59722 978d2d 59804 97f0ee 59722->59804 59725 978d33 59726 978d3e 59725->59726 59857 978a54 66 API calls 3 library calls 59725->59857 59824 978833 59726->59824 59729 978d46 59730 978d51 59729->59730 59858 978a54 66 API calls 3 library calls 59729->59858 59830 97f08f 59730->59830 59736 978d81 59859 978a36 66 API calls _doexit 59736->59859 59739 978d86 __wopen 59740->59702 59741->59705 59743 97d6d5 59742->59743 59744 97d6de GetProcAddress GetProcAddress GetProcAddress GetProcAddress 59742->59744 59860 97d3a0 DecodePointer TlsFree 59743->59860 59747 97d728 TlsAlloc 59744->59747 59749 97d837 59747->59749 59750 97d776 TlsSetValue 59747->59750 59749->59710 59750->59749 59751 97d787 59750->59751 59861 9787dc EncodePointer EncodePointer __init_pointers ___crtMessageBoxW __initp_misc_winsig 59751->59861 59753 97d78c EncodePointer EncodePointer EncodePointer EncodePointer 59862 97cd32 InitializeCriticalSectionAndSpinCount 59753->59862 59755 97d7cb 59756 97d832 59755->59756 59757 97d7cf DecodePointer 59755->59757 59882 97d3a0 DecodePointer TlsFree 59756->59882 59759 97d7e4 59757->59759 59759->59756 59863 97fe3d 59759->59863 59762 97d802 DecodePointer 59763 97d813 59762->59763 59763->59756 59764 97d817 59763->59764 59869 97d3dd 59764->59869 59766 97d81f GetCurrentThreadId 59766->59749 59768 97fe3d __calloc_crt 66 API calls 59767->59768 59769 97f4d4 59768->59769 59769->59769 59771 97fe3d __calloc_crt 66 API calls 59769->59771 59773 978cfc 59769->59773 59775 97f5c9 59769->59775 59776 97f649 59769->59776 59770 97f67f GetStdHandle 59770->59776 59771->59769 59772 97f6e3 SetHandleCount 59772->59773 59773->59715 59855 978a54 66 API calls 3 library calls 59773->59855 59774 97f691 GetFileType 59774->59776 59775->59776 59777 97f5f5 GetFileType 59775->59777 59778 97f600 InitializeCriticalSectionAndSpinCount 59775->59778 59776->59770 59776->59772 59776->59774 59779 97f6b7 InitializeCriticalSectionAndSpinCount 59776->59779 59777->59775 59777->59778 59778->59773 59778->59775 59779->59773 59779->59776 59781 978d18 59780->59781 59782 97f43b WideCharToMultiByte 59780->59782 59793 97f364 59781->59793 59784 97f470 59782->59784 59785 97f4a8 FreeEnvironmentStringsW 59782->59785 59924 97fdf8 59784->59924 59785->59781 59788 97f47e WideCharToMultiByte 59789 97f490 59788->59789 59790 97f49c FreeEnvironmentStringsW 59788->59790 59930 978dd0 66 API calls 2 library calls 59789->59930 59790->59781 59792 97f498 59792->59790 59794 97f37e GetModuleFileNameA 59793->59794 59795 97f379 59793->59795 59797 97f3a5 59794->59797 59968 984f08 94 API calls __setmbcp 59795->59968 59962 97f1ca 59797->59962 59800 97fdf8 __malloc_crt 66 API calls 59801 97f3e7 59800->59801 59802 97f1ca _parse_cmdline 76 API calls 59801->59802 59803 978d22 59801->59803 59802->59803 59803->59722 59856 978a54 66 API calls 3 library calls 59803->59856 59805 97f0f7 59804->59805 59808 97f0fc _strlen 59804->59808 59970 984f08 94 API calls __setmbcp 59805->59970 59807 97f10a 59807->59725 59808->59807 59809 97fe3d __calloc_crt 66 API calls 59808->59809 59810 97f131 _strlen 59809->59810 59810->59807 59811 97f180 59810->59811 59813 97fe3d __calloc_crt 66 API calls 59810->59813 59814 97f1a6 59810->59814 59817 97f1bd 59810->59817 59971 97ee39 66 API calls __wopen 59810->59971 59972 978dd0 66 API calls 2 library calls 59811->59972 59813->59810 59973 978dd0 66 API calls 2 library calls 59814->59973 59974 97d284 10 API calls __call_reportfault 59817->59974 59820 97f1c9 59822 97f256 59820->59822 59975 985e24 76 API calls x_ismbbtype_l 59820->59975 59821 97f354 59821->59725 59822->59821 59823 985e24 76 API calls __wincmdln 59822->59823 59823->59822 59826 978841 __IsNonwritableInCurrentImage 59824->59826 59976 97d9c2 59826->59976 59827 97885f __initterm_e 59829 978880 __IsNonwritableInCurrentImage 59827->59829 59979 97d95f 76 API calls __cinit 59827->59979 59829->59729 59831 97f09d 59830->59831 59835 97f0a2 59830->59835 59980 984f08 94 API calls __setmbcp 59831->59980 59833 978d57 59836 971000 59833->59836 59835->59833 59981 985e24 76 API calls x_ismbbtype_l 59835->59981 59837 971005 59836->59837 59982 978bb6 59837->59982 59839 971018 59840 971053 GetCommandLineA 59839->59840 60055 978a72 104 API calls 5 library calls 59839->60055 59995 97388e 59840->59995 59843 97105f 60002 973904 59843->60002 59844 971029 59844->59840 60056 978a72 104 API calls 5 library calls 59844->60056 59847 971073 60009 9733ba 59847->60009 59850 978a0a 61454 9788ca 59850->61454 59852 978a1b 59852->59736 59853->59707 59854->59711 59859->59739 59861->59753 59862->59755 59866 97fe46 59863->59866 59865 97d7fa 59865->59756 59865->59762 59866->59865 59867 97fe64 Sleep 59866->59867 59883 985d4f 59866->59883 59868 97fe79 59867->59868 59868->59865 59868->59866 59894 97db40 59869->59894 59871 97d3e9 GetModuleHandleW 59895 97ceac 59871->59895 59873 97d427 InterlockedIncrement 59902 97d47f 59873->59902 59876 97ceac __lock 64 API calls 59877 97d448 59876->59877 59905 984f26 InterlockedIncrement 59877->59905 59879 97d466 59917 97d488 59879->59917 59881 97d473 __wopen 59881->59766 59884 985d5b 59883->59884 59888 985d76 59883->59888 59885 985d67 59884->59885 59884->59888 59892 97ab01 66 API calls __getptd_noexit 59885->59892 59887 985d89 HeapAlloc 59887->59888 59890 985db0 59887->59890 59888->59887 59888->59890 59893 97d2f5 DecodePointer 59888->59893 59889 985d6c 59889->59866 59890->59866 59892->59889 59893->59888 59894->59871 59896 97ced4 EnterCriticalSection 59895->59896 59897 97cec1 59895->59897 59896->59873 59920 97cdea 66 API calls 8 library calls 59897->59920 59899 97cec7 59899->59896 59921 978a54 66 API calls 3 library calls 59899->59921 59922 97cdd3 LeaveCriticalSection 59902->59922 59904 97d441 59904->59876 59906 984f44 InterlockedIncrement 59905->59906 59907 984f47 59905->59907 59906->59907 59908 984f51 InterlockedIncrement 59907->59908 59909 984f54 59907->59909 59908->59909 59910 984f5e InterlockedIncrement 59909->59910 59911 984f61 59909->59911 59910->59911 59912 984f6b InterlockedIncrement 59911->59912 59914 984f6e 59911->59914 59912->59914 59913 984f87 InterlockedIncrement 59913->59914 59914->59913 59915 984f97 InterlockedIncrement 59914->59915 59916 984fa2 InterlockedIncrement 59914->59916 59915->59914 59916->59879 59923 97cdd3 LeaveCriticalSection 59917->59923 59919 97d48f 59919->59881 59920->59899 59922->59904 59923->59919 59927 97fe01 59924->59927 59926 97f476 59926->59785 59926->59788 59927->59926 59928 97fe18 Sleep 59927->59928 59931 97a029 59927->59931 59929 97fe2d 59928->59929 59929->59926 59929->59927 59930->59792 59932 97a0a6 59931->59932 59943 97a037 59931->59943 59956 97d2f5 DecodePointer 59932->59956 59934 97a0ac 59957 97ab01 66 API calls __getptd_noexit 59934->59957 59937 97a065 RtlAllocateHeap 59937->59943 59947 97a09e 59937->59947 59939 97a092 59954 97ab01 66 API calls __getptd_noexit 59939->59954 59943->59937 59943->59939 59944 97a090 59943->59944 59945 97a042 59943->59945 59953 97d2f5 DecodePointer 59943->59953 59955 97ab01 66 API calls __getptd_noexit 59944->59955 59945->59943 59948 97df04 66 API calls 2 library calls 59945->59948 59949 97dd55 66 API calls 6 library calls 59945->59949 59950 9787b2 59945->59950 59947->59927 59948->59945 59949->59945 59958 978787 GetModuleHandleW 59950->59958 59953->59943 59954->59944 59955->59947 59956->59934 59957->59947 59959 9787b0 ExitProcess 59958->59959 59960 97879b GetProcAddress 59958->59960 59960->59959 59961 9787ab 59960->59961 59961->59959 59963 97f1e9 59962->59963 59966 97f256 59963->59966 59969 985e24 76 API calls x_ismbbtype_l 59963->59969 59965 97f354 59965->59800 59965->59803 59966->59965 59967 985e24 76 API calls __wincmdln 59966->59967 59967->59966 59968->59794 59969->59963 59970->59808 59971->59810 59972->59807 59973->59807 59974->59820 59975->59820 59977 97d9c8 EncodePointer 59976->59977 59977->59977 59978 97d9e2 59977->59978 59978->59827 59979->59829 59980->59835 59981->59835 59985 978bc2 __wopen _strnlen 59982->59985 59983 978bce 60057 97ab01 66 API calls __getptd_noexit 59983->60057 59985->59983 59988 978bfa 59985->59988 59986 978bd3 60058 97d2d6 11 API calls __wopen 59986->60058 59989 97ceac __lock 66 API calls 59988->59989 59990 978c01 59989->59990 60059 978b2f 99 API calls 3 library calls 59990->60059 59992 978c0e 60060 978c27 LeaveCriticalSection _doexit 59992->60060 59993 978bde __wopen 59993->59839 60061 97394b 59995->60061 59997 9738ab 60000 97394b 97 API calls 59997->60000 60001 9738f1 59997->60001 60068 973668 59997->60068 60072 973925 59997->60072 60000->59997 60001->59843 60003 97a029 _malloc 66 API calls 60002->60003 60004 97390d 60003->60004 60005 973924 60004->60005 60119 979f9b 97 API calls 6 library calls 60004->60119 60005->59847 60007 97391c 60008 978a0a 66 API calls 60007->60008 60008->60005 60120 97443d 60009->60120 60013 973458 60023 97349f 60013->60023 60257 978a72 104 API calls 5 library calls 60013->60257 60018 973494 60259 97129b 60018->60259 60022 97346c 60022->60018 60258 978a72 104 API calls 5 library calls 60022->60258 60147 97256f 60023->60147 60025 97350d 60208 974dc6 60025->60208 60026 9734f7 60026->60025 60273 973ad9 60026->60273 60029 973529 60249 9796e8 60029->60249 60030 973523 60030->60029 60033 973ad9 2 API calls 60030->60033 60034 97353f 60030->60034 60032 9710d9 60032->59736 60032->59850 60033->60034 60219 973971 60034->60219 60037 9735a7 60039 978bb6 __wgetenv 99 API calls 60037->60039 60038 973574 60278 972e45 135 API calls __tzset_nolock 60038->60278 60041 9735b1 60039->60041 60280 9713bf 132 API calls 2 library calls 60041->60280 60042 97358a 60279 9717a2 136 API calls 5 library calls 60042->60279 60044 973598 60044->60029 60223 97296b 60044->60223 60048 9735f6 60235 97192a 60048->60235 60053 97360c 60244 97447e 60053->60244 60055->59844 60056->59844 60057->59986 60058->59993 60059->59992 60060->59993 60079 98624d 60061->60079 60064 97396b 60064->59997 60066 973963 60067 978a0a 66 API calls 60066->60067 60067->60064 60069 97368b CharNextExA 60068->60069 60070 973729 60069->60070 60071 9736a4 60069->60071 60070->59997 60071->60069 60071->60070 60091 97a0bd 60072->60091 60074 97394a 60074->59997 60075 973932 60075->60074 60112 979f9b 97 API calls 6 library calls 60075->60112 60077 973942 60078 978a0a 66 API calls 60077->60078 60078->60074 60080 98625e _strlen 60079->60080 60084 973954 60079->60084 60081 97a029 _malloc 66 API calls 60080->60081 60082 986271 60081->60082 60082->60084 60089 97ee39 66 API calls __wopen 60082->60089 60084->60064 60088 979f9b 97 API calls 6 library calls 60084->60088 60085 986283 60085->60084 60086 98628e 60085->60086 60090 97d284 10 API calls __call_reportfault 60086->60090 60088->60066 60089->60085 60090->60084 60092 97a0d3 60091->60092 60093 97a0c8 60091->60093 60095 97a0db 60092->60095 60104 97a0e8 60092->60104 60094 97a029 _malloc 66 API calls 60093->60094 60096 97a0d0 60094->60096 60113 978dd0 66 API calls 2 library calls 60095->60113 60096->60075 60098 97a120 60115 97d2f5 DecodePointer 60098->60115 60100 97a0f0 HeapReAlloc 60100->60104 60111 97a0e3 _free 60100->60111 60101 97a126 60116 97ab01 66 API calls __getptd_noexit 60101->60116 60103 97a150 60118 97ab01 66 API calls __getptd_noexit 60103->60118 60104->60098 60104->60100 60104->60103 60108 97a138 60104->60108 60114 97d2f5 DecodePointer 60104->60114 60107 97a155 GetLastError 60107->60111 60117 97ab01 66 API calls __getptd_noexit 60108->60117 60110 97a13d GetLastError 60110->60111 60111->60075 60112->60077 60113->60111 60114->60104 60115->60101 60116->60111 60117->60110 60118->60107 60119->60007 60282 979570 60120->60282 60125 971ee0 60126 971ee5 60125->60126 60146 971fc1 60126->60146 60289 978a72 104 API calls 5 library calls 60126->60289 60128 971ef9 60290 978a72 104 API calls 5 library calls 60128->60290 60130 971f1c 60291 978a72 104 API calls 5 library calls 60130->60291 60132 971f36 60292 978a72 104 API calls 5 library calls 60132->60292 60134 971f46 60293 978a72 104 API calls 5 library calls 60134->60293 60136 971f56 60294 978a72 104 API calls 5 library calls 60136->60294 60138 971f6f 60295 978a72 104 API calls 5 library calls 60138->60295 60140 971f7f 60296 978a72 104 API calls 5 library calls 60140->60296 60142 971f8f 60297 978a72 104 API calls 5 library calls 60142->60297 60144 971f99 60298 978a72 104 API calls 5 library calls 60144->60298 60146->60013 60148 9725ce _memset 60147->60148 60149 978bb6 __wgetenv 99 API calls 60148->60149 60150 9725e0 60149->60150 60151 9725e7 60150->60151 60152 972601 60150->60152 60154 97394b 97 API calls 60151->60154 60171 9725f6 60151->60171 60153 973904 97 API calls 60152->60153 60174 972611 __tzset_nolock 60153->60174 60154->60171 60155 9796e8 ___crtMessageBoxW 5 API calls 60156 972958 60155->60156 60194 974ae2 60156->60194 60158 972782 _strlen 60160 972836 60158->60160 60165 9727f0 _strlen 60158->60165 60166 973904 97 API calls 60158->60166 60159 97275c 60159->60158 60300 973ba3 105 API calls 5 library calls 60159->60300 60161 97285c 60160->60161 60162 97394b 97 API calls 60160->60162 60163 972868 60161->60163 60304 976569 97 API calls 2 library calls 60161->60304 60162->60161 60303 976179 66 API calls _free 60163->60303 60165->60160 60170 973904 97 API calls 60165->60170 60176 9727d8 _strcat 60166->60176 60168 972779 60172 978a0a 66 API calls 60168->60172 60177 97281e _strcat 60170->60177 60171->60155 60172->60158 60173 972883 60305 973eae 109 API calls 60173->60305 60174->60158 60299 975fdf 102 API calls 2 library calls 60174->60299 60301 979007 109 API calls 3 library calls 60176->60301 60302 979007 109 API calls 3 library calls 60177->60302 60179 97289e 60181 973971 99 API calls 60179->60181 60182 9728d4 60181->60182 60186 9728f3 _strlen 60182->60186 60306 976412 100 API calls __mbschr_l 60182->60306 60185 9728e9 60185->60163 60185->60186 60188 972960 60186->60188 60189 972918 60186->60189 60187 97292f 60308 974022 129 API calls 9 library calls 60187->60308 60307 979007 109 API calls 3 library calls 60189->60307 60191 972938 60309 976179 66 API calls _free 60191->60309 60193 97293d 60193->60171 60198 974b03 __tzset_nolock 60194->60198 60202 974b92 __tzset_nolock 60194->60202 60196 973ba3 105 API calls 60196->60202 60198->60202 60425 973ba3 105 API calls 5 library calls 60198->60425 60200 978a0a 66 API calls 60200->60202 60202->60196 60202->60200 60207 974c51 60202->60207 60310 9747b7 60202->60310 60365 973b5d 60202->60365 60369 972f8a 60202->60369 60396 972312 60202->60396 60414 974746 60202->60414 60205 9734de 60205->60026 60272 9710e3 139 API calls 3 library calls 60205->60272 60206 973a06 85 API calls 60206->60207 60207->60205 60207->60206 60209 973971 99 API calls 60208->60209 60210 974dd7 60209->60210 61066 974cdb 60210->61066 60213 974df7 GetProcAddress GetProcAddress 60215 974e1e 60213->60215 60214 974ded 61083 973ba3 105 API calls 5 library calls 60214->61083 60215->60214 60217 974e22 60215->60217 60218 974e33 60217->60218 60218->60030 60220 97355f 60219->60220 60221 97397a 60219->60221 60220->60037 60220->60038 61114 97a1ef 99 API calls _vwprintf_helper 60221->61114 60232 97298f __tzset_nolock _strlen 60223->60232 60224 972d9f 60224->60029 60224->60048 60281 9713bf 132 API calls 2 library calls 60224->60281 60225 972dc1 61117 973ba3 105 API calls 5 library calls 60225->61117 60228 972dee 61118 971fc3 104 API calls 3 library calls 60228->61118 60230 9794e1 102 API calls _sprintf 60230->60232 60231 973904 97 API calls 60231->60232 60232->60224 60232->60225 60232->60228 60232->60230 60232->60231 60233 97129b 97 API calls 60232->60233 61115 973ba3 105 API calls 5 library calls 60232->61115 61116 9713bf 132 API calls 2 library calls 60232->61116 60233->60232 60236 971939 _strlen 60235->60236 60240 9719bc 60235->60240 60237 973904 97 API calls 60236->60237 60238 971977 60237->60238 60239 97129b 97 API calls 60238->60239 60239->60240 60241 9719c3 60240->60241 60242 97129b 97 API calls 60241->60242 60243 9719cf 60242->60243 60243->60053 61119 971dae 60244->61119 60246 974486 61154 973339 60246->61154 60250 9796f2 IsDebuggerPresent 60249->60250 60251 9796f0 60249->60251 61450 98536a 60250->61450 60251->60032 60254 9814a9 SetUnhandledExceptionFilter UnhandledExceptionFilter 60255 9814ce GetCurrentProcess TerminateProcess 60254->60255 60256 9814c6 __call_reportfault 60254->60256 60255->60032 60256->60255 60257->60022 60258->60022 60260 9712af 60259->60260 60263 9712c9 _memmove 60259->60263 60261 9712d1 60260->60261 60262 9712b8 60260->60262 60265 973904 97 API calls 60261->60265 60264 973904 97 API calls 60262->60264 60267 971347 60263->60267 61451 9711d2 66 API calls 2 library calls 60263->61451 60264->60263 60265->60263 60269 971377 60267->60269 61452 9711d2 66 API calls 2 library calls 60267->61452 60270 9713a7 60269->60270 61453 9711d2 66 API calls 2 library calls 60269->61453 60270->60023 60272->60026 60274 973ae7 QueryPerformanceFrequency 60273->60274 60275 973afe 60273->60275 60274->60275 60276 973b07 60275->60276 60277 973b0d QueryPerformanceCounter 60275->60277 60276->60025 60277->60025 60278->60042 60279->60044 60280->60044 60281->60048 60283 97444f InitCommonControlsEx 60282->60283 60284 97398b 60283->60284 60285 978bb6 __wgetenv 99 API calls 60284->60285 60286 973997 60285->60286 60287 973452 60286->60287 60288 973971 99 API calls 60286->60288 60287->60125 60288->60287 60289->60128 60290->60130 60291->60132 60292->60134 60293->60136 60294->60138 60295->60140 60296->60142 60297->60144 60298->60146 60299->60159 60300->60168 60301->60165 60302->60160 60303->60171 60304->60173 60305->60179 60306->60185 60307->60187 60308->60191 60309->60193 60426 973a4e GetModuleFileNameA 60310->60426 60312 9747e5 60313 97489a RegOpenKeyExA 60312->60313 60316 973b5d 102 API calls 60312->60316 60314 9748f0 60313->60314 60315 9748be 60313->60315 60497 973a87 RegQueryValueExA RegQueryValueExA 60314->60497 60495 973ba3 105 API calls 5 library calls 60315->60495 60317 974807 60316->60317 60428 97a3a5 60317->60428 60321 974909 60324 974910 60321->60324 60332 974928 __tzset_nolock 60321->60332 60322 9748c9 60496 973ba3 105 API calls 5 library calls 60322->60496 60323 974817 60325 974832 _strlen 60323->60325 60326 97481f 60323->60326 60498 973ba3 105 API calls 5 library calls 60324->60498 60333 974855 60325->60333 60334 974843 60325->60334 60329 973971 99 API calls 60326->60329 60330 974829 60329->60330 60335 9796e8 ___crtMessageBoxW 5 API calls 60330->60335 60338 974940 60332->60338 60339 97495d RegOpenKeyExA 60332->60339 60340 973b5d 102 API calls 60333->60340 60337 973971 99 API calls 60334->60337 60336 9748e8 60335->60336 60336->60202 60337->60330 60499 973ba3 105 API calls 5 library calls 60338->60499 60341 974974 60339->60341 60342 97498b 60339->60342 60343 974868 60340->60343 60500 973ba3 105 API calls 5 library calls 60341->60500 60501 973a87 RegQueryValueExA RegQueryValueExA 60342->60501 60344 97a3a5 __stat64i32 139 API calls 60343->60344 60348 974878 60344->60348 60348->60313 60351 97487f 60348->60351 60349 97491b RegCloseKey 60349->60322 60350 9749a1 60355 9749d2 60350->60355 60502 973ba3 105 API calls 5 library calls 60350->60502 60356 973971 99 API calls 60351->60356 60353 9749ba RegCloseKey RegCloseKey 60353->60355 60354 974a1f RegCloseKey RegCloseKey 60358 973971 99 API calls 60354->60358 60355->60354 60503 973a87 RegQueryValueExA RegQueryValueExA 60355->60503 60356->60330 60360 974a3c 60358->60360 60359 9749f1 60361 974a02 60359->60361 60504 978a72 104 API calls 5 library calls 60359->60504 60505 978a72 104 API calls 5 library calls 60361->60505 60364 974a1c 60364->60354 60366 973b67 60365->60366 60368 973b82 60365->60368 60366->60368 60737 97a9c0 102 API calls __vsnprintf_l 60366->60737 60368->60202 60370 972fc3 60369->60370 60371 972fcc 60370->60371 60373 973ad9 2 API calls 60370->60373 60738 979f5a 60371->60738 60373->60371 60375 972fe6 60377 973003 60375->60377 60773 973ba3 105 API calls 5 library calls 60375->60773 60376 97300b 60741 979d66 60376->60741 60382 9796e8 ___crtMessageBoxW 5 API calls 60377->60382 60380 972ffa 60384 978a0a 66 API calls 60380->60384 60381 9732e4 60760 979c59 60381->60760 60385 973331 60382->60385 60384->60377 60385->60202 60386 979d66 _fgets 81 API calls 60389 97301a _strspn _memmove _strlen _strcspn 60386->60389 60387 973ba3 105 API calls 60387->60389 60388 9732ed 60388->60377 60390 973ad9 2 API calls 60388->60390 60389->60381 60389->60386 60389->60387 60392 973904 97 API calls 60389->60392 60394 973971 99 API calls 60389->60394 60395 97394b 97 API calls 60389->60395 60391 973305 60390->60391 60774 978a72 104 API calls 5 library calls 60391->60774 60392->60389 60394->60389 60395->60389 60397 978bb6 __wgetenv 99 API calls 60396->60397 60398 972329 60397->60398 60399 973904 97 API calls 60398->60399 60401 972340 __tzset_nolock 60399->60401 60400 97246a 60402 973971 99 API calls 60400->60402 60401->60400 60405 97249e 60401->60405 60406 972495 60402->60406 60403 9724ea 60404 972548 60403->60404 60410 9724f4 60403->60410 60404->60406 61065 973ba3 105 API calls 5 library calls 60404->61065 60405->60403 60405->60406 60408 9724fd 60405->60408 60405->60410 60406->60202 60408->60406 61063 973ba3 105 API calls 5 library calls 60408->61063 60410->60406 61064 973ba3 105 API calls 5 library calls 60410->61064 60412 97250d 60413 978a0a 66 API calls 60412->60413 60413->60406 60416 97475e __mbschr_l 60414->60416 60415 974787 60417 973b5d 102 API calls 60415->60417 60416->60415 60419 974772 60416->60419 60418 974782 60417->60418 60421 97a3a5 __stat64i32 139 API calls 60418->60421 60420 973b5d 102 API calls 60419->60420 60420->60418 60422 9747a3 60421->60422 60423 9796e8 ___crtMessageBoxW 5 API calls 60422->60423 60424 9747b5 60423->60424 60424->60202 60425->60202 60427 973a68 _strrchr 60426->60427 60427->60312 60429 97a3d5 60428->60429 60430 97a3f1 60428->60430 60528 97ab14 66 API calls __getptd_noexit 60429->60528 60430->60429 60432 97a3f5 60430->60432 60506 98469d 60432->60506 60434 97a3da 60529 97ab01 66 API calls __getptd_noexit 60434->60529 60437 97a3e1 60530 97d2d6 11 API calls __wopen 60437->60530 60439 97a43c 60534 984451 68 API calls 4 library calls 60439->60534 60441 97a40b 60532 97ab14 66 API calls __getptd_noexit 60441->60532 60442 97a422 60482 97a406 60442->60482 60533 9845c5 82 API calls __mbctolower_l 60442->60533 60446 97a441 FindFirstFileExA 60447 97a548 60446->60447 60448 97a468 60446->60448 60452 97a5b3 60447->60452 60456 97a560 60447->60456 60450 98469d __stat64i32 76 API calls 60448->60450 60449 97a436 60449->60446 60453 97a479 60450->60453 60451 9796e8 ___crtMessageBoxW 5 API calls 60455 97a7fa 60451->60455 60454 97a5cb FileTimeToLocalFileTime 60452->60454 60457 97a5c3 60452->60457 60453->60482 60535 97a345 75 API calls 2 library calls 60453->60535 60458 97a5e7 FileTimeToSystemTime 60454->60458 60459 97a7d1 GetLastError 60454->60459 60455->60323 60538 9841ca 60456->60538 60467 97a661 FileTimeToLocalFileTime 60457->60467 60469 97a653 60457->60469 60458->60459 60463 97a603 60458->60463 60566 97ab27 66 API calls 3 library calls 60459->60566 60509 9841ea 60463->60509 60465 97a7dd FindClose 60494 97a3ec 60465->60494 60467->60459 60471 97a67d FileTimeToSystemTime 60467->60471 60468 97a52b 60468->60482 60537 978dd0 66 API calls 2 library calls 60468->60537 60476 97a6f7 FileTimeToLocalFileTime 60469->60476 60480 97a6e9 FindClose 60469->60480 60470 97a590 60541 9835d2 115 API calls 7 library calls 60470->60541 60471->60459 60472 97a699 60471->60472 60475 9841ea ___loctotime64_t 102 API calls 60472->60475 60474 97a59c 60542 982135 60474->60542 60475->60469 60476->60459 60481 97a713 FileTimeToSystemTime 60476->60481 60478 97a498 _IsRootUNCName _strlen 60478->60468 60483 97a4ba GetDriveTypeA 60478->60483 60488 97a77b 60480->60488 60481->60459 60485 97a72f 60481->60485 60531 97ab01 66 API calls __getptd_noexit 60482->60531 60483->60468 60486 97a4c6 60483->60486 60487 9841ea ___loctotime64_t 102 API calls 60485->60487 60489 97a4d9 60486->60489 60536 978dd0 66 API calls 2 library calls 60486->60536 60487->60480 60565 983515 85 API calls ___dtoxmode 60488->60565 60490 9841ea ___loctotime64_t 102 API calls 60489->60490 60493 97a509 60490->60493 60493->60488 60494->60451 60495->60322 60496->60330 60497->60321 60498->60349 60499->60349 60500->60349 60501->60350 60502->60353 60503->60359 60504->60361 60505->60364 60567 9845d8 60506->60567 60508 97a400 60508->60439 60508->60442 60508->60482 60510 984432 60509->60510 60515 984222 60509->60515 60625 97ab01 66 API calls __getptd_noexit 60510->60625 60512 984413 60513 9796e8 ___crtMessageBoxW 5 API calls 60512->60513 60514 98444f 60513->60514 60514->60457 60515->60510 60606 98887b 60515->60606 60517 9842fd 60614 98890b 66 API calls __wopen 60517->60614 60519 984306 60520 984426 60519->60520 60615 988938 66 API calls __wopen 60519->60615 60624 97d284 10 API calls __call_reportfault 60520->60624 60523 984318 60523->60520 60616 988965 60523->60616 60525 98432a 60525->60520 60526 984333 ___loctotime64_t 60525->60526 60526->60512 60623 9888ca 66 API calls 4 library calls 60526->60623 60528->60434 60529->60437 60530->60494 60531->60441 60532->60494 60533->60449 60534->60446 60535->60478 60536->60489 60537->60482 60668 984106 60538->60668 60540 97a578 60540->60470 60540->60482 60541->60474 60543 982141 __wopen 60542->60543 60544 982149 60543->60544 60545 982164 60543->60545 60709 97ab14 66 API calls __getptd_noexit 60544->60709 60547 982170 60545->60547 60552 9821aa 60545->60552 60711 97ab14 66 API calls __getptd_noexit 60547->60711 60548 98214e 60710 97ab01 66 API calls __getptd_noexit 60548->60710 60551 982175 60712 97ab01 66 API calls __getptd_noexit 60551->60712 60684 9829ee 60552->60684 60555 9821b0 60557 9821ca 60555->60557 60558 9821be 60555->60558 60556 98217d 60713 97d2d6 11 API calls __wopen 60556->60713 60714 97ab01 66 API calls __getptd_noexit 60557->60714 60694 982099 60558->60694 60562 982156 __wopen 60562->60494 60563 9821c4 60715 9821f1 LeaveCriticalSection __unlock_fhandle 60563->60715 60565->60494 60566->60465 60574 97ca70 60567->60574 60571 984615 60583 97d2d6 11 API calls __wopen 60571->60583 60573 9845f7 _strpbrk 60573->60508 60575 97ca83 60574->60575 60576 97cad0 60574->60576 60584 97d50a 60575->60584 60576->60573 60582 97ab01 66 API calls __getptd_noexit 60576->60582 60578 97ca88 60579 97cab0 60578->60579 60589 9851e6 74 API calls 6 library calls 60578->60589 60579->60576 60590 984a65 68 API calls 6 library calls 60579->60590 60582->60571 60583->60573 60591 97d491 GetLastError 60584->60591 60586 97d512 60587 97d51f 60586->60587 60605 978a54 66 API calls 3 library calls 60586->60605 60587->60578 60589->60579 60590->60576 60592 97d34f ___set_flsgetvalue TlsGetValue DecodePointer TlsSetValue 60591->60592 60593 97d4a8 60592->60593 60594 97d4fe SetLastError 60593->60594 60595 97fe3d __calloc_crt 62 API calls 60593->60595 60594->60586 60596 97d4bc 60595->60596 60596->60594 60597 97d4c4 DecodePointer 60596->60597 60598 97d4d9 60597->60598 60599 97d4f5 60598->60599 60600 97d4dd 60598->60600 60602 978dd0 _free 62 API calls 60599->60602 60601 97d3dd __initptd 62 API calls 60600->60601 60603 97d4e5 GetCurrentThreadId 60601->60603 60604 97d4fb 60602->60604 60603->60594 60604->60594 60607 988887 __wopen 60606->60607 60608 97ceac __lock 66 API calls 60607->60608 60609 9888bb __wopen 60607->60609 60611 988898 60608->60611 60609->60517 60610 9888a9 60656 9888c1 LeaveCriticalSection _doexit 60610->60656 60611->60610 60626 98819a 60611->60626 60614->60519 60615->60523 60617 988971 60616->60617 60618 988986 60616->60618 60666 97ab01 66 API calls __getptd_noexit 60617->60666 60618->60525 60620 988976 60667 97d2d6 11 API calls __wopen 60620->60667 60622 988981 60622->60525 60623->60512 60624->60510 60625->60512 60627 9881a6 __wopen 60626->60627 60628 97ceac __lock 66 API calls 60627->60628 60629 9881c1 __tzset_nolock 60628->60629 60630 988965 __tzset_nolock 66 API calls 60629->60630 60631 9881d6 60630->60631 60632 98829e 60631->60632 60657 98890b 66 API calls __wopen 60631->60657 60663 97d284 10 API calls __call_reportfault 60632->60663 60635 9881e8 60635->60632 60658 988938 66 API calls __wopen 60635->60658 60636 9882be GetTimeZoneInformation 60653 988293 __tzset_nolock 60636->60653 60639 9881fa 60639->60632 60659 9891dc 74 API calls 2 library calls 60639->60659 60641 988325 WideCharToMultiByte 60641->60653 60642 988208 60660 978b2f 99 API calls 3 library calls 60642->60660 60644 98835d WideCharToMultiByte 60644->60653 60646 988261 _strlen 60648 97fdf8 __malloc_crt 66 API calls 60646->60648 60647 9846b4 66 API calls __tzset_nolock 60647->60653 60651 98826f _strlen 60648->60651 60649 98822a __tzset_nolock 60649->60646 60649->60653 60661 978dd0 66 API calls 2 library calls 60649->60661 60651->60653 60662 97ee39 66 API calls __wopen 60651->60662 60653->60632 60653->60636 60653->60641 60653->60644 60653->60647 60654 98848e __wopen __tzset_nolock 60653->60654 60655 98b400 79 API calls __tzset_nolock 60653->60655 60664 978dd0 66 API calls 2 library calls 60653->60664 60665 98841d LeaveCriticalSection _doexit 60653->60665 60654->60610 60655->60653 60656->60609 60657->60635 60658->60639 60659->60642 60660->60649 60661->60646 60662->60653 60663->60653 60664->60653 60665->60653 60666->60620 60667->60622 60670 984112 __wopen 60668->60670 60669 984125 60681 97ab01 66 API calls __getptd_noexit 60669->60681 60670->60669 60672 98415b __tsopen_nolock 60670->60672 60677 98419c 60672->60677 60673 98412a 60682 97d2d6 11 API calls __wopen 60673->60682 60676 984134 __wopen 60676->60540 60678 9841a1 60677->60678 60680 9841c8 60677->60680 60683 982a8d LeaveCriticalSection 60678->60683 60680->60676 60681->60673 60682->60676 60683->60680 60685 9829fa __wopen 60684->60685 60686 982a54 60685->60686 60688 97ceac __lock 66 API calls 60685->60688 60687 982a59 EnterCriticalSection 60686->60687 60692 982a76 __wopen 60686->60692 60687->60692 60689 982a26 60688->60689 60690 982a42 60689->60690 60691 982a2f InitializeCriticalSectionAndSpinCount 60689->60691 60716 982a84 LeaveCriticalSection _doexit 60690->60716 60691->60690 60692->60555 60717 982985 60694->60717 60696 9820ff 60730 9828ff 67 API calls 2 library calls 60696->60730 60698 9820a9 60698->60696 60699 9820dd 60698->60699 60701 982985 __lseek_nolock 66 API calls 60698->60701 60699->60696 60702 982985 __lseek_nolock 66 API calls 60699->60702 60700 982107 60703 982129 60700->60703 60731 97ab27 66 API calls 3 library calls 60700->60731 60704 9820d4 60701->60704 60705 9820e9 CloseHandle 60702->60705 60703->60563 60707 982985 __lseek_nolock 66 API calls 60704->60707 60705->60696 60708 9820f5 GetLastError 60705->60708 60707->60699 60708->60696 60709->60548 60710->60562 60711->60551 60712->60556 60713->60562 60714->60563 60715->60562 60716->60686 60718 9829aa 60717->60718 60719 982992 60717->60719 60724 9829e9 60718->60724 60734 97ab14 66 API calls __getptd_noexit 60718->60734 60732 97ab14 66 API calls __getptd_noexit 60719->60732 60722 982997 60733 97ab01 66 API calls __getptd_noexit 60722->60733 60723 9829bb 60735 97ab01 66 API calls __getptd_noexit 60723->60735 60724->60698 60727 98299f 60727->60698 60728 9829c3 60736 97d2d6 11 API calls __wopen 60728->60736 60730->60700 60731->60703 60732->60722 60733->60727 60734->60723 60735->60728 60736->60727 60737->60368 60775 979e9e 60738->60775 60740 972fdd 60740->60375 60740->60376 60743 979d72 __wopen 60741->60743 60742 979d85 60880 97ab01 66 API calls __getptd_noexit 60742->60880 60743->60742 60745 979db6 60743->60745 60750 979d95 __wopen 60745->60750 60854 979b0e 60745->60854 60746 979d8a 60881 97d2d6 11 API calls __wopen 60746->60881 60750->60389 60752 979dd5 60753 979e3a 60752->60753 60889 97ab01 66 API calls __getptd_noexit 60752->60889 60756 979e67 60753->60756 60860 98222a 60753->60860 60891 979e96 LeaveCriticalSection LeaveCriticalSection _vfprintf_helper 60756->60891 60758 979e2f 60890 97d2d6 11 API calls __wopen 60758->60890 60761 979c65 __wopen 60760->60761 60762 979c77 60761->60762 60763 979c8c 60761->60763 61045 97ab01 66 API calls __getptd_noexit 60762->61045 60765 979b0e __lock_file 67 API calls 60763->60765 60770 979c87 __wopen 60763->60770 60767 979ca5 60765->60767 60766 979c7c 61046 97d2d6 11 API calls __wopen 60766->61046 61029 979bec 60767->61029 60770->60388 60773->60380 60774->60377 60778 979eaa __wopen 60775->60778 60776 979ebd 60833 97ab01 66 API calls __getptd_noexit 60776->60833 60778->60776 60780 979eea 60778->60780 60779 979ec2 60834 97d2d6 11 API calls __wopen 60779->60834 60794 9825e3 60780->60794 60783 979eef 60784 979ef6 60783->60784 60785 979f03 60783->60785 60835 97ab01 66 API calls __getptd_noexit 60784->60835 60786 979f2a 60785->60786 60787 979f0a 60785->60787 60811 98234c 60786->60811 60836 97ab01 66 API calls __getptd_noexit 60787->60836 60791 979ecd __wopen @_EH4_CallFilterFunc@8 60791->60740 60795 9825ef __wopen 60794->60795 60796 97ceac __lock 66 API calls 60795->60796 60809 9825fd 60796->60809 60797 982672 60838 98270d 60797->60838 60798 982679 60800 97fdf8 __malloc_crt 66 API calls 60798->60800 60802 982680 60800->60802 60801 982702 __wopen 60801->60783 60802->60797 60803 98268e InitializeCriticalSectionAndSpinCount 60802->60803 60806 9826ae 60803->60806 60807 9826c1 EnterCriticalSection 60803->60807 60844 978dd0 66 API calls 2 library calls 60806->60844 60807->60797 60809->60797 60809->60798 60841 97cdea 66 API calls 8 library calls 60809->60841 60842 979b4f 67 API calls __lock 60809->60842 60843 979bbd LeaveCriticalSection LeaveCriticalSection _doexit 60809->60843 60812 98236e 60811->60812 60813 982382 60812->60813 60825 982399 60812->60825 60846 97ab01 66 API calls __getptd_noexit 60813->60846 60814 982536 60817 98258a 60814->60817 60818 98259c 60814->60818 60816 982387 60847 97d2d6 11 API calls __wopen 60816->60847 60852 97ab01 66 API calls __getptd_noexit 60817->60852 60821 9841ca __wsopen_s 68 API calls 60818->60821 60823 979f35 60821->60823 60822 98258f 60853 97d2d6 11 API calls __wopen 60822->60853 60837 979f50 LeaveCriticalSection LeaveCriticalSection _vfprintf_helper 60823->60837 60825->60814 60825->60817 60848 9877bb 76 API calls __fassign 60825->60848 60827 982505 60827->60817 60849 987655 85 API calls __mbsnbicmp_l 60827->60849 60829 98252f 60829->60814 60850 987655 85 API calls __mbsnbicmp_l 60829->60850 60831 98254e 60831->60814 60851 987655 85 API calls __mbsnbicmp_l 60831->60851 60833->60779 60834->60791 60835->60791 60836->60791 60837->60791 60845 97cdd3 LeaveCriticalSection 60838->60845 60840 982714 60840->60801 60841->60809 60842->60809 60843->60809 60844->60797 60845->60840 60846->60816 60847->60823 60848->60827 60849->60829 60850->60831 60851->60814 60852->60822 60853->60823 60855 979b42 EnterCriticalSection 60854->60855 60856 979b20 60854->60856 60858 979b38 60855->60858 60856->60855 60857 979b28 60856->60857 60859 97ceac __lock 66 API calls 60857->60859 60858->60753 60882 981fd7 60858->60882 60859->60858 60861 982237 60860->60861 60864 98224c 60860->60864 60925 97ab01 66 API calls __getptd_noexit 60861->60925 60863 98223c 60926 97d2d6 11 API calls __wopen 60863->60926 60866 982281 60864->60866 60874 982247 60864->60874 60892 986520 60864->60892 60868 981fd7 __filbuf 66 API calls 60866->60868 60869 982295 60868->60869 60895 98735b 60869->60895 60871 98229c 60872 981fd7 __filbuf 66 API calls 60871->60872 60871->60874 60873 9822bf 60872->60873 60873->60874 60875 981fd7 __filbuf 66 API calls 60873->60875 60874->60753 60876 9822cb 60875->60876 60876->60874 60877 981fd7 __filbuf 66 API calls 60876->60877 60878 9822d8 60877->60878 60879 981fd7 __filbuf 66 API calls 60878->60879 60879->60874 60880->60746 60881->60750 60883 981ff8 60882->60883 60884 981fe3 60882->60884 60883->60752 61027 97ab01 66 API calls __getptd_noexit 60884->61027 60886 981fe8 61028 97d2d6 11 API calls __wopen 60886->61028 60888 981ff3 60888->60752 60889->60758 60890->60753 60891->60750 60893 97fdf8 __malloc_crt 66 API calls 60892->60893 60894 986535 60893->60894 60894->60866 60896 987367 __wopen 60895->60896 60897 98738a 60896->60897 60898 98736f 60896->60898 60900 987396 60897->60900 60903 9873d0 60897->60903 60996 97ab14 66 API calls __getptd_noexit 60898->60996 60998 97ab14 66 API calls __getptd_noexit 60900->60998 60901 987374 60997 97ab01 66 API calls __getptd_noexit 60901->60997 60906 9873dd 60903->60906 60907 9873f2 60903->60907 60905 98739b 60999 97ab01 66 API calls __getptd_noexit 60905->60999 61001 97ab14 66 API calls __getptd_noexit 60906->61001 60910 9829ee ___lock_fhandle 68 API calls 60907->60910 60912 9873f8 60910->60912 60911 9873e2 61002 97ab01 66 API calls __getptd_noexit 60911->61002 60914 98741a 60912->60914 60915 987406 60912->60915 61003 97ab01 66 API calls __getptd_noexit 60914->61003 60927 986da4 60915->60927 60917 9873a3 61000 97d2d6 11 API calls __wopen 60917->61000 60920 987412 61005 987449 LeaveCriticalSection __unlock_fhandle 60920->61005 60921 98741f 61004 97ab14 66 API calls __getptd_noexit 60921->61004 60924 98737c __wopen 60924->60871 60925->60863 60926->60874 60928 986ddb 60927->60928 60929 986dc0 60927->60929 60930 986dea 60928->60930 60932 986e09 60928->60932 61006 97ab14 66 API calls __getptd_noexit 60929->61006 61008 97ab14 66 API calls __getptd_noexit 60930->61008 60936 986e27 60932->60936 60947 986e3b 60932->60947 60934 986dc5 61007 97ab01 66 API calls __getptd_noexit 60934->61007 60935 986def 61009 97ab01 66 API calls __getptd_noexit 60935->61009 61011 97ab14 66 API calls __getptd_noexit 60936->61011 60938 986e91 61013 97ab14 66 API calls __getptd_noexit 60938->61013 60941 986df6 61010 97d2d6 11 API calls __wopen 60941->61010 60943 986e2c 61012 97ab01 66 API calls __getptd_noexit 60943->61012 60945 986e96 61014 97ab01 66 API calls __getptd_noexit 60945->61014 60947->60938 60948 986dcd 60947->60948 60951 986e70 60947->60951 60953 986eaa 60947->60953 60948->60920 60950 986e33 61015 97d2d6 11 API calls __wopen 60950->61015 60951->60938 60956 986e7b ReadFile 60951->60956 60955 97fdf8 __malloc_crt 66 API calls 60953->60955 60957 986ec0 60955->60957 60958 98731e GetLastError 60956->60958 60959 986fa6 60956->60959 60962 986ee8 60957->60962 60963 986eca 60957->60963 60960 98732b 60958->60960 60961 9871a5 60958->60961 60959->60958 60966 986fba 60959->60966 61025 97ab01 66 API calls __getptd_noexit 60960->61025 60991 98712a 60961->60991 61022 97ab27 66 API calls 3 library calls 60961->61022 61018 97affa 68 API calls 3 library calls 60962->61018 61016 97ab01 66 API calls __getptd_noexit 60963->61016 60975 986fd6 60966->60975 60976 9871ea 60966->60976 60966->60991 60968 987330 61026 97ab14 66 API calls __getptd_noexit 60968->61026 60969 986ecf 61017 97ab14 66 API calls __getptd_noexit 60969->61017 60971 986ef6 60971->60956 60977 9870b7 60975->60977 60978 98703a ReadFile 60975->60978 60979 98725f ReadFile 60976->60979 60976->60991 60984 987132 60977->60984 60985 987125 60977->60985 60977->60991 60994 9870ef 60977->60994 60982 987058 GetLastError 60978->60982 60986 987062 60978->60986 60980 98727e GetLastError 60979->60980 60987 987288 60979->60987 60980->60976 60980->60987 60981 98717b MultiByteToWideChar 60983 98719f GetLastError 60981->60983 60981->60991 60982->60975 60982->60986 60983->60961 60992 987169 60984->60992 60984->60994 61020 97ab01 66 API calls __getptd_noexit 60985->61020 60986->60975 61019 97affa 68 API calls 3 library calls 60986->61019 60987->60976 61024 97affa 68 API calls 3 library calls 60987->61024 60991->60948 61023 978dd0 66 API calls 2 library calls 60991->61023 61021 97affa 68 API calls 3 library calls 60992->61021 60994->60981 60995 987178 60995->60981 60996->60901 60997->60924 60998->60905 60999->60917 61000->60924 61001->60911 61002->60917 61003->60921 61004->60920 61005->60924 61006->60934 61007->60948 61008->60935 61009->60941 61010->60948 61011->60943 61012->60950 61013->60945 61014->60950 61015->60948 61016->60969 61017->60948 61018->60971 61019->60986 61020->60991 61021->60995 61022->60991 61023->60948 61024->60987 61025->60968 61026->60991 61027->60886 61028->60888 61030 979c11 61029->61030 61031 979bfd 61029->61031 61037 979c0d 61030->61037 61048 97ab4a 61030->61048 61058 97ab01 66 API calls __getptd_noexit 61031->61058 61033 979c02 61059 97d2d6 11 API calls __wopen 61033->61059 61047 979cc5 LeaveCriticalSection LeaveCriticalSection _vfprintf_helper 61037->61047 61040 981fd7 __filbuf 66 API calls 61041 979c2b 61040->61041 61042 982135 __close 72 API calls 61041->61042 61043 979c31 61042->61043 61043->61037 61060 978dd0 66 API calls 2 library calls 61043->61060 61045->60766 61046->60770 61047->60770 61049 97ab63 61048->61049 61050 979c1d 61048->61050 61049->61050 61051 981fd7 __filbuf 66 API calls 61049->61051 61054 9821f9 61050->61054 61052 97ab7e 61051->61052 61061 98334a 97 API calls 5 library calls 61052->61061 61055 982209 61054->61055 61056 979c25 61054->61056 61055->61056 61062 978dd0 66 API calls 2 library calls 61055->61062 61056->61040 61058->61033 61059->61037 61060->61037 61061->61050 61062->61056 61063->60412 61064->60412 61065->60406 61067 974d04 61066->61067 61068 974d52 61066->61068 61069 9747b7 177 API calls 61067->61069 61070 9796e8 ___crtMessageBoxW 5 API calls 61068->61070 61072 974d12 _strlen 61069->61072 61071 974dbe LoadLibraryA 61070->61071 61071->60213 61071->60214 61072->61068 61073 974d48 61072->61073 61075 974d57 61072->61075 61087 973ba3 105 API calls 5 library calls 61073->61087 61076 973971 99 API calls 61075->61076 61077 974d73 61076->61077 61084 97ae7d 61077->61084 61080 974d85 LoadLibraryA 61080->61068 61081 974d93 61080->61081 61088 973ba3 105 API calls 5 library calls 61081->61088 61083->60218 61089 97adfe 61084->61089 61087->61068 61088->61068 61090 97ae25 61089->61090 61091 97ae0b 61089->61091 61090->61091 61093 97ae2e GetFileAttributesA 61090->61093 61107 97ab14 66 API calls __getptd_noexit 61091->61107 61095 97ae52 61093->61095 61096 97ae3c GetLastError 61093->61096 61094 97ae10 61108 97ab01 66 API calls __getptd_noexit 61094->61108 61103 974d7e 61095->61103 61112 97ab14 66 API calls __getptd_noexit 61095->61112 61110 97ab27 66 API calls 3 library calls 61096->61110 61099 97ae17 61109 97d2d6 11 API calls __wopen 61099->61109 61103->61068 61103->61080 61104 97ae65 61113 97ab01 66 API calls __getptd_noexit 61104->61113 61106 97ae48 61111 97ab01 66 API calls __getptd_noexit 61106->61111 61107->61094 61108->61099 61109->61103 61110->61106 61111->61103 61112->61104 61113->61106 61114->60220 61115->60232 61116->60232 61117->60224 61118->60224 61120 978bb6 __wgetenv 99 API calls 61119->61120 61121 971dc1 61120->61121 61122 978bb6 __wgetenv 99 API calls 61121->61122 61123 971dce 61122->61123 61124 971eaa 61123->61124 61158 97557a 179 API calls 61123->61158 61124->60246 61126 971ded 61127 971df7 61126->61127 61128 971e4f 61126->61128 61129 971e06 61127->61129 61159 976124 83 API calls 2 library calls 61127->61159 61164 975511 179 API calls 61128->61164 61136 971e21 61129->61136 61160 976124 83 API calls 2 library calls 61129->61160 61132 971e54 61134 971e71 61132->61134 61135 971e5a 61132->61135 61167 9754f1 179 API calls 61134->61167 61165 975551 179 API calls 61135->61165 61150 971e44 61136->61150 61161 975511 179 API calls 61136->61161 61139 971e66 61166 9754f1 179 API calls 61139->61166 61143 971e2f 61162 975551 179 API calls 61143->61162 61144 971e90 61169 9743a4 130 API calls 2 library calls 61144->61169 61147 971e3b 61163 9754d1 179 API calls 61147->61163 61148 971e9a 61170 9743a4 130 API calls 2 library calls 61148->61170 61168 975531 179 API calls 61150->61168 61152 971ea0 61171 9743a4 130 API calls 2 library calls 61152->61171 61157 97334c _memset 61154->61157 61156 9733aa 61156->60029 61172 974f6f 61157->61172 61158->61126 61159->61129 61160->61136 61161->61143 61162->61147 61163->61150 61164->61132 61165->61139 61166->61150 61167->61150 61168->61144 61169->61148 61170->61152 61171->61124 61193 97af5a 61172->61193 61175 974fb2 61177 975050 61175->61177 61179 978bb6 __wgetenv 99 API calls 61175->61179 61176 97af5a 128 API calls 61176->61175 61178 975058 WaitForSingleObject GetExitCodeThread CloseHandle 61177->61178 61181 975075 61177->61181 61178->61181 61180 974fce 61179->61180 61182 974fdf 61180->61182 61214 98b3b9 85 API calls 2 library calls 61180->61214 61181->61156 61184 978bb6 __wgetenv 99 API calls 61182->61184 61185 974ff6 61184->61185 61187 975004 61185->61187 61215 98b3b9 85 API calls 2 library calls 61185->61215 61187->61177 61191 97502d 61187->61191 61216 98b3b9 85 API calls 2 library calls 61187->61216 61188 975045 61217 974e3a 185 API calls 2 library calls 61188->61217 61191->61177 61191->61188 61192 97504f 61192->61177 61194 97af7e 61193->61194 61195 97af6a 61193->61195 61218 97d34f TlsGetValue 61194->61218 61221 97ab01 66 API calls __getptd_noexit 61195->61221 61198 97af6f 61222 97d2d6 11 API calls __wopen 61198->61222 61201 97fe3d __calloc_crt 66 API calls 61203 97af90 61201->61203 61202 974f94 61202->61175 61202->61176 61204 97afe1 61203->61204 61205 97d50a __getptd 66 API calls 61203->61205 61223 978dd0 66 API calls 2 library calls 61204->61223 61207 97af9d 61205->61207 61209 97d3dd __initptd 66 API calls 61207->61209 61208 97afe7 61208->61202 61224 97ab27 66 API calls 3 library calls 61208->61224 61210 97afa6 CreateThread 61209->61210 61210->61202 61213 97afd9 GetLastError 61210->61213 61225 97aef5 61210->61225 61213->61204 61214->61182 61215->61187 61216->61191 61217->61192 61219 97d364 DecodePointer TlsSetValue 61218->61219 61220 97af84 61218->61220 61219->61220 61220->61201 61221->61198 61222->61202 61223->61208 61224->61202 61226 97d34f ___set_flsgetvalue 3 API calls 61225->61226 61227 97af00 61226->61227 61240 97d32f TlsGetValue 61227->61240 61230 97af0f 61288 97d383 DecodePointer 61230->61288 61231 97af39 61242 97d524 61231->61242 61233 97af54 61278 97aeb4 61233->61278 61237 97af1e 61238 97af22 GetLastError ExitThread 61237->61238 61239 97af2f GetCurrentThreadId 61237->61239 61239->61233 61241 97af0b 61240->61241 61241->61230 61241->61231 61243 97d530 __wopen 61242->61243 61244 97d548 61243->61244 61245 97d632 __wopen 61243->61245 61289 978dd0 66 API calls 2 library calls 61243->61289 61248 97d556 61244->61248 61290 978dd0 66 API calls 2 library calls 61244->61290 61245->61233 61251 97d564 61248->61251 61291 978dd0 66 API calls 2 library calls 61248->61291 61250 97d572 61253 97d580 61250->61253 61293 978dd0 66 API calls 2 library calls 61250->61293 61251->61250 61292 978dd0 66 API calls 2 library calls 61251->61292 61254 97d58e 61253->61254 61294 978dd0 66 API calls 2 library calls 61253->61294 61257 97d59c 61254->61257 61295 978dd0 66 API calls 2 library calls 61254->61295 61259 97d5ad 61257->61259 61296 978dd0 66 API calls 2 library calls 61257->61296 61261 97ceac __lock 66 API calls 61259->61261 61262 97d5b5 61261->61262 61263 97d5c1 InterlockedDecrement 61262->61263 61264 97d5da 61262->61264 61263->61264 61265 97d5cc 61263->61265 61298 97d63e LeaveCriticalSection _doexit 61264->61298 61265->61264 61297 978dd0 66 API calls 2 library calls 61265->61297 61267 97d5e7 61269 97ceac __lock 66 API calls 61267->61269 61270 97d5ee 61269->61270 61271 97d61f 61270->61271 61299 984fb5 8 API calls 61270->61299 61301 97d64a LeaveCriticalSection _doexit 61271->61301 61274 97d62c 61302 978dd0 66 API calls 2 library calls 61274->61302 61276 97d603 61276->61271 61300 98504e 66 API calls 4 library calls 61276->61300 61279 97aec0 __wopen 61278->61279 61280 97d50a __getptd 66 API calls 61279->61280 61281 97aec5 61280->61281 61303 971ff3 61281->61303 61284 97aed5 61285 97ef45 __XcptFilter 66 API calls 61284->61285 61286 97aee6 61285->61286 61288->61237 61289->61244 61290->61248 61291->61251 61292->61250 61293->61253 61294->61254 61295->61257 61296->61259 61297->61264 61298->61267 61299->61276 61300->61271 61301->61274 61302->61245 61304 97202c 61303->61304 61305 973ad9 2 API calls 61304->61305 61306 972031 61305->61306 61360 97141d 61306->61360 61308 972047 61309 972060 61308->61309 61435 973ba3 105 API calls 5 library calls 61308->61435 61310 972072 61309->61310 61436 971a28 107 API calls 61309->61436 61314 97212a 61310->61314 61320 972080 61310->61320 61439 9719d2 107 API calls 61310->61439 61313 972058 61316 978a0a 66 API calls 61313->61316 61318 97229c 61314->61318 61331 973ad9 2 API calls 61314->61331 61335 972180 61314->61335 61316->61309 61317 9720d2 61323 9720e0 61317->61323 61324 9720fa 61317->61324 61447 971ab9 107 API calls 61318->61447 61437 973d4c MessageBoxA 61320->61437 61321 9722ce 61321->61320 61326 9722e0 61321->61326 61440 973d4c MessageBoxA 61323->61440 61324->61314 61327 972103 61324->61327 61350 9720a0 61326->61350 61448 973ba3 105 API calls 5 library calls 61326->61448 61327->61350 61441 973ba3 105 API calls 5 library calls 61327->61441 61328 972088 61328->61350 61438 973ba3 105 API calls 5 library calls 61328->61438 61333 972169 61331->61333 61338 973971 99 API calls 61333->61338 61334 9721cf 61372 971685 61334->61372 61335->61334 61442 978a72 104 API calls 5 library calls 61335->61442 61338->61335 61339 9721a0 61443 978a72 104 API calls 5 library calls 61339->61443 61341 9721ad 61341->61334 61444 978a72 104 API calls 5 library calls 61341->61444 61342 9721f4 61445 973ba3 105 API calls 5 library calls 61342->61445 61347 97220b 61348 97220f 61347->61348 61351 972222 61347->61351 61446 973ba3 105 API calls 5 library calls 61348->61446 61354 97ae95 61350->61354 61351->61320 61351->61342 61397 97451d 61351->61397 61353 97227e 61353->61318 61353->61320 61353->61342 61355 97d491 __getptd_noexit 66 API calls 61354->61355 61356 97ae9f 61355->61356 61357 97aeaa ExitThread 61356->61357 61449 97d653 79 API calls __freefls@4 61356->61449 61359 97aea9 61359->61357 61361 971431 _memset 61360->61361 61362 978a72 104 API calls 61361->61362 61365 9714c4 61361->61365 61363 971462 61362->61363 61364 978a72 104 API calls 61363->61364 61366 97146f 61364->61366 61365->61308 61367 978a72 104 API calls 61366->61367 61368 97148d 61367->61368 61369 978a72 104 API calls 61368->61369 61370 97149a 61369->61370 61370->61365 61371 978a72 104 API calls 61370->61371 61371->61370 61373 9714eb 107 API calls 61372->61373 61374 971695 61373->61374 61375 97169c 61374->61375 61378 9716ae 61374->61378 61376 973ba3 105 API calls 61375->61376 61377 9716a6 61376->61377 61377->61320 61377->61342 61391 97175d 61377->61391 61379 9716bc 61378->61379 61380 973ad9 QueryPerformanceFrequency QueryPerformanceCounter 61378->61380 61381 97170f 61379->61381 61382 97151b 107 API calls 61379->61382 61380->61379 61383 973ba3 105 API calls 61381->61383 61384 9716e5 61382->61384 61383->61377 61384->61377 61384->61381 61385 97171e 61384->61385 61385->61377 61386 973ad9 QueryPerformanceFrequency QueryPerformanceCounter 61385->61386 61387 97172c 61386->61387 61388 978a72 104 API calls 61387->61388 61389 971744 61388->61389 61390 978a72 104 API calls 61389->61390 61390->61377 61392 9714eb 107 API calls 61391->61392 61393 971764 61392->61393 61394 973ba3 105 API calls 61393->61394 61396 971792 61393->61396 61395 971775 61394->61395 61395->61347 61396->61347 61398 9714eb 107 API calls 61397->61398 61399 97452f 61398->61399 61400 974537 61399->61400 61401 974546 61399->61401 61403 973ba3 105 API calls 61400->61403 61402 97454e 61401->61402 61406 974562 61401->61406 61404 9715ee 107 API calls 61402->61404 61405 974541 61403->61405 61434 97455a 61404->61434 61405->61353 61407 9744ac 100 API calls 61406->61407 61408 97457d 61407->61408 61409 974584 61408->61409 61410 9745ae __tzset_nolock 61408->61410 61411 973971 99 API calls 61409->61411 61413 9745e6 61410->61413 61414 9745c9 61410->61414 61412 974590 61411->61412 61415 973971 99 API calls 61412->61415 61417 973904 97 API calls 61413->61417 61416 973971 99 API calls 61414->61416 61418 97459a 61415->61418 61420 9745d3 61416->61420 61426 9745f1 __tzset_nolock _strlen 61417->61426 61419 9715ee 107 API calls 61418->61419 61419->61434 61421 973971 99 API calls 61420->61421 61422 9745df 61421->61422 61423 9715ee 107 API calls 61422->61423 61423->61434 61424 973904 97 API calls 61424->61426 61425 973b5d 102 API calls 61425->61426 61426->61422 61426->61424 61426->61425 61427 973971 99 API calls 61426->61427 61428 974695 61426->61428 61426->61434 61427->61426 61428->61422 61429 9746cf 61428->61429 61430 9746ef 61429->61430 61431 9746fd 61429->61431 61432 973ba3 105 API calls 61430->61432 61433 9715ee 107 API calls 61431->61433 61432->61434 61433->61434 61434->61353 61435->61313 61436->61310 61437->61328 61438->61350 61439->61317 61440->61328 61441->61350 61442->61339 61443->61341 61444->61341 61445->61328 61446->61350 61447->61321 61448->61350 61449->61359 61450->60254 61451->60267 61452->60269 61453->60270 61455 9788d6 __wopen 61454->61455 61456 97ceac __lock 61 API calls 61455->61456 61457 9788dd 61456->61457 61459 978908 DecodePointer 61457->61459 61463 978987 61457->61463 61461 97891f DecodePointer 61459->61461 61459->61463 61473 978932 61461->61473 61475 9789f5 61463->61475 61464 978a04 __wopen 61464->59852 61465 9789ec 61467 9787b2 _doexit 3 API calls 61465->61467 61468 9789f5 61467->61468 61469 978a02 61468->61469 61482 97cdd3 LeaveCriticalSection 61468->61482 61469->59852 61470 978949 DecodePointer 61481 97d31d EncodePointer 61470->61481 61473->61463 61473->61470 61474 978958 DecodePointer DecodePointer 61473->61474 61480 97d31d EncodePointer 61473->61480 61474->61473 61476 9789d5 61475->61476 61477 9789fb 61475->61477 61476->61464 61479 97cdd3 LeaveCriticalSection 61476->61479 61483 97cdd3 LeaveCriticalSection 61477->61483 61479->61465 61480->61473 61481->61473 61482->61469 61483->61476 61484 6b3f4830 61485 6b3f4865 61484->61485 61486 6b3f4450 4 API calls 61485->61486 61487 6b3f486a 61486->61487

                                                                                  Executed Functions

                                                                                  Function 00974DC6 Relevance: 14.0, APIs: 3, Strings: 5, Instructions: 46libraryloaderCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 464 974dc6-974deb call 973971 call 974cdb LoadLibraryA 469 974df7-974e1c GetProcAddress * 2 464->469 470 974ded-974df5 464->470 472 974e26-974e29 469->472 473 974e1e-974e20 469->473 471 974e2e-974e36 call 973ba3 470->471 477 974e37-974e39 471->477 472->471 473->472 475 974e22-974e24 473->475 475->477
                                                                                  APIs
                                                                                    • Part of subcall function 00973971: _vwprintf.LIBCMT ref: 00973983
                                                                                    • Part of subcall function 00974CDB: _strlen.LIBCMT ref: 00974D21
                                                                                    • Part of subcall function 00974CDB: _strlen.LIBCMT ref: 00974D2F
                                                                                    • Part of subcall function 00974CDB: _strlen.LIBCMT ref: 00974D3A
                                                                                  • LoadLibraryA.KERNEL32(?), ref: 00974DE1
                                                                                  • GetProcAddress.KERNEL32(00000000,JNI_CreateJavaVM), ref: 00974E05
                                                                                  • GetProcAddress.KERNEL32(00000000,JNI_GetDefaultJavaVMInitArgs), ref: 00974E12
                                                                                    • Part of subcall function 00973BA3: _vwprintf.LIBCMT ref: 00973BB8
                                                                                    • Part of subcall function 00973BA3: _vswprintf_s.LIBCMT ref: 00973BD3
                                                                                    • Part of subcall function 00973BA3: MessageBoxA.USER32(00000000,00000000,Java Virtual Machine Launcher,00000010), ref: 00973BE9
                                                                                  Strings
                                                                                  • JNI_CreateJavaVM, xrefs: 00974DFF
                                                                                  • Error: can't find JNI interfaces in: %s, xrefs: 00974E29
                                                                                  • Error: loading: %s, xrefs: 00974DF0
                                                                                  • JNI_GetDefaultJavaVMInitArgs, xrefs: 00974E0A
                                                                                  • JVM path is %s, xrefs: 00974DCD
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2349921903.0000000000971000.00000020.00000001.01000000.00000006.sdmp, Offset: 00970000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2349906238.0000000000970000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349945499.000000000098C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349965643.0000000000994000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349983263.0000000000998000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_970000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: _strlen$AddressProc_vwprintf$LibraryLoadMessage_vswprintf_s
                                                                                  • String ID: Error: can't find JNI interfaces in: %s$Error: loading: %s$JNI_CreateJavaVM$JNI_GetDefaultJavaVMInitArgs$JVM path is %s
                                                                                  • API String ID: 888266038-3810690643
                                                                                  • Opcode ID: 5e4df4519cf8d1fe54f5dd348af0fd7ac885ebf9790373c43d23307f6ea1cbb6
                                                                                  • Instruction ID: 0402cd40c8e04ac19d411c9655178519957bd20eff033594e781b4cdece910fb
                                                                                  • Opcode Fuzzy Hash: 5e4df4519cf8d1fe54f5dd348af0fd7ac885ebf9790373c43d23307f6ea1cbb6
                                                                                  • Instruction Fuzzy Hash: 6BF0287320A305FBCF103FA49C019AABB9CFF94364B10C026F54C56292DB72D4409B60
                                                                                  Function 6B3C6F48 Relevance: 68.6, APIs: 2, Strings: 37, Instructions: 310COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3C6F4F
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  • _CxxThrowException.MSVCR100(?,6B429388), ref: 6B3C733E
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ExceptionThrow$CreateCurrentEnv@8EventH_prolog3_catchObjectSingleThreadWait
                                                                                  • String ID: ()Ljava/awt/Font;$()Ljava/awt/Point;$()Ljava/awt/Toolkit;$()V$()Z$()[I$Ljava/awt/Color;$Ljava/awt/Container;$Ljava/awt/Cursor;$Ljava/awt/GraphicsConfiguration;$Ljava/awt/peer/ComponentPeer;$Lsun/awt/AppContext;$Lsun/awt/Win32GraphicsConfig;$appContext$background$cursor$disposeLater$enabled$focusable$foreground$getButtonDownMasks$getFont_NoClientCode$getLocationOnScreen_NoTreeLock$getToolkitImpl$graphicsConfig$height$hwnd$isEnabledImpl$java/awt/event/InputEvent$parent$peer$replaceSurfaceData$replaceSurfaceDataLater$sun/awt/windows/WComponentPeer$visible$width$winGraphicsConfig
                                                                                  • API String ID: 2813242525-2195416285
                                                                                  • Opcode ID: 45846a63612429f8e294bed4c0fabeb710f7991505d1d58a48c126249c1e309a
                                                                                  • Instruction ID: 6cbe280f24a8b2cd0a89f7d467be5ccd987fa38d356418b6923065dbe22439bc
                                                                                  • Opcode Fuzzy Hash: 45846a63612429f8e294bed4c0fabeb710f7991505d1d58a48c126249c1e309a
                                                                                  • Instruction Fuzzy Hash: 9AB15D34649642EFEB11AFA5CC48EAB3BF8EF4A344B104069FC44D7252DB39D941CBA1
                                                                                  Function 00972F8A Relevance: 51.1, APIs: 12, Strings: 17, Instructions: 313COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 78 972f8a-972fc5 call 9739b2 81 972fc7-972fcf call 973ad9 78->81 82 972fd2-972fe4 call 979f5a 78->82 81->82 87 972fe6-972fed 82->87 88 97300b-97301f call 979d66 82->88 89 973003-973006 87->89 90 972fef-972ffe call 973ba3 call 978a0a 87->90 96 9732e5-9732e8 call 979c59 88->96 97 973025-973028 88->97 93 973322-973338 call 9796e8 89->93 90->89 103 9732ed-9732fe call 9739b2 96->103 101 973029-973033 97->101 104 973039-97303d 101->104 105 9732c8-9732d4 call 979d66 101->105 117 973320 103->117 118 973300-97331d call 973ad9 call 973b1f call 978a72 103->118 108 973052-97305a 104->108 109 97303f-97304f call 973ba3 104->109 114 9732d9-9732de 105->114 112 9730b6-9730df call 979060 call 979d20 108->112 113 97305c-97305e 108->113 109->108 132 9730e1-9730f8 call 979cd0 112->132 133 9730fa-973100 112->133 119 973065 113->119 120 973060-973063 113->120 114->101 121 9732e4 114->121 117->93 118->117 124 973068-97306b 119->124 120->124 121->96 127 973070-973085 call 973904 124->127 128 97306d 124->128 139 973087-973098 call 979180 127->139 140 97309b-9730b0 call 97396c 127->140 128->127 132->133 147 973112-973121 call 9739b8 132->147 138 973105-97310d call 973ba3 133->138 150 97323b-973252 call 973971 138->150 139->140 140->112 154 973127-973136 call 9739b8 147->154 155 973239 147->155 150->105 158 973254-97326e call 97394b 150->158 161 97317f-97318e call 9739b8 154->161 162 973138-97314b call 979d20 154->162 155->150 164 973297-9732b2 call 97394b 158->164 165 973270-973273 158->165 176 973197-9731a6 call 9739b8 161->176 177 973190-973192 161->177 162->133 175 97314d-973160 call 979cd0 162->175 181 9732b7-9732bc call 973971 164->181 168 973275-973295 call 97394b 165->168 169 9732bf-9732c5 165->169 168->181 169->105 175->133 189 973162-97317a call 979d20 175->189 186 9731ac-9731bb call 9739b8 176->186 187 9731a8-9731aa 176->187 178 973223-973224 177->178 178->150 181->169 194 9731c1-9731d0 call 9739b8 186->194 195 9731bd-9731bf 186->195 187->178 189->150 198 973226-973236 call 973ba3 194->198 199 9731d2-9731e5 call 979d20 194->199 195->178 198->155 204 9731e7-9731fa call 979cd0 199->204 205 9731fc-973207 199->205 204->205 208 97320c-973221 call 979d20 204->208 205->138 208->178
                                                                                  APIs
                                                                                    • Part of subcall function 00973AD9: QueryPerformanceFrequency.KERNEL32(00995498,?,?,?,0097172C,00000000,checkAndLoadMain,(ZILjava/lang/String;)Ljava/lang/Class;), ref: 00973AEC
                                                                                  • _fgets.LIBCMT ref: 00973015
                                                                                  • _memmove.LIBCMT ref: 00973093
                                                                                  • _strlen.LIBCMT ref: 009730BA
                                                                                  • _strcspn.LIBCMT ref: 009730D0
                                                                                  • _strspn.LIBCMT ref: 009730EC
                                                                                    • Part of subcall function 00973BA3: _vwprintf.LIBCMT ref: 00973BB8
                                                                                    • Part of subcall function 00973BA3: _vswprintf_s.LIBCMT ref: 00973BD3
                                                                                    • Part of subcall function 00973BA3: MessageBoxA.USER32(00000000,00000000,Java Virtual Machine Launcher,00000010), ref: 00973BE9
                                                                                    • Part of subcall function 009739B8: _strlen.LIBCMT ref: 009739BC
                                                                                    • Part of subcall function 009739B8: _strncmp.LIBCMT ref: 009739CA
                                                                                  • _strcspn.LIBCMT ref: 0097313F
                                                                                  • _strspn.LIBCMT ref: 00973154
                                                                                  • _strcspn.LIBCMT ref: 0097316C
                                                                                  • _fgets.LIBCMT ref: 009732D4
                                                                                  Strings
                                                                                  • Warning: Unknown VM type on line %d of `%s', xrefs: 0097322C
                                                                                  • Error: could not open `%s', xrefs: 00972FF0
                                                                                  • VM_IF_SERVER_CLASS, xrefs: 00973284
                                                                                  • %ld micro seconds to parse jvm.cfg, xrefs: 00973313
                                                                                  • VM_ALIASED_TO, xrefs: 009732A6
                                                                                  • IF_SERVER_CLASS, xrefs: 009731C1
                                                                                  • ALIASED_TO, xrefs: 00973127
                                                                                  • name: %s vmType: %s alias: %s, xrefs: 009732B2
                                                                                  • ERROR, xrefs: 009731AC
                                                                                  • WARN, xrefs: 0097317F
                                                                                  • IGNORE, xrefs: 00973197
                                                                                  • KNOWN, xrefs: 00973112
                                                                                  • name: %s vmType: %s server_class: %s, xrefs: 00973290
                                                                                  • jvm.cfg[%d] = ->%s<-, xrefs: 00973242
                                                                                  • Warning: Missing VM type on line %d of `%s', xrefs: 00973100
                                                                                  • Warning: Missing server class VM on line %d of `%s', xrefs: 00973202
                                                                                  • Warning: No leading - on line %d of `%s', xrefs: 00973045
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2349921903.0000000000971000.00000020.00000001.01000000.00000006.sdmp, Offset: 00970000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2349906238.0000000000970000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349945499.000000000098C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349965643.0000000000994000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349983263.0000000000998000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_970000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: _strcspn$_fgets_strlen_strspn$FrequencyMessagePerformanceQuery_memmove_strncmp_vswprintf_s_vwprintf
                                                                                  • String ID: name: %s vmType: %s alias: %s$ name: %s vmType: %s server_class: %s$%ld micro seconds to parse jvm.cfg$ALIASED_TO$ERROR$Error: could not open `%s'$IF_SERVER_CLASS$IGNORE$KNOWN$VM_ALIASED_TO$VM_IF_SERVER_CLASS$WARN$Warning: Missing VM type on line %d of `%s'$Warning: Missing server class VM on line %d of `%s'$Warning: No leading - on line %d of `%s'$Warning: Unknown VM type on line %d of `%s'$jvm.cfg[%d] = ->%s<-
                                                                                  • API String ID: 297572648-2085308502
                                                                                  • Opcode ID: 4daba664aede0b071d9693977bfd2e71b4e2e70d065947008605841b78d9c294
                                                                                  • Instruction ID: 6881baae113710455343ea9aff40ba86f9bb62786cdda035749ae6ee311c7488
                                                                                  • Opcode Fuzzy Hash: 4daba664aede0b071d9693977bfd2e71b4e2e70d065947008605841b78d9c294
                                                                                  • Instruction Fuzzy Hash: 45A10873D08305AEEB256FA49C06F9D7BB8EF85314F20C01AF50CA71D2EB615A45EB41
                                                                                  Function 009747B7 Relevance: 47.5, APIs: 10, Strings: 17, Instructions: 208registryCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                    • Part of subcall function 00973A4E: GetModuleFileNameA.KERNEL32(00000000,?,?,?,009747E5,?,?,?,00000104), ref: 00973A5A
                                                                                    • Part of subcall function 00973A4E: _strrchr.LIBCMT ref: 00973A63
                                                                                    • Part of subcall function 00973A4E: _strrchr.LIBCMT ref: 00973A6E
                                                                                  • RegOpenKeyExA.ADVAPI32(80000002,Software\JavaSoft\Java Runtime Environment,00000000,00020019,?,_JAVA_SPLASH_FILE,?,00000104), ref: 009748B8
                                                                                    • Part of subcall function 00973B5D: _vswprintf_s.LIBCMT ref: 00973B7D
                                                                                  • __stat64i32.LIBCMT ref: 00974812
                                                                                  • _strlen.LIBCMT ref: 00974832
                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00974920
                                                                                  • RegOpenKeyExA.ADVAPI32(?,?,00000000,00020019,?), ref: 0097496E
                                                                                  • RegCloseKey.ADVAPI32(?), ref: 009749C6
                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00974A28
                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00974A2D
                                                                                    • Part of subcall function 00973A87: RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,00000104,Software\JavaSoft\Java Runtime Environment,?,?,?,00974909,?,CurrentVersion,?,00000104), ref: 00973AA5
                                                                                    • Part of subcall function 00973A87: RegQueryValueExA.ADVAPI32(00000001,?,00000000,00000000,?,00000104,?,?,?,00974909,?,CurrentVersion), ref: 00973ACA
                                                                                  • RegCloseKey.ADVAPI32(?), ref: 009749CB
                                                                                    • Part of subcall function 00973971: _vwprintf.LIBCMT ref: 00973983
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2349921903.0000000000971000.00000020.00000001.01000000.00000006.sdmp, Offset: 00970000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2349906238.0000000000970000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349945499.000000000098C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349965643.0000000000994000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349983263.0000000000998000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_970000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Close$OpenQueryValue_strrchr$FileModuleName__stat64i32_strlen_vswprintf_s_vwprintf
                                                                                  • String ID: %s\bin\java.dll$%s\jre\bin\java.dll$CurrentVersion$Error: Failed reading value of registry key:%s\CurrentVersion$Error: Registry key '%s'\CurrentVersion'has value '%s', but '%s' is required.$Error: could not find java.dll$Error: opening registry key '%s'$Failed reading value of registry key:%s\%s\JavaHome$Insufficient space to store JRE path$JRE path is %s$JavaHome$MicroVersion$Software\JavaSoft\Java Runtime Environment$Version major.minor.micro = %s.%s$Warning: Can't read MicroVersion$\jre$_JAVA_SPLASH_FILE
                                                                                  • API String ID: 3601377668-3297123116
                                                                                  • Opcode ID: 2390dec4583340d36958fb66cd2442f6675b34432b1dfad6125befa35e9b68aa
                                                                                  • Instruction ID: b80916613dded3f2e1133b727e690e045bbad0927905fe6f6313306e411f9e70
                                                                                  • Opcode Fuzzy Hash: 2390dec4583340d36958fb66cd2442f6675b34432b1dfad6125befa35e9b68aa
                                                                                  • Instruction Fuzzy Hash: 2651B77384510CAAEF30BBA49C46FEE3B6CEF85714F108056F90DA61C2EB7256049B61
                                                                                  Function 00974CDB Relevance: 19.3, APIs: 4, Strings: 7, Instructions: 72libraryCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 370 974cdb-974cfe 371 974d04-974d15 call 9747b7 370->371 372 974dae 370->372 377 974da4 371->377 378 974d1b-974d46 call 979060 * 3 371->378 374 974db0-974dc5 call 9796e8 372->374 377->372 386 974d57-974d83 call 979600 call 973971 call 97ae7d 378->386 387 974d48-974d4d call 973ba3 378->387 386->377 396 974d85-974d91 LoadLibraryA 386->396 390 974d52-974d55 387->390 390->374 396->377 397 974d93-974da2 call 973ba3 396->397 397->390
                                                                                  APIs
                                                                                    • Part of subcall function 009747B7: __stat64i32.LIBCMT ref: 00974812
                                                                                  • _strlen.LIBCMT ref: 00974D21
                                                                                  • _strlen.LIBCMT ref: 00974D2F
                                                                                  • _strlen.LIBCMT ref: 00974D3A
                                                                                  • LoadLibraryA.KERNEL32(?,?,?,?,?,?,\bin\verify.dll), ref: 00974D89
                                                                                    • Part of subcall function 00973BA3: _vwprintf.LIBCMT ref: 00973BB8
                                                                                    • Part of subcall function 00973BA3: _vswprintf_s.LIBCMT ref: 00973BD3
                                                                                    • Part of subcall function 00973BA3: MessageBoxA.USER32(00000000,00000000,Java Virtual Machine Launcher,00000010), ref: 00973BE9
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2349921903.0000000000971000.00000020.00000001.01000000.00000006.sdmp, Offset: 00970000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2349906238.0000000000970000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349945499.000000000098C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349965643.0000000000994000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349983263.0000000000998000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_970000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: _strlen$LibraryLoadMessage__stat64i32_vswprintf_s_vwprintf
                                                                                  • String ID: CRT path is %s$Error: Path length exceeds maximum length (PATH_MAX)$Error: loading: %s$\bin\$\bin\msvcr100.dll$\bin\verify.dll$msvcr100.dll
                                                                                  • API String ID: 3923379734-855819635
                                                                                  • Opcode ID: 7507d9db4b87a16826194d6751fbec099a177f7712770abc0f9d64093a519bcf
                                                                                  • Instruction ID: c9be3bc6e1f70e986a41a0ae36333d7afb1abae80a22693def147d2f582a43cc
                                                                                  • Opcode Fuzzy Hash: 7507d9db4b87a16826194d6751fbec099a177f7712770abc0f9d64093a519bcf
                                                                                  • Instruction Fuzzy Hash: 5C11E7736512089BDB20BBA8DC86FED33ACBF80708F508419F549D61C1EF3465488761
                                                                                  Function 00974F6F Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 103synchronizationthreadCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 400 974f6f-974f8f call 97af5a 402 974f94-974f9c 400->402 403 974f9e-974fb5 call 97af5a 402->403 404 974fb8-974fbe 402->404 403->404 406 974fc4-974fd6 call 978bb6 404->406 407 975051-975056 404->407 417 974feb-974ffb call 978bb6 406->417 418 974fd8-974fe3 call 98b3b9 406->418 408 975075-97507b 407->408 409 975058-975073 WaitForSingleObject GetExitCodeThread CloseHandle 407->409 412 97507e-975086 408->412 409->412 415 97508d-975091 412->415 416 975088 call 974472 412->416 416->415 424 975010-975016 417->424 425 974ffd-975008 call 98b3b9 417->425 418->417 426 974fe5 418->426 428 975043 424->428 429 975018-975020 424->429 425->424 434 97500a 425->434 426->417 432 975050 428->432 433 975045-97504f call 974e3a 428->433 431 975022-975031 call 98b3b9 429->431 429->432 439 975033 431->439 440 97503d 431->440 432->407 433->432 434->424 439->440 440->428
                                                                                  APIs
                                                                                  • __wgetenv.LIBCMT ref: 00974FC9
                                                                                  • __wgetenv.LIBCMT ref: 00974FF1
                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?), ref: 0097505B
                                                                                  • GetExitCodeThread.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 00975066
                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?), ref: 0097506D
                                                                                    • Part of subcall function 0097AF5A: ___set_flsgetvalue.LIBCMT ref: 0097AF7F
                                                                                    • Part of subcall function 0097AF5A: __calloc_crt.LIBCMT ref: 0097AF8B
                                                                                    • Part of subcall function 0097AF5A: __getptd.LIBCMT ref: 0097AF98
                                                                                    • Part of subcall function 0097AF5A: __initptd.LIBCMT ref: 0097AFA1
                                                                                    • Part of subcall function 0097AF5A: CreateThread.KERNEL32(?,?,0097AEF5,00000000,?,?), ref: 0097AFCF
                                                                                    • Part of subcall function 0097AF5A: GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 0097AFD9
                                                                                    • Part of subcall function 0097AF5A: _free.LIBCMT ref: 0097AFE2
                                                                                    • Part of subcall function 0097AF5A: __dosmaperr.LIBCMT ref: 0097AFED
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2349921903.0000000000971000.00000020.00000001.01000000.00000006.sdmp, Offset: 00970000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2349906238.0000000000970000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349945499.000000000098C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349965643.0000000000994000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349983263.0000000000998000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_970000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Thread__wgetenv$CloseCodeCreateErrorExitHandleLastObjectSingleWait___set_flsgetvalue__calloc_crt__dosmaperr__getptd__initptd_free
                                                                                  • String ID: J2D_D3D$J2D_D3D_PRELOAD$false$preloadD3D$true
                                                                                  • API String ID: 2452802370-3397395437
                                                                                  • Opcode ID: f15beab2c7c335e883dc83902d8d6f75cd97bca7aeeea70494399f377e85ecf1
                                                                                  • Instruction ID: bdeecb270cdbe6fc532e4a411693bfab61dadace8e72baa555301d68f295d163
                                                                                  • Opcode Fuzzy Hash: f15beab2c7c335e883dc83902d8d6f75cd97bca7aeeea70494399f377e85ecf1
                                                                                  • Instruction Fuzzy Hash: C93107B3804604BFCB22BF64AC45EAE3BACFBC5364B21821AF50CA2251F7754951D7A1
                                                                                  Function 0097141D Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 64COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 441 97141d-971456 call 979570 call 9739b2 446 9714c4-9714ea call 97396c 441->446 447 971458-97147b call 978a72 * 2 441->447 455 971482-9714a5 call 978a72 * 2 447->455 456 97147d 447->456 455->446 461 9714a7-9714c2 call 978a72 455->461 456->455 461->446
                                                                                  APIs
                                                                                  • _memset.LIBCMT ref: 0097142C
                                                                                    • Part of subcall function 00978A72: __stbuf.LIBCMT ref: 00978AC0
                                                                                    • Part of subcall function 00978A72: __ftbuf.LIBCMT ref: 00978AE9
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2349921903.0000000000971000.00000020.00000001.01000000.00000006.sdmp, Offset: 00970000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2349906238.0000000000970000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349945499.000000000098C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349965643.0000000000994000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349983263.0000000000998000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_970000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: __ftbuf__stbuf_memset
                                                                                  • String ID: option[%2d] = '%s'$JNI_FALSE$JNI_TRUE$JavaVM args: $ignoreUnrecognized is %s, $nOptions is %ld$version 0x%08lx,
                                                                                  • API String ID: 2530426458-3298565182
                                                                                  • Opcode ID: cc09938b4470cfefce327bcdc8a924b10ab646a41c3ef15a7b9e317994f20f54
                                                                                  • Instruction ID: 329828d4f45dd1cedcce661012b9e106c163097a7d2d5ed853cf33c05891567f
                                                                                  • Opcode Fuzzy Hash: cc09938b4470cfefce327bcdc8a924b10ab646a41c3ef15a7b9e317994f20f54
                                                                                  • Instruction Fuzzy Hash: 34119A72D40314BBCF11FBE89C06BAE7BA4EB84314F04C456F859A7271D671895097A1
                                                                                  Function 0097AF5A Relevance: 12.1, APIs: 8, Instructions: 63threadCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 478 97af5a-97af68 479 97af7e-97af96 call 97d34f call 97fe3d 478->479 480 97af6a-97af7c call 97ab01 call 97d2d6 478->480 489 97afe1-97afea call 978dd0 479->489 490 97af98-97afba call 97d50a call 97d3dd 479->490 491 97aff6-97aff9 480->491 497 97aff3 489->497 498 97afec-97aff2 call 97ab27 489->498 502 97afbf-97afd7 CreateThread 490->502 503 97afbc 490->503 501 97aff5 497->501 498->497 501->491 502->501 505 97afd9-97afdf GetLastError 502->505 503->502 505->489
                                                                                  APIs
                                                                                  • ___set_flsgetvalue.LIBCMT ref: 0097AF7F
                                                                                  • __calloc_crt.LIBCMT ref: 0097AF8B
                                                                                  • __getptd.LIBCMT ref: 0097AF98
                                                                                  • __initptd.LIBCMT ref: 0097AFA1
                                                                                  • CreateThread.KERNEL32(?,?,0097AEF5,00000000,?,?), ref: 0097AFCF
                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 0097AFD9
                                                                                  • _free.LIBCMT ref: 0097AFE2
                                                                                  • __dosmaperr.LIBCMT ref: 0097AFED
                                                                                    • Part of subcall function 0097AB01: __getptd_noexit.LIBCMT ref: 0097AB01
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2349921903.0000000000971000.00000020.00000001.01000000.00000006.sdmp, Offset: 00970000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2349906238.0000000000970000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349945499.000000000098C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349965643.0000000000994000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349983263.0000000000998000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_970000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__dosmaperr__getptd__getptd_noexit__initptd_free
                                                                                  • String ID:
                                                                                  • API String ID: 73303432-0
                                                                                  • Opcode ID: 8dc50a4023473c17c43b369d5035c7cc30381787370f7c64ee5ca55243ade110
                                                                                  • Instruction ID: 011d83be7cf77a1fc2e3c8b6011244fe2030f287a53e2eb22c333dfeb4544f0f
                                                                                  • Opcode Fuzzy Hash: 8dc50a4023473c17c43b369d5035c7cc30381787370f7c64ee5ca55243ade110
                                                                                  • Instruction Fuzzy Hash: F911E573205706AFDB10AFB5AC41B9F37ACEFC4764B10802AF91C86191EB71D9418766
                                                                                  Function 009733BA Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 195COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                    • Part of subcall function 0097443D: _memset.LIBCMT ref: 0097444A
                                                                                    • Part of subcall function 0097443D: InitCommonControlsEx.COMCTL32(?), ref: 0097445D
                                                                                    • Part of subcall function 00978A72: __stbuf.LIBCMT ref: 00978AC0
                                                                                    • Part of subcall function 00978A72: __ftbuf.LIBCMT ref: 00978AE9
                                                                                  • __wgetenv.LIBCMT ref: 009735AC
                                                                                    • Part of subcall function 009713BF: _strlen.LIBCMT ref: 009713D1
                                                                                    • Part of subcall function 009713BF: _strlen.LIBCMT ref: 009713DA
                                                                                    • Part of subcall function 009713BF: _strlen.LIBCMT ref: 009713E7
                                                                                    • Part of subcall function 009713BF: _sprintf.LIBCMT ref: 009713FE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2349921903.0000000000971000.00000020.00000001.01000000.00000006.sdmp, Offset: 00970000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2349906238.0000000000970000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349945499.000000000098C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349965643.0000000000994000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349983263.0000000000998000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_970000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: _strlen$CommonControlsInit__ftbuf__stbuf__wgetenv_memset_sprintf
                                                                                  • String ID: %ld micro seconds to LoadJavaVM$-Dsun.java.launcher.diag=true$CLASSPATH$Command line args:$argv[%d] = %s
                                                                                  • API String ID: 2460755827-597257649
                                                                                  • Opcode ID: 56d82e91b1e80a3fa5c7152baa0a04d369573cd4216816a0829322aaa22385f8
                                                                                  • Instruction ID: be60e02635ffe7a506d3864698dc940b6e1b3eefbb1c66b400e488a527f6c9d5
                                                                                  • Opcode Fuzzy Hash: 56d82e91b1e80a3fa5c7152baa0a04d369573cd4216816a0829322aaa22385f8
                                                                                  • Instruction Fuzzy Hash: 26711E739042489FDF25EFE8DC85ADE77B9BB48300F14811AE50DAB252EB315A45AB11
                                                                                  Function 0097AEF5 Relevance: 10.5, APIs: 7, Instructions: 34threadCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • ___set_flsgetvalue.LIBCMT ref: 0097AEFB
                                                                                    • Part of subcall function 0097D34F: TlsGetValue.KERNEL32(?,0097AF00), ref: 0097D358
                                                                                    • Part of subcall function 0097D34F: DecodePointer.KERNEL32(?,0097AF00), ref: 0097D36A
                                                                                    • Part of subcall function 0097D34F: TlsSetValue.KERNEL32(00000000,?,0097AF00), ref: 0097D379
                                                                                  • ___fls_getvalue@4.LIBCMT ref: 0097AF06
                                                                                    • Part of subcall function 0097D32F: TlsGetValue.KERNEL32(?,?,0097AF0B,00000000), ref: 0097D33D
                                                                                  • ___fls_setvalue@8.LIBCMT ref: 0097AF19
                                                                                    • Part of subcall function 0097D383: DecodePointer.KERNEL32(?,?,?,0097AF1E,00000000,?,00000000), ref: 0097D394
                                                                                  • GetLastError.KERNEL32(00000000,?,00000000), ref: 0097AF22
                                                                                  • ExitThread.KERNEL32 ref: 0097AF29
                                                                                  • GetCurrentThreadId.KERNEL32 ref: 0097AF2F
                                                                                  • __freefls@4.LIBCMT ref: 0097AF4F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2349921903.0000000000971000.00000020.00000001.01000000.00000006.sdmp, Offset: 00970000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2349906238.0000000000970000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349945499.000000000098C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349965643.0000000000994000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349983263.0000000000998000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_970000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Value$DecodePointerThread$CurrentErrorExitLast___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                                                                                  • String ID:
                                                                                  • API String ID: 2383549826-0
                                                                                  • Opcode ID: 834631f6a026fe0c7c5df3d5f7763e9703bc042cc5beb00647fa83b6aa1e71b8
                                                                                  • Instruction ID: 06e61041e55c18008234902301a756632cee80c9eb6b4b8e2c74c38f81e2c559
                                                                                  • Opcode Fuzzy Hash: 834631f6a026fe0c7c5df3d5f7763e9703bc042cc5beb00647fa83b6aa1e71b8
                                                                                  • Instruction Fuzzy Hash: 2BF01DB6502640EFCB04BF61D849E5E7BB9AEC4388325C458F80C87212DA39D8469BA2
                                                                                  Function 6B3DB2CD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41registryCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 728 6b3db2cd-6b3db2f7 RegOpenKeyExW 729 6b3db2f9-6b3db31c RegQueryValueExW 728->729 730 6b3db344-6b3db348 728->730 731 6b3db31e-6b3db326 729->731 732 6b3db33b-6b3db33e RegCloseKey 729->732 733 6b3db32e-6b3db339 call 6b403e50 731->733 734 6b3db328 731->734 732->730 733->732 734->733
                                                                                  APIs
                                                                                  • RegOpenKeyExW.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows,00000000,00000001,00000000), ref: 6B3DB2EF
                                                                                  • RegQueryValueExW.KERNEL32(00000000,GDIProcessHandleQuota,00000000,00000000,?,?), ref: 6B3DB314
                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 6B3DB33E
                                                                                  Strings
                                                                                  • GDIProcessHandleQuota, xrefs: 6B3DB305
                                                                                  • SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, xrefs: 6B3DB2E0
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: CloseOpenQueryValue
                                                                                  • String ID: GDIProcessHandleQuota$SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
                                                                                  • API String ID: 3677997916-3108655066
                                                                                  • Opcode ID: 5d8f6e7135f8cd0fbdb7fc36ae01608b634d3f62954977afcf38ed9f0d8cab43
                                                                                  • Instruction ID: 5ae1840dff183e605828a650b0197786819c4521ea6f029e1e424df84ab42bd2
                                                                                  • Opcode Fuzzy Hash: 5d8f6e7135f8cd0fbdb7fc36ae01608b634d3f62954977afcf38ed9f0d8cab43
                                                                                  • Instruction Fuzzy Hash: A6013176F00208FFEB10ABA8CD06F9D77B9EB44704F5000A4E611E6141E775DA08EB14
                                                                                  Function 009743EF Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 29libraryloaderCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 737 9743ef-9743f7 738 974431-974435 737->738 739 9743f9-974406 GetModuleHandleA 737->739 743 97443b-97443c 738->743 740 97440c-974420 GetProcAddress 739->740 741 974408-97440b 739->741 740->738 742 974422-97442f call 973ba3 740->742 742->741
                                                                                  APIs
                                                                                  • GetModuleHandleA.KERNEL32(jvm.dll,?,00971502,?,sun/launcher/LauncherHelper,00971530,?,?), ref: 009743FE
                                                                                  • GetProcAddress.KERNEL32(00000000,JVM_FindClassFromBootLoader), ref: 00974413
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2349921903.0000000000971000.00000020.00000001.01000000.00000006.sdmp, Offset: 00970000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2349906238.0000000000970000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349945499.000000000098C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349965643.0000000000994000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349983263.0000000000998000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_970000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressHandleModuleProc
                                                                                  • String ID: Error: loading: %s$JVM_FindClassFromBootLoader$jvm.dll
                                                                                  • API String ID: 1646373207-1240634009
                                                                                  • Opcode ID: 55a955c6d80b778915e8d701232e10ba47c86e6bf2496a566158aa0c73015d48
                                                                                  • Instruction ID: 34876ed83284e23e8b410dd2131624f57c15468e44aa13b51e0e6d68efe72587
                                                                                  • Opcode Fuzzy Hash: 55a955c6d80b778915e8d701232e10ba47c86e6bf2496a566158aa0c73015d48
                                                                                  • Instruction Fuzzy Hash: 3AE0923222E211EE9B607BA57C04E6B3BD8AB907A9311C016F40DE1170E735C8007B61
                                                                                  Function 0097151B Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 87COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _strlen.LIBCMT ref: 00971523
                                                                                    • Part of subcall function 00973BA3: _vwprintf.LIBCMT ref: 00973BB8
                                                                                    • Part of subcall function 00973BA3: _vswprintf_s.LIBCMT ref: 00973BD3
                                                                                    • Part of subcall function 00973BA3: MessageBoxA.USER32(00000000,00000000,Java Virtual Machine Launcher,00000010), ref: 00973BE9
                                                                                  Strings
                                                                                  • makePlatformString, xrefs: 00971592
                                                                                  • (Z[B)Ljava/lang/String;, xrefs: 0097158D
                                                                                  • Error: A JNI error has occurred, please check your installation and try again, xrefs: 00971539, 009715AA
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2349921903.0000000000971000.00000020.00000001.01000000.00000006.sdmp, Offset: 00970000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2349906238.0000000000970000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349945499.000000000098C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349965643.0000000000994000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349983263.0000000000998000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_970000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Message_strlen_vswprintf_s_vwprintf
                                                                                  • String ID: (Z[B)Ljava/lang/String;$Error: A JNI error has occurred, please check your installation and try again$makePlatformString
                                                                                  • API String ID: 1165818999-1765258479
                                                                                  • Opcode ID: 66e3ac734405fbecd0829fc773c6904e603b4a7453ae97c142af8b70f5c6a47c
                                                                                  • Instruction ID: 2dade876b92ca5a45d3993ccfd48d56fa0e7cf24961d1addefb9c89bdb2238c8
                                                                                  • Opcode Fuzzy Hash: 66e3ac734405fbecd0829fc773c6904e603b4a7453ae97c142af8b70f5c6a47c
                                                                                  • Instruction Fuzzy Hash: 3F21B632210601AFD7259FBDCC49EAA37FCEFC4744B10806AF84AC6251EB74CA809B64
                                                                                  Function 00974746 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __stat64i32.LIBCMT ref: 0097479E
                                                                                    • Part of subcall function 00973B5D: _vswprintf_s.LIBCMT ref: 00973B7D
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2349921903.0000000000971000.00000020.00000001.01000000.00000006.sdmp, Offset: 00970000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2349906238.0000000000970000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349945499.000000000098C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349965643.0000000000994000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349983263.0000000000998000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_970000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: __stat64i32_vswprintf_s
                                                                                  • String ID: %s\bin\%s\jvm.dll$%s\jvm.dll
                                                                                  • API String ID: 2146080085-3784575571
                                                                                  • Opcode ID: b1c5e367351dd5e1451ff501c5cfa5ae33c35ef3c686e92d12cda826e7274ca1
                                                                                  • Instruction ID: 9786204bd6e74648ea91da7ce65431e36d2d57ae7cad8c0b7b768b48517aeab4
                                                                                  • Opcode Fuzzy Hash: b1c5e367351dd5e1451ff501c5cfa5ae33c35ef3c686e92d12cda826e7274ca1
                                                                                  • Instruction Fuzzy Hash: A4F0F67350520979AB14BA74AC43EBF3BACCFC3754F50801AF80D991D2EF249A025166
                                                                                  Function 00973904 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _malloc.LIBCMT ref: 00973908
                                                                                    • Part of subcall function 0097A029: __FF_MSGBANNER.LIBCMT ref: 0097A042
                                                                                    • Part of subcall function 0097A029: __NMSG_WRITE.LIBCMT ref: 0097A049
                                                                                    • Part of subcall function 0097A029: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,0097FE09,?,00000001,?,?,0097CE37,00000018,00992708,0000000C,0097CEC7), ref: 0097A06E
                                                                                  • _perror.LIBCMT ref: 00973917
                                                                                    • Part of subcall function 00979F9B: ___lock_fhandle.LIBCMT ref: 00979FAE
                                                                                    • Part of subcall function 00979F9B: _strlen.LIBCMT ref: 00979FC5
                                                                                    • Part of subcall function 00979F9B: __write_nolock.LIBCMT ref: 00979FCD
                                                                                    • Part of subcall function 00979F9B: __write_nolock.LIBCMT ref: 00979FD9
                                                                                    • Part of subcall function 00979F9B: __get_sys_err_msg.LIBCMT ref: 00979FE8
                                                                                    • Part of subcall function 00979F9B: _strlen.LIBCMT ref: 00979FF0
                                                                                    • Part of subcall function 00979F9B: __write_nolock.LIBCMT ref: 00979FF8
                                                                                    • Part of subcall function 00979F9B: __write_nolock.LIBCMT ref: 0097A005
                                                                                    • Part of subcall function 00978A0A: _doexit.LIBCMT ref: 00978A16
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2349921903.0000000000971000.00000020.00000001.01000000.00000006.sdmp, Offset: 00970000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2349906238.0000000000970000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349945499.000000000098C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349965643.0000000000994000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349983263.0000000000998000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_970000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: __write_nolock$_strlen$AllocateHeap___lock_fhandle__get_sys_err_msg_doexit_malloc_perror
                                                                                  • String ID: malloc
                                                                                  • API String ID: 3076456297-2803490479
                                                                                  • Opcode ID: 17425402c8d6cc96a28444d76ecfa230c99acac66b5df31c5b41043336844899
                                                                                  • Instruction ID: 44e3be0b9dacbe992030fd1ea30413767e9817aee15f00ab670dc5fbb1d34031
                                                                                  • Opcode Fuzzy Hash: 17425402c8d6cc96a28444d76ecfa230c99acac66b5df31c5b41043336844899
                                                                                  • Instruction Fuzzy Hash: 75C09B173947015CDD1836659D17B1D6344EFC1F78F50C415F10CC40D2EDD19C415112
                                                                                  Function 0097AE95 Relevance: 4.5, APIs: 3, Instructions: 11threadCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __getptd_noexit.LIBCMT ref: 0097AE9A
                                                                                    • Part of subcall function 0097D491: GetLastError.KERNEL32(00000001,00000000,0097AB06,0097A0B2,00000000,?,0097FE09,?,00000001,?,?,0097CE37,00000018,00992708,0000000C,0097CEC7), ref: 0097D495
                                                                                    • Part of subcall function 0097D491: ___set_flsgetvalue.LIBCMT ref: 0097D4A3
                                                                                    • Part of subcall function 0097D491: __calloc_crt.LIBCMT ref: 0097D4B7
                                                                                    • Part of subcall function 0097D491: DecodePointer.KERNEL32(00000000,?,0097FE09,?,00000001,?,?,0097CE37,00000018,00992708,0000000C,0097CEC7,?,?,?,0097D5B5), ref: 0097D4D1
                                                                                    • Part of subcall function 0097D491: __initptd.LIBCMT ref: 0097D4E0
                                                                                    • Part of subcall function 0097D491: GetCurrentThreadId.KERNEL32 ref: 0097D4E7
                                                                                    • Part of subcall function 0097D491: SetLastError.KERNEL32(00000000,?,0097FE09,?,00000001,?,?,0097CE37,00000018,00992708,0000000C,0097CEC7,?,?,?,0097D5B5), ref: 0097D4FF
                                                                                  • __freeptd.LIBCMT ref: 0097AEA4
                                                                                    • Part of subcall function 0097D653: TlsGetValue.KERNEL32(?,?,0097AEA9,00000000,?,0097AED5,00000000), ref: 0097D674
                                                                                    • Part of subcall function 0097D653: TlsGetValue.KERNEL32(?,?,0097AEA9,00000000,?,0097AED5,00000000), ref: 0097D686
                                                                                    • Part of subcall function 0097D653: DecodePointer.KERNEL32(00000000,?,0097AEA9,00000000,?,0097AED5,00000000), ref: 0097D69C
                                                                                    • Part of subcall function 0097D653: __freefls@4.LIBCMT ref: 0097D6A7
                                                                                    • Part of subcall function 0097D653: TlsSetValue.KERNEL32(0000001B,00000000,?,0097AEA9,00000000,?,0097AED5,00000000), ref: 0097D6B9
                                                                                  • ExitThread.KERNEL32 ref: 0097AEAD
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2349921903.0000000000971000.00000020.00000001.01000000.00000006.sdmp, Offset: 00970000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2349906238.0000000000970000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349945499.000000000098C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349965643.0000000000994000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349983263.0000000000998000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_970000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Value$DecodeErrorLastPointerThread$CurrentExit___set_flsgetvalue__calloc_crt__freefls@4__freeptd__getptd_noexit__initptd
                                                                                  • String ID:
                                                                                  • API String ID: 779801232-0
                                                                                  • Opcode ID: 7efdc3e958486e0be5ca6c74bac9da0be471db1d4b376d75766b7e48aedae65d
                                                                                  • Instruction ID: 2b7044f39c8a47b55b678e3d84526e21d5b940014ce9d606e822947a931289da
                                                                                  • Opcode Fuzzy Hash: 7efdc3e958486e0be5ca6c74bac9da0be471db1d4b376d75766b7e48aedae65d
                                                                                  • Instruction Fuzzy Hash: 14C04C72005604AEDB103B62DC0EA1A3A6D9DC0755B55C011781E86161DE75E94195B5
                                                                                  Function 00979C59 Relevance: 3.0, APIs: 2, Instructions: 32COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 0097AB01: __getptd_noexit.LIBCMT ref: 0097AB01
                                                                                  • __lock_file.LIBCMT ref: 00979CA0
                                                                                    • Part of subcall function 00979B0E: __lock.LIBCMT ref: 00979B33
                                                                                  • __fclose_nolock.LIBCMT ref: 00979CAB
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2349921903.0000000000971000.00000020.00000001.01000000.00000006.sdmp, Offset: 00970000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2349906238.0000000000970000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349945499.000000000098C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349965643.0000000000994000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349983263.0000000000998000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_970000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                                  • String ID:
                                                                                  • API String ID: 2800547568-0
                                                                                  • Opcode ID: 50d0fd866e0032fc3ed105585844dce23239e5208a94431b15cfd5e176d6f521
                                                                                  • Instruction ID: b406343121a803cc5464cfb78d9a7cad86d7118c1f6ec58bf5a6f64dd46dd807
                                                                                  • Opcode Fuzzy Hash: 50d0fd866e0032fc3ed105585844dce23239e5208a94431b15cfd5e176d6f521
                                                                                  • Instruction Fuzzy Hash: 77F090738017059ADF11AB799802B6E7BE4AF81335F25C204E46DAA0D1C77C9A019A59
                                                                                  Function 0097AEB4 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __getptd.LIBCMT ref: 0097AEC0
                                                                                    • Part of subcall function 0097D50A: __getptd_noexit.LIBCMT ref: 0097D50D
                                                                                    • Part of subcall function 0097D50A: __amsg_exit.LIBCMT ref: 0097D51A
                                                                                    • Part of subcall function 0097AE95: __getptd_noexit.LIBCMT ref: 0097AE9A
                                                                                    • Part of subcall function 0097AE95: __freeptd.LIBCMT ref: 0097AEA4
                                                                                    • Part of subcall function 0097AE95: ExitThread.KERNEL32 ref: 0097AEAD
                                                                                  • __XcptFilter.LIBCMT ref: 0097AEE1
                                                                                    • Part of subcall function 0097EF45: __getptd_noexit.LIBCMT ref: 0097EF4B
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2349921903.0000000000971000.00000020.00000001.01000000.00000006.sdmp, Offset: 00970000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2349906238.0000000000970000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349945499.000000000098C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349965643.0000000000994000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349983263.0000000000998000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_970000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: __getptd_noexit$ExitFilterThreadXcpt__amsg_exit__freeptd__getptd
                                                                                  • String ID:
                                                                                  • API String ID: 418257734-0
                                                                                  • Opcode ID: 96c025f27afeb92a429f6794a5b633f74b91aa43e4dc966b118505487d0e9421
                                                                                  • Instruction ID: 2d9d5018b2874747bb3ac4ace3148910a714301fc86b5070b636d324077817d5
                                                                                  • Opcode Fuzzy Hash: 96c025f27afeb92a429f6794a5b633f74b91aa43e4dc966b118505487d0e9421
                                                                                  • Instruction Fuzzy Hash: 67E0ECB2901600AFDB18FBA0C906F2D7775AFC5305F214089F1056B2A2CA7599409A31
                                                                                  Function 0098887B Relevance: 3.0, APIs: 2, Instructions: 18COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __lock.LIBCMT ref: 00988893
                                                                                    • Part of subcall function 0097CEAC: __mtinitlocknum.LIBCMT ref: 0097CEC2
                                                                                    • Part of subcall function 0097CEAC: __amsg_exit.LIBCMT ref: 0097CECE
                                                                                    • Part of subcall function 0097CEAC: EnterCriticalSection.KERNEL32(?,?,?,0097D5B5,0000000D,00992790,00000008,0097AF54,?,00000000), ref: 0097CED6
                                                                                  • __tzset_nolock.LIBCMT ref: 009888A4
                                                                                    • Part of subcall function 0098819A: __lock.LIBCMT ref: 009881BC
                                                                                    • Part of subcall function 0098819A: ____lc_codepage_func.LIBCMT ref: 00988203
                                                                                    • Part of subcall function 0098819A: __getenv_helper_nolock.LIBCMT ref: 00988225
                                                                                    • Part of subcall function 0098819A: _free.LIBCMT ref: 0098825C
                                                                                    • Part of subcall function 0098819A: _strlen.LIBCMT ref: 00988263
                                                                                    • Part of subcall function 0098819A: __malloc_crt.LIBCMT ref: 0098826A
                                                                                    • Part of subcall function 0098819A: _strlen.LIBCMT ref: 00988280
                                                                                    • Part of subcall function 0098819A: _strcpy_s.LIBCMT ref: 0098828E
                                                                                    • Part of subcall function 0098819A: __invoke_watson.LIBCMT ref: 009882A3
                                                                                    • Part of subcall function 0098819A: _free.LIBCMT ref: 009882B2
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2349921903.0000000000971000.00000020.00000001.01000000.00000006.sdmp, Offset: 00970000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2349906238.0000000000970000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349945499.000000000098C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349965643.0000000000994000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349983263.0000000000998000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_970000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: __lock_free_strlen$CriticalEnterSection____lc_codepage_func__amsg_exit__getenv_helper_nolock__invoke_watson__malloc_crt__mtinitlocknum__tzset_nolock_strcpy_s
                                                                                  • String ID:
                                                                                  • API String ID: 1828324828-0
                                                                                  • Opcode ID: a52d3481c237a64d42523d118a6dbe38eeb5ee19d7283f806b40deadcac5f035
                                                                                  • Instruction ID: b66f9a5d12dc9adf23dd3cdc8c6ce5733ed455e43be139860103726283af6477
                                                                                  • Opcode Fuzzy Hash: a52d3481c237a64d42523d118a6dbe38eeb5ee19d7283f806b40deadcac5f035
                                                                                  • Instruction Fuzzy Hash: 3BE0C23248A610EAC721BBA45A0372EB3706FC4B22FD0411AB028262D3CE340545D7A1
                                                                                  Function 009787B2 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ___crtCorExitProcess.LIBCMT ref: 009787BA
                                                                                    • Part of subcall function 00978787: GetModuleHandleW.KERNEL32(mscoree.dll,?,009787BF,?,?,0097A058,000000FF,0000001E,00000001,00000000,00000000,?,0097FE09,?,00000001,?), ref: 00978791
                                                                                    • Part of subcall function 00978787: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 009787A1
                                                                                  • ExitProcess.KERNEL32 ref: 009787C3
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2349921903.0000000000971000.00000020.00000001.01000000.00000006.sdmp, Offset: 00970000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2349906238.0000000000970000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349945499.000000000098C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349965643.0000000000994000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349983263.0000000000998000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_970000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                  • String ID:
                                                                                  • API String ID: 2427264223-0
                                                                                  • Opcode ID: a91a35ad5adb6256db5d323320869c97099261e3b51595095d4a280a8e63005a
                                                                                  • Instruction ID: 3c26aa14aa3c80bde405f900c3901e4b90a2932d367b59bd26ecd5c3ab7cc948
                                                                                  • Opcode Fuzzy Hash: a91a35ad5adb6256db5d323320869c97099261e3b51595095d4a280a8e63005a
                                                                                  • Instruction Fuzzy Hash: 60B09B71004148FBCF052F11DC0DC493F15DB807D1B148010F41909131DF719D929695
                                                                                  Function 00973339 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2349921903.0000000000971000.00000020.00000001.01000000.00000006.sdmp, Offset: 00970000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2349906238.0000000000970000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349945499.000000000098C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349965643.0000000000994000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349983263.0000000000998000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_970000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: _memset
                                                                                  • String ID:
                                                                                  • API String ID: 2102423945-0
                                                                                  • Opcode ID: 838ce81d5203a807885f79cd7ffbc7e8435ea88e7520a698b211e04a19a86474
                                                                                  • Instruction ID: 9da569bc49d744cefe49923e4120900c28e28666e94f8d8b012c19098b901134
                                                                                  • Opcode Fuzzy Hash: 838ce81d5203a807885f79cd7ffbc7e8435ea88e7520a698b211e04a19a86474
                                                                                  • Instruction Fuzzy Hash: EF1195B6900349AFCB11DF98D941ADE77F8BB48704F508415FD18EB201E774EA558BA1
                                                                                  Function 0097AE7D Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2349921903.0000000000971000.00000020.00000001.01000000.00000006.sdmp, Offset: 00970000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2349906238.0000000000970000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349945499.000000000098C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349965643.0000000000994000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349983263.0000000000998000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_970000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: __waccess_s
                                                                                  • String ID:
                                                                                  • API String ID: 4272103461-0
                                                                                  • Opcode ID: ef7a6628b8ba34dfa5084db135283d76d392227949a9b5e0c08c397448921cd0
                                                                                  • Instruction ID: 8279353c021af3bf837f782e5b701e5f01f6b82c61ee491a5b5e8a5eae2c2a0a
                                                                                  • Opcode Fuzzy Hash: ef7a6628b8ba34dfa5084db135283d76d392227949a9b5e0c08c397448921cd0
                                                                                  • Instruction Fuzzy Hash: 51C09B3305410D7F9F155DE5EC01D593F59D6C47707108115F91C894D1DD32D5515541
                                                                                  Function 00978A0A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _doexit.LIBCMT ref: 00978A16
                                                                                    • Part of subcall function 009788CA: __lock.LIBCMT ref: 009788D8
                                                                                    • Part of subcall function 009788CA: DecodePointer.KERNEL32(00992500,00000020,00978A31,?,00000001,00000000,?,00978A71,000000FF,?,0097CED3,00000011,?,?,0097D5B5,0000000D), ref: 00978914
                                                                                    • Part of subcall function 009788CA: DecodePointer.KERNEL32(?,00978A71,000000FF,?,0097CED3,00000011,?,?,0097D5B5,0000000D,00992790,00000008,0097AF54,?,00000000), ref: 00978925
                                                                                    • Part of subcall function 009788CA: DecodePointer.KERNEL32(-00000004,?,00978A71,000000FF,?,0097CED3,00000011,?,?,0097D5B5,0000000D,00992790,00000008,0097AF54,?,00000000), ref: 0097894B
                                                                                    • Part of subcall function 009788CA: DecodePointer.KERNEL32(?,00978A71,000000FF,?,0097CED3,00000011,?,?,0097D5B5,0000000D,00992790,00000008,0097AF54,?,00000000), ref: 0097895E
                                                                                    • Part of subcall function 009788CA: DecodePointer.KERNEL32(?,00978A71,000000FF,?,0097CED3,00000011,?,?,0097D5B5,0000000D,00992790,00000008,0097AF54,?,00000000), ref: 00978968
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2349921903.0000000000971000.00000020.00000001.01000000.00000006.sdmp, Offset: 00970000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2349906238.0000000000970000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349945499.000000000098C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349965643.0000000000994000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349983263.0000000000998000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_970000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: DecodePointer$__lock_doexit
                                                                                  • String ID:
                                                                                  • API String ID: 3343572566-0
                                                                                  • Opcode ID: b7f9ddcf0c01e83a82a0f1c6c29853ea6c7db7599a0eb0d3eddd439c3244ce42
                                                                                  • Instruction ID: 7f281c9e5d2c6c217251010576fb1c9981e7fd13d23124510a32a8ee22999c3b
                                                                                  • Opcode Fuzzy Hash: b7f9ddcf0c01e83a82a0f1c6c29853ea6c7db7599a0eb0d3eddd439c3244ce42
                                                                                  • Instruction Fuzzy Hash: FCB0927258020873DA202542AC0BF463B0A8BC0B60E644460BA1C1D1A1A9A2A961808A
                                                                                  Function 00979F5A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2349921903.0000000000971000.00000020.00000001.01000000.00000006.sdmp, Offset: 00970000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2349906238.0000000000970000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349945499.000000000098C000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349965643.0000000000994000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2349983263.0000000000998000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_970000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: __fsopen
                                                                                  • String ID:
                                                                                  • API String ID: 3646066109-0
                                                                                  • Opcode ID: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
                                                                                  • Instruction ID: 26289dced78999f812c2fcca710bce1417ec8e97e7c4296a574fe9c97089dcd6
                                                                                  • Opcode Fuzzy Hash: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
                                                                                  • Instruction Fuzzy Hash: C1C0927384820C77CF112A86EC02F4A3F1ADBC0770F048020FB1C1D161AA73EA61968A

                                                                                  Non-executed Functions

                                                                                  Function 6ADD1D4B Relevance: 44.0, APIs: 22, Strings: 3, Instructions: 258encryptionCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CertOpenSystemStoreA.CRYPT32(00000000,00000000), ref: 6ADD1D94
                                                                                  • ??2@YAPAXI@Z.MSVCR100(?), ref: 6ADD1DA8
                                                                                  • CertCreateCertificateContext.CRYPT32(00000001,00000000,?), ref: 6ADD1DCA
                                                                                  • GetLastError.KERNEL32 ref: 6ADD1DD7
                                                                                  • ??2@YAPAXI@Z.MSVCR100(00000000), ref: 6ADD1E08
                                                                                  • memcpy.MSVCR100(00000000,00000000,00000000), ref: 6ADD1E29
                                                                                  • CertSetCertificateContextProperty.CRYPT32(?,0000000B,00000000,?), ref: 6ADD1E5B
                                                                                  • CryptGetProvParam.ADVAPI32(?,00000006,00000000,?,00000000), ref: 6ADD1E92
                                                                                  • ??2@YAPAXI@Z.MSVCR100(?), ref: 6ADD1E9F
                                                                                  • CryptGetProvParam.ADVAPI32(?,00000006,00000000,?,00000000), ref: 6ADD1EB6
                                                                                  • ??2@YAPAXI@Z.MSVCR100(00000000), ref: 6ADD1ED2
                                                                                  • mbstowcs.MSVCR100 ref: 6ADD1EE4
                                                                                  • GetLastError.KERNEL32 ref: 6ADD2001
                                                                                  Strings
                                                                                  • java/security/KeyStoreException, xrefs: 6ADD2008
                                                                                  • @Hu, xrefs: 6ADD1E8C
                                                                                  • java/security/cert/CertificateParsingException, xrefs: 6ADD1DDE
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371186328.000000006ADD1000.00000020.00000001.01000000.00000018.sdmp, Offset: 6ADD0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371148872.000000006ADD0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371227574.000000006ADD4000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371263832.000000006ADD7000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6add0000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ??2@$Cert$CertificateContextCryptErrorLastParamProv$CreateOpenPropertyStoreSystemmbstowcsmemcpy
                                                                                  • String ID: @Hu$java/security/KeyStoreException$java/security/cert/CertificateParsingException
                                                                                  • API String ID: 3293420089-2780686040
                                                                                  • Opcode ID: 3bc307f7ec033f9ce5a5bd417d30a4fcad5638c089446f64a8ae4b0fdfc19440
                                                                                  • Instruction ID: 11344b9c48e0438a28f6a2f843296876b63ba23f0ac90d6ea1ee7514602bdd4e
                                                                                  • Opcode Fuzzy Hash: 3bc307f7ec033f9ce5a5bd417d30a4fcad5638c089446f64a8ae4b0fdfc19440
                                                                                  • Instruction Fuzzy Hash: 35911DB2900209AFEF11AFA5CD85EEE7BB9FF48304F524069F915E6160EB359851CF60
                                                                                  Function 6ADD13AC Relevance: 42.3, APIs: 13, Strings: 11, Instructions: 264encryptionCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CertOpenSystemStoreA.CRYPT32(00000000,00000000), ref: 6ADD13E2
                                                                                  • GetLastError.KERNEL32 ref: 6ADD13EF
                                                                                    • Part of subcall function 6ADD1033: FormatMessageA.KERNEL32(00001000,00000000,?,00000000,?,00000400,00000000,00000000,?), ref: 6ADD106F
                                                                                    • Part of subcall function 6ADD1033: strcpy.MSVCR100(00000000,Unknown error), ref: 6ADD1085
                                                                                  • CertEnumCertificatesInStore.CRYPT32(?,?), ref: 6ADD14B3
                                                                                  • CryptAcquireCertificatePrivateKey.CRYPT32(00000000,00000000,00000000,?,?,?), ref: 6ADD14E7
                                                                                  • CryptGetUserKey.ADVAPI32(?,?,?), ref: 6ADD1504
                                                                                  • CryptReleaseContext.ADVAPI32(?,00000000), ref: 6ADD1517
                                                                                  • CryptSetKeyParam.ADVAPI32(?,00000004,00000002,00000000), ref: 6ADD1530
                                                                                  • CertGetPublicKeyLength.CRYPT32(00010001,?), ref: 6ADD1542
                                                                                  • CertGetNameStringA.CRYPT32(?,00000005,00000000,00000000,00000000,00000000), ref: 6ADD15B6
                                                                                  • ??2@YAPAXI@Z.MSVCR100(00000000), ref: 6ADD15C5
                                                                                  • CertGetNameStringA.CRYPT32(?,00000005,00000000,00000000,00000000,?), ref: 6ADD15D7
                                                                                  • CryptGetKeyParam.ADVAPI32(?,00000007,0000A400,00000004,00000000), ref: 6ADD1667
                                                                                  • CertFreeCertificateChain.CRYPT32(?), ref: 6ADD16AC
                                                                                  Strings
                                                                                  • java/security/KeyStoreException, xrefs: 6ADD13F6
                                                                                  • (Ljava/lang/String;Ljava/util/Collection;)V, xrefs: 6ADD1471
                                                                                  • 2.5.29.37.0, xrefs: 6ADD1553
                                                                                  • generateRSAKeyAndCertificateChain, xrefs: 6ADD1495
                                                                                  • <init>, xrefs: 6ADD1431
                                                                                  • ()V, xrefs: 6ADD142C
                                                                                  • java/util/ArrayList, xrefs: 6ADD141A
                                                                                  • generateCertificateChain, xrefs: 6ADD1476
                                                                                  • (Ljava/lang/String;JJILjava/util/Collection;)V, xrefs: 6ADD1490
                                                                                  • ([BLjava/util/Collection;)V, xrefs: 6ADD1456
                                                                                  • generateCertificate, xrefs: 6ADD145B
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371186328.000000006ADD1000.00000020.00000001.01000000.00000018.sdmp, Offset: 6ADD0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371148872.000000006ADD0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371227574.000000006ADD4000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371263832.000000006ADD7000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6add0000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Cert$Crypt$CertificateNameParamStoreString$??2@AcquireCertificatesChainContextEnumErrorFormatFreeLastLengthMessageOpenPrivatePublicReleaseSystemUserstrcpy
                                                                                  • String ID: ()V$(Ljava/lang/String;JJILjava/util/Collection;)V$(Ljava/lang/String;Ljava/util/Collection;)V$([BLjava/util/Collection;)V$2.5.29.37.0$<init>$generateCertificate$generateCertificateChain$generateRSAKeyAndCertificateChain$java/security/KeyStoreException$java/util/ArrayList
                                                                                  • API String ID: 187037290-2068384264
                                                                                  • Opcode ID: ed50274c80db12276991639eac0c619d25e56a925e625002255c0191f9404efa
                                                                                  • Instruction ID: f6ed6c3a597becc671c259e19b784f88128b07de8f61a777727a62d5399d2f7e
                                                                                  • Opcode Fuzzy Hash: ed50274c80db12276991639eac0c619d25e56a925e625002255c0191f9404efa
                                                                                  • Instruction Fuzzy Hash: 55A105B5900218EFDB11AFE5CC88DAEBBB9FF49304F26441AF955A6221DB358941CF20
                                                                                  Function 6B3EEC97 Relevance: 28.4, APIs: 14, Strings: 2, Instructions: 394COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3EECB0
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  • memset.MSVCR100 ref: 6B3EED56
                                                                                  • GetLocaleInfoW.KERNEL32(00000400,0000000D,00000000,00000000), ref: 6B3EEDD1
                                                                                  • GetLocaleInfoW.KERNEL32(00000400,0000000D,00000000,?), ref: 6B3EEE05
                                                                                  • wcscmp.MSVCR100 ref: 6B3EEE13
                                                                                  • free.MSVCR100 ref: 6B3EEE29
                                                                                    • Part of subcall function 6B3EEA3D: GlobalLock.KERNEL32(?), ref: 6B3EEA92
                                                                                    • Part of subcall function 6B3EEA3D: GlobalUnlock.KERNEL32(?), ref: 6B3EEAAF
                                                                                  • GlobalLock.KERNEL32(?), ref: 6B3EEEDD
                                                                                  • _control87.MSVCR100 ref: 6B3EEEF9
                                                                                  • _control87.MSVCR100 ref: 6B3EEF15
                                                                                  • _control87.MSVCR100 ref: 6B3EEF23
                                                                                  • GlobalUnlock.KERNEL32(?), ref: 6B3EEF54
                                                                                  • _CxxThrowException.MSVCR100(?,6B429388), ref: 6B3EEFBC
                                                                                  • GlobalLock.KERNEL32(00000000), ref: 6B3EF025
                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 6B3EF057
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Global$LockUnlock_control87$ExceptionInfoLocaleThrow$CreateCurrentEnv@8EventH_prolog3_catchObjectSingleThreadWaitfreememsetwcscmp
                                                                                  • String ID: WINSPOOL$f4@k\4@kR4@kH4@k
                                                                                  • API String ID: 2622641891-2559286835
                                                                                  • Opcode ID: b67ff7b5e741653d59f9deb8c86f118530abb0d503732c6bb65430993c102403
                                                                                  • Instruction ID: 767c2773bc45cb94b8a53d84103f4e2299c12ab7250f6f92d21e7bd9e4dbe585
                                                                                  • Opcode Fuzzy Hash: b67ff7b5e741653d59f9deb8c86f118530abb0d503732c6bb65430993c102403
                                                                                  • Instruction Fuzzy Hash: BEE18C71A04228EFDF019FA4DC49EEE7BB9EF08314F10415BF815AA251DB3AD916DB60
                                                                                  Function 6ADD1719 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 181encryptionCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CryptCreateHash.ADVAPI32(?,00000000,00000000,00000000,?,?), ref: 6ADD17AB
                                                                                  • CryptGetProvParam.ADVAPI32(?,00000006,?,?,00000000), ref: 6ADD17CC
                                                                                  • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000018,00000000), ref: 6ADD17DE
                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6ADD2EC9,6ADD4568), ref: 6ADD17E8
                                                                                    • Part of subcall function 6ADD1033: FormatMessageA.KERNEL32(00001000,00000000,?,00000000,?,00000400,00000000,00000000,?), ref: 6ADD106F
                                                                                    • Part of subcall function 6ADD1033: strcpy.MSVCR100(00000000,Unknown error), ref: 6ADD1085
                                                                                  • CryptCreateHash.ADVAPI32(?,?,00000000,00000000,?), ref: 6ADD180E
                                                                                  • ??2@YAPAXI@Z.MSVCR100(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6ADD2EC9), ref: 6ADD1817
                                                                                  • CryptSetHashParam.ADVAPI32(?,00000002,00000000,00000000), ref: 6ADD183C
                                                                                  • CryptGetKeyParam.ADVAPI32(?,00000007,?,?,00000000), ref: 6ADD1861
                                                                                  • CryptSignHashA.ADVAPI32(?,?,00000000,?,00000000,?), ref: 6ADD18A4
                                                                                  • ??2@YAPAXI@Z.MSVCR100(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6ADD2EC9), ref: 6ADD18B1
                                                                                  • CryptSignHashA.ADVAPI32(?,?,00000000,?,00000000,?), ref: 6ADD18CC
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371186328.000000006ADD1000.00000020.00000001.01000000.00000018.sdmp, Offset: 6ADD0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371148872.000000006ADD0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371227574.000000006ADD4000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371263832.000000006ADD7000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6add0000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Crypt$Hash$Param$??2@CreateSign$AcquireContextErrorFormatLastMessageProvstrcpy
                                                                                  • String ID: @Hu$java/security/SignatureException
                                                                                  • API String ID: 3960205242-408869091
                                                                                  • Opcode ID: e488db793767d1993625d3ad2f4429dae3d6e49191314ca672e6a8216762f0c4
                                                                                  • Instruction ID: 521c62005e5b74e482619b6b578dea706d4a8d2756d61d720c4a23e385a0e0f8
                                                                                  • Opcode Fuzzy Hash: e488db793767d1993625d3ad2f4429dae3d6e49191314ca672e6a8216762f0c4
                                                                                  • Instruction Fuzzy Hash: 6361D4B2900248EFEB11EFA5DC84EEEBBBDFF49354F11412AF515A6160DB359A058B30
                                                                                  Function 6ADD20B5 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 114encryptionstringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CertOpenSystemStoreA.CRYPT32(00000000,00000000), ref: 6ADD20FB
                                                                                  • ??2@YAPAXI@Z.MSVCR100(?), ref: 6ADD210F
                                                                                  • CertCreateCertificateContext.CRYPT32(00000001,00000000,?), ref: 6ADD2131
                                                                                  • GetLastError.KERNEL32 ref: 6ADD213E
                                                                                  • CertFindCertificateInStore.CRYPT32(?,00000001,00000000,000D0000,00000000,00000000), ref: 6ADD215C
                                                                                  • CertGetNameStringA.CRYPT32(00000000,00000005,00000000,00000000,00000000,00000000), ref: 6ADD2176
                                                                                  • ??2@YAPAXI@Z.MSVCR100(00000000), ref: 6ADD2181
                                                                                  • CertGetNameStringA.CRYPT32(?,00000005,00000000,00000000,00000000,?), ref: 6ADD2198
                                                                                  • strcmp.MSVCR100 ref: 6ADD21B2
                                                                                  • CertDeleteCertificateFromStore.CRYPT32(?), ref: 6ADD21C0
                                                                                  • GetLastError.KERNEL32 ref: 6ADD21D1
                                                                                  Strings
                                                                                  • java/security/KeyStoreException, xrefs: 6ADD21D8
                                                                                  • java/security/cert/CertificateParsingException, xrefs: 6ADD2145
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371186328.000000006ADD1000.00000020.00000001.01000000.00000018.sdmp, Offset: 6ADD0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371148872.000000006ADD0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371227574.000000006ADD4000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371263832.000000006ADD7000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6add0000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Cert$CertificateStore$??2@ErrorLastNameString$ContextCreateDeleteFindFromOpenSystemstrcmp
                                                                                  • String ID: java/security/KeyStoreException$java/security/cert/CertificateParsingException
                                                                                  • API String ID: 2771413984-3008713396
                                                                                  • Opcode ID: 3bff854b6255ea66467c29f6018a9a2f26c2dd1a54a68af294bdf45dcfe72797
                                                                                  • Instruction ID: 5e8df6d29ec9e0758ffb5cc695be2c533b97f87caa907879b654f556ab80f784
                                                                                  • Opcode Fuzzy Hash: 3bff854b6255ea66467c29f6018a9a2f26c2dd1a54a68af294bdf45dcfe72797
                                                                                  • Instruction Fuzzy Hash: C54115B1900249AFDB11AFA5CC88DAFBEBDFF89714F12445AF914E2260DB718951CF60
                                                                                  Function 6B37E2C0 Relevance: 21.5, APIs: 10, Strings: 2, Instructions: 451COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _Region_GetInfo@12.AWT(?,?,?), ref: 6B37E36B
                                                                                  • _GrPrim_CompGetXorColor@8.AWT(?,?), ref: 6B37E5F4
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Color@8CompInfo@12Prim_Region_
                                                                                  • String ID: Initialization of surface region data failed.$z4@kp4@kf4@k\4@kR4@kH4@k
                                                                                  • API String ID: 3400371845-3867772273
                                                                                  • Opcode ID: 7706a6eaa1f71cef9945cf4a6a4b8faa8142e1f04e33465ad82b283ffbac8782
                                                                                  • Instruction ID: 4bf0dc2ea180331289eb267c27b443a8d86ab77c78764218da80e7bbf76b8a0b
                                                                                  • Opcode Fuzzy Hash: 7706a6eaa1f71cef9945cf4a6a4b8faa8142e1f04e33465ad82b283ffbac8782
                                                                                  • Instruction Fuzzy Hash: 97027C74A107189FDB24EFA8C984A9EBBF9FF89314F10466CE8469B644D739E801CF54
                                                                                  Function 6ADD1968 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 142encryptionCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CryptCreateHash.ADVAPI32(?,00000000,00000000,00000000,?,?), ref: 6ADD1A03
                                                                                  • CryptGetProvParam.ADVAPI32(?,00000006,?,?,00000000), ref: 6ADD1A28
                                                                                  • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000018,00000000), ref: 6ADD1A3A
                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6ADD2EC9,6ADD4588,000000FE), ref: 6ADD1A44
                                                                                    • Part of subcall function 6ADD1033: FormatMessageA.KERNEL32(00001000,00000000,?,00000000,?,00000400,00000000,00000000,?), ref: 6ADD106F
                                                                                    • Part of subcall function 6ADD1033: strcpy.MSVCR100(00000000,Unknown error), ref: 6ADD1085
                                                                                  • CryptCreateHash.ADVAPI32(?,?,00000000,00000000,?), ref: 6ADD1A6A
                                                                                  • ??2@YAPAXI@Z.MSVCR100(?,?,?,?,?,?,?,?,?,?,?,?,?,6ADD2EC9,6ADD4588,000000FE), ref: 6ADD1A77
                                                                                  • ??2@YAPAXI@Z.MSVCR100(?,?,?,?,?,?,?,?,?,?,?,?,?,6ADD2EC9,6ADD4588,000000FE), ref: 6ADD1A95
                                                                                  • CryptSetHashParam.ADVAPI32(?,00000002,?,00000000), ref: 6ADD1AB9
                                                                                  • CryptVerifySignatureA.ADVAPI32(?,?,?,?,00000000,00000000), ref: 6ADD1AD2
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371186328.000000006ADD1000.00000020.00000001.01000000.00000018.sdmp, Offset: 6ADD0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371148872.000000006ADD0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371227574.000000006ADD4000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371263832.000000006ADD7000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6add0000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Crypt$Hash$??2@CreateParam$AcquireContextErrorFormatLastMessageProvSignatureVerifystrcpy
                                                                                  • String ID: @Hu$java/security/SignatureException
                                                                                  • API String ID: 3803360647-408869091
                                                                                  • Opcode ID: 012df42985ca45f9180f28dd7cc9b3cb53732b6b52df8150a81090dc4e8c53af
                                                                                  • Instruction ID: 3aaef2437444e32dde3c10b6d263ba9b9e69bb25d87cc9540a548858b5521923
                                                                                  • Opcode Fuzzy Hash: 012df42985ca45f9180f28dd7cc9b3cb53732b6b52df8150a81090dc4e8c53af
                                                                                  • Instruction Fuzzy Hash: 7C51E5B2900148AFEB21EFA4DD84EEEBBBDFB09354F11412AF945E6250DB315A15CB70
                                                                                  Function 6ADD22F9 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 88encryptionstringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CertOpenSystemStoreA.CRYPT32(00000000,?), ref: 6ADD2345
                                                                                  • GetLastError.KERNEL32 ref: 6ADD2352
                                                                                    • Part of subcall function 6ADD1033: FormatMessageA.KERNEL32(00001000,00000000,?,00000000,?,00000400,00000000,00000000,?), ref: 6ADD106F
                                                                                    • Part of subcall function 6ADD1033: strcpy.MSVCR100(00000000,Unknown error), ref: 6ADD1085
                                                                                  • CertEnumCertificatesInStore.CRYPT32(?,?), ref: 6ADD238B
                                                                                  • CertGetNameStringA.CRYPT32(00000000,00000005,00000000,00000000,00000000,00000000), ref: 6ADD239F
                                                                                  • ??2@YAPAXI@Z.MSVCR100(00000000), ref: 6ADD23A9
                                                                                  • CertGetNameStringA.CRYPT32(?,00000005,00000000,00000000,00000000,00000000), ref: 6ADD23BB
                                                                                  • strcmp.MSVCR100 ref: 6ADD23C8
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6ADD23D6
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6ADD23DE
                                                                                  Strings
                                                                                  • java/security/KeyStoreException, xrefs: 6ADD2359
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371186328.000000006ADD1000.00000020.00000001.01000000.00000018.sdmp, Offset: 6ADD0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371148872.000000006ADD0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371227574.000000006ADD4000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371263832.000000006ADD7000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6add0000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Cert$??3@NameStoreString$??2@CertificatesEnumErrorFormatLastMessageOpenSystemstrcmpstrcpy
                                                                                  • String ID: java/security/KeyStoreException
                                                                                  • API String ID: 2166897449-1849184896
                                                                                  • Opcode ID: 7b4568bcc6a48db8343952d878f3ca617779ddf13022eb76c72398741afbd78a
                                                                                  • Instruction ID: 8b1c5125ff1df7502fc5b362d86a3885b489cd7186f536899ceebcf41157ab2a
                                                                                  • Opcode Fuzzy Hash: 7b4568bcc6a48db8343952d878f3ca617779ddf13022eb76c72398741afbd78a
                                                                                  • Instruction Fuzzy Hash: D2212971901229EBDB117FA48C489EFBEBCFF49729B13405AF414A6261DB7188419BB0
                                                                                  Function 6ADD2423 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 72encryptionCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CryptAcquireCertificatePrivateKey.CRYPT32(?,00000000,00000000,?,00000001), ref: 6ADD244E
                                                                                  • GetLastError.KERNEL32(?,?,?,?,00000000,6ADD4648,00000010), ref: 6ADD2458
                                                                                  • CryptGetUserKey.ADVAPI32(?,00000001,?,?,?,?,?,00000000,6ADD4648,00000010), ref: 6ADD2470
                                                                                  • CryptAcquireContextA.ADVAPI32(?,J2SE,00000000,00000001,?,?,?,?,00000000,6ADD4648,00000010), ref: 6ADD248B
                                                                                  • CryptAcquireContextA.ADVAPI32(?,J2SE,00000000,00000001,00000008,?,?,?,?,00000000,6ADD4648,00000010), ref: 6ADD249B
                                                                                  • CryptImportPublicKeyInfo.CRYPT32(?,00000001,?,?), ref: 6ADD24B4
                                                                                  • GetLastError.KERNEL32(?,?,?,?,00000000,6ADD4648,00000010), ref: 6ADD24BE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371186328.000000006ADD1000.00000020.00000001.01000000.00000018.sdmp, Offset: 6ADD0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371148872.000000006ADD0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371227574.000000006ADD4000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371263832.000000006ADD7000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6add0000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Crypt$Acquire$ContextErrorLast$CertificateImportInfoPrivatePublicUser
                                                                                  • String ID: J2SE$java/security/KeyException$java/security/KeyStoreException
                                                                                  • API String ID: 3404145759-3936572714
                                                                                  • Opcode ID: 98056248b78b9f0696dd0b22e0a225cd8338f2336ebfd376d3a5713e2348129a
                                                                                  • Instruction ID: d1817acb640866e37335f64d9a6848ebd6935656fdb7ee930cfebac589f134c6
                                                                                  • Opcode Fuzzy Hash: 98056248b78b9f0696dd0b22e0a225cd8338f2336ebfd376d3a5713e2348129a
                                                                                  • Instruction Fuzzy Hash: BA213BB1900209EFEF00AFA4CC85EEF7BBCBB58348F428065FA14E2160DB7499558B70
                                                                                  Function 6ADD120D Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 116encryptionCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000001,F0000000,6ADD4528,0000001C), ref: 6ADD123A
                                                                                  • GetLastError.KERNEL32 ref: 6ADD1244
                                                                                  • CryptGenRandom.ADVAPI32(?,00000000,00000000), ref: 6ADD1296
                                                                                  • GetLastError.KERNEL32 ref: 6ADD12A0
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371186328.000000006ADD1000.00000020.00000001.01000000.00000018.sdmp, Offset: 6ADD0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371148872.000000006ADD0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371227574.000000006ADD4000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371263832.000000006ADD7000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6add0000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: CryptErrorLast$AcquireContextRandom
                                                                                  • String ID: java/security/ProviderException
                                                                                  • API String ID: 2197978674-946105719
                                                                                  • Opcode ID: 17ea03f78267d558667dce410f4c52859573c43a524725f340ef9c9fd43f3c29
                                                                                  • Instruction ID: 8dfafcef0c72e2676f6f86275589421e8d678ee5dcad7b3d0f17a77b237eaee0
                                                                                  • Opcode Fuzzy Hash: 17ea03f78267d558667dce410f4c52859573c43a524725f340ef9c9fd43f3c29
                                                                                  • Instruction Fuzzy Hash: AC41E6B1900219EFDB11AFA4CC88AAE7ABCFF4A344F564069F944E7260DB319D418F75
                                                                                  Function 6ADD2D25 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 90encryptionCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000018,F0000000), ref: 6ADD2D7F
                                                                                  • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000001,F0000000), ref: 6ADD2D92
                                                                                  • GetLastError.KERNEL32 ref: 6ADD2D98
                                                                                    • Part of subcall function 6ADD1033: FormatMessageA.KERNEL32(00001000,00000000,?,00000000,?,00000400,00000000,00000000,?), ref: 6ADD106F
                                                                                    • Part of subcall function 6ADD1033: strcpy.MSVCR100(00000000,Unknown error), ref: 6ADD1085
                                                                                  • CryptImportKey.ADVAPI32(?,?,?,00000000,00000001,?), ref: 6ADD2DBF
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371186328.000000006ADD1000.00000020.00000001.01000000.00000018.sdmp, Offset: 6ADD0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371148872.000000006ADD0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371227574.000000006ADD4000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371263832.000000006ADD7000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6add0000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Crypt$AcquireContext$ErrorFormatImportLastMessagestrcpy
                                                                                  • String ID: (JJI)V$<init>$java/security/KeyStoreException$sun/security/mscapi/RSAPublicKey
                                                                                  • API String ID: 331414879-423964784
                                                                                  • Opcode ID: b6f0a37766823b4bf530db32a68ef21c171438d6d25d4311d4d6ee704ba334ee
                                                                                  • Instruction ID: acaf3fb56e79bed6b1a006f64bd60fc36e0d8d18bf09354a0f7794cd88158fd8
                                                                                  • Opcode Fuzzy Hash: b6f0a37766823b4bf530db32a68ef21c171438d6d25d4311d4d6ee704ba334ee
                                                                                  • Instruction Fuzzy Hash: 113149B5940609AFDB21AFA5CC88EEEBABCAF89704F124059F550F2121DB7189418B74
                                                                                  Function 6ADD1B50 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 86encryptionCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000018,00000008), ref: 6ADD1BA1
                                                                                  • CryptAcquireContextA.ADVAPI32(?,?,00000000,00000001,00000008), ref: 6ADD1BB3
                                                                                  • GetLastError.KERNEL32 ref: 6ADD1BB9
                                                                                    • Part of subcall function 6ADD1033: FormatMessageA.KERNEL32(00001000,00000000,?,00000000,?,00000400,00000000,00000000,?), ref: 6ADD106F
                                                                                    • Part of subcall function 6ADD1033: strcpy.MSVCR100(00000000,Unknown error), ref: 6ADD1085
                                                                                  • CryptGenKey.ADVAPI32(?,00000001,?,?), ref: 6ADD1BDC
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371186328.000000006ADD1000.00000020.00000001.01000000.00000018.sdmp, Offset: 6ADD0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371148872.000000006ADD0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371227574.000000006ADD4000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371263832.000000006ADD7000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6add0000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Crypt$AcquireContext$ErrorFormatLastMessagestrcpy
                                                                                  • String ID: (JJI)V$<init>$java/security/KeyException$sun/security/mscapi/RSAKeyPair
                                                                                  • API String ID: 1658231493-1798225431
                                                                                  • Opcode ID: 2b5ed630d4fbf9cf45cb0b333b6b9e4cf3a37d82f5e9f9148c65ce71891ab953
                                                                                  • Instruction ID: a1b7f01b305905e29a1ddfc2fac9bd587be577428c7f41b290058fcf0f87ed0a
                                                                                  • Opcode Fuzzy Hash: 2b5ed630d4fbf9cf45cb0b333b6b9e4cf3a37d82f5e9f9148c65ce71891ab953
                                                                                  • Instruction Fuzzy Hash: F42139B1940209AFEB10AFA8CC88EEEBABCFF09344F524425F654F6161DB3199458B70
                                                                                  Function 6ADD2BF6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 89encryptionCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CryptAcquireContextA.ADVAPI32(?,?,00000000,00000001,00000008), ref: 6ADD2C63
                                                                                  • GetLastError.KERNEL32 ref: 6ADD2C6D
                                                                                    • Part of subcall function 6ADD1033: FormatMessageA.KERNEL32(00001000,00000000,?,00000000,?,00000400,00000000,00000000,?), ref: 6ADD106F
                                                                                    • Part of subcall function 6ADD1033: strcpy.MSVCR100(00000000,Unknown error), ref: 6ADD1085
                                                                                  • CryptImportKey.ADVAPI32(?,?,00000000,00000000,00000001,?), ref: 6ADD2C92
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371186328.000000006ADD1000.00000020.00000001.01000000.00000018.sdmp, Offset: 6ADD0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371148872.000000006ADD0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371227574.000000006ADD4000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371263832.000000006ADD7000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6add0000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Crypt$AcquireContextErrorFormatImportLastMessagestrcpy
                                                                                  • String ID: (JJI)V$<init>$java/security/KeyStoreException$sun/security/mscapi/RSAPrivateKey
                                                                                  • API String ID: 2527704668-4223174467
                                                                                  • Opcode ID: 65c4be4f559d859216d76b3fdd8b960ab02b9f702bef385df66a5adb0e32b01f
                                                                                  • Instruction ID: 68c081e7f50d3537a6bcc6e4ee8d58dc84e7f371ea489224e786a05aa5c29932
                                                                                  • Opcode Fuzzy Hash: 65c4be4f559d859216d76b3fdd8b960ab02b9f702bef385df66a5adb0e32b01f
                                                                                  • Instruction Fuzzy Hash: F83138B1900609AFDB11AFA9CC88DEEBAFDEF89304F124056F550F2221DB7589418F70
                                                                                  Function 6ADD2E44 Relevance: 10.6, APIs: 7, Instructions: 58COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • IsDebuggerPresent.KERNEL32 ref: 6ADD3346
                                                                                  • _crt_debugger_hook.MSVCR100(00000001), ref: 6ADD3353
                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6ADD335B
                                                                                  • UnhandledExceptionFilter.KERNEL32(6ADD442C), ref: 6ADD3366
                                                                                  • _crt_debugger_hook.MSVCR100(00000001), ref: 6ADD3377
                                                                                  • GetCurrentProcess.KERNEL32(C0000409), ref: 6ADD3382
                                                                                  • TerminateProcess.KERNEL32(00000000), ref: 6ADD3389
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371186328.000000006ADD1000.00000020.00000001.01000000.00000018.sdmp, Offset: 6ADD0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371148872.000000006ADD0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371227574.000000006ADD4000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371263832.000000006ADD7000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6add0000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ExceptionFilterProcessUnhandled_crt_debugger_hook$CurrentDebuggerPresentTerminate
                                                                                  • String ID:
                                                                                  • API String ID: 3369434319-0
                                                                                  • Opcode ID: fca63cd608707a7d742b45a9a16cdf1fac3646a666e3358cc61889945afdd4ef
                                                                                  • Instruction ID: 8686c91947350a8614dac315468c278b890098a57b5a7bd3a6b9f55ace42c2a3
                                                                                  • Opcode Fuzzy Hash: fca63cd608707a7d742b45a9a16cdf1fac3646a666e3358cc61889945afdd4ef
                                                                                  • Instruction Fuzzy Hash: EF21BDB4921204DFEF40FF64D589A687BFCBB0A305F01801EE50AC7252EBB45D858F99
                                                                                  Function 6ADD1CBB Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 48encryptionCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CryptGetKeyParam.ADVAPI32(?,00000007,?,?,00000000), ref: 6ADD1CE5
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371186328.000000006ADD1000.00000020.00000001.01000000.00000018.sdmp, Offset: 6ADD0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371148872.000000006ADD0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371227574.000000006ADD4000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371263832.000000006ADD7000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6add0000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: CryptParam
                                                                                  • String ID: %lu$<Unknown>$Exchange$Signature
                                                                                  • API String ID: 613387857-1214046568
                                                                                  • Opcode ID: 8b8aea6c28c07bc1e2219ac9e2df617c9f9de62a9b5401c2e7b81e904e5b64f9
                                                                                  • Instruction ID: 832d226e8a589b39c384ff984877b525cb932edbc4bc6d472e21ae84a6faaf08
                                                                                  • Opcode Fuzzy Hash: 8b8aea6c28c07bc1e2219ac9e2df617c9f9de62a9b5401c2e7b81e904e5b64f9
                                                                                  • Instruction Fuzzy Hash: D3015EB1A5020DEFDF10EF98C948EDDBBB8EF05709F464015FA51A2160DF70AA4ACB61
                                                                                  Function 6ADD256A Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 110encryptionCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ??2@YAPAXI@Z.MSVCR100(00000000), ref: 6ADD259A
                                                                                  • CryptEncrypt.ADVAPI32(?,00000000,00000001,00000000,00000000,00000001,?), ref: 6ADD25CB
                                                                                  • GetLastError.KERNEL32 ref: 6ADD25D5
                                                                                    • Part of subcall function 6ADD1033: FormatMessageA.KERNEL32(00001000,00000000,?,00000000,?,00000400,00000000,00000000,?), ref: 6ADD106F
                                                                                    • Part of subcall function 6ADD1033: strcpy.MSVCR100(00000000,Unknown error), ref: 6ADD1085
                                                                                  • CryptDecrypt.ADVAPI32(?,00000000,00000001,00000000,00000000,?), ref: 6ADD2654
                                                                                  Strings
                                                                                  • java/security/KeyException, xrefs: 6ADD25DC
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371186328.000000006ADD1000.00000020.00000001.01000000.00000018.sdmp, Offset: 6ADD0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371148872.000000006ADD0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371227574.000000006ADD4000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371263832.000000006ADD7000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6add0000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Crypt$??2@DecryptEncryptErrorFormatLastMessagestrcpy
                                                                                  • String ID: java/security/KeyException
                                                                                  • API String ID: 540380147-513935434
                                                                                  • Opcode ID: bb89af89516fdfc48d5e18949c2ff4ac1c2613c0f06df0d85f621fb7db27f4c7
                                                                                  • Instruction ID: b0ee21ab2c7e2300e234a7c464eaf7dd03917078d422b9f17c5081044f025389
                                                                                  • Opcode Fuzzy Hash: bb89af89516fdfc48d5e18949c2ff4ac1c2613c0f06df0d85f621fb7db27f4c7
                                                                                  • Instruction Fuzzy Hash: 6B4149B060424AAFDB15DFA8D9889AE3FB9EF19308F5600ADF845E7251DB3188518B31
                                                                                  Function 6ADD26A7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58encryptionCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CryptExportKey.ADVAPI32(?,00000000,00000006,00000000,00000000,?,6ADD46A8,00000014), ref: 6ADD26D0
                                                                                  • GetLastError.KERNEL32 ref: 6ADD26D6
                                                                                    • Part of subcall function 6ADD1033: FormatMessageA.KERNEL32(00001000,00000000,?,00000000,?,00000400,00000000,00000000,?), ref: 6ADD106F
                                                                                    • Part of subcall function 6ADD1033: strcpy.MSVCR100(00000000,Unknown error), ref: 6ADD1085
                                                                                  • ??2@YAPAXI@Z.MSVCR100(?), ref: 6ADD26F2
                                                                                  • CryptExportKey.ADVAPI32(?,00000000,00000006,00000000,00000000,?), ref: 6ADD2709
                                                                                  Strings
                                                                                  • java/security/KeyException, xrefs: 6ADD26DD
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371186328.000000006ADD1000.00000020.00000001.01000000.00000018.sdmp, Offset: 6ADD0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371148872.000000006ADD0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371227574.000000006ADD4000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371263832.000000006ADD7000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6add0000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: CryptExport$??2@ErrorFormatLastMessagestrcpy
                                                                                  • String ID: java/security/KeyException
                                                                                  • API String ID: 2237053403-513935434
                                                                                  • Opcode ID: 0a49b996668976b2166cfc20b475fd1c59065b80ca91b3207c10e30a55aeaf97
                                                                                  • Instruction ID: 49ff46bba4c35b579746b3bdb815e49f0b61d1c0b9732dd816c363d862d89946
                                                                                  • Opcode Fuzzy Hash: 0a49b996668976b2166cfc20b475fd1c59065b80ca91b3207c10e30a55aeaf97
                                                                                  • Instruction Fuzzy Hash: 2511F5B1901209EBDB20AFA5CC48DAFBABDFF89744F12405AF965A61A0DB315911CB70
                                                                                  Function 6ADD1B16 Relevance: 6.0, APIs: 4, Instructions: 20encryptionCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,6ADD1AEC,?,?,?,?,?,?,?,?,?,?,?,?,6ADD2EC9,6ADD4588), ref: 6ADD1B1E
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,6ADD1AEC,?,?,?,?,?,?,?,?,?,?,?,?,6ADD2EC9,6ADD4588), ref: 6ADD1B2C
                                                                                  • CryptDestroyHash.ADVAPI32(?,6ADD1AEC,?,?,?,?,?,?,?,?,?,?,?,?,6ADD2EC9,6ADD4588), ref: 6ADD1B3A
                                                                                  • CryptReleaseContext.ADVAPI32(?,00000000,6ADD1AEC,?,?,?,?,?,?,?,?,?,?,?,?,6ADD2EC9), ref: 6ADD1B49
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371186328.000000006ADD1000.00000020.00000001.01000000.00000018.sdmp, Offset: 6ADD0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371148872.000000006ADD0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371227574.000000006ADD4000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371263832.000000006ADD7000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6add0000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ??3@Crypt$ContextDestroyHashRelease
                                                                                  • String ID:
                                                                                  • API String ID: 1700615305-0
                                                                                  • Opcode ID: 5f2a25db74e71fd2402a2219b228091aaa261cd24f7d08c5cd6ed320cccb2ca3
                                                                                  • Instruction ID: e8b0b0ce9c5dda2f81aeb9633a678d630903070ecec83633babfb8317523fcbb
                                                                                  • Opcode Fuzzy Hash: 5f2a25db74e71fd2402a2219b228091aaa261cd24f7d08c5cd6ed320cccb2ca3
                                                                                  • Instruction Fuzzy Hash: 10E07532C20169DFDF01AFD0D8889DCBAB9FB0971AB5340A9E118700709B314C50DB34
                                                                                  Function 6ADD192E Relevance: 6.0, APIs: 4, Instructions: 20encryptionCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,6ADD1904), ref: 6ADD1936
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,6ADD1904), ref: 6ADD1944
                                                                                  • CryptDestroyHash.ADVAPI32(?,6ADD1904), ref: 6ADD1952
                                                                                  • CryptReleaseContext.ADVAPI32(?,00000000,6ADD1904), ref: 6ADD1961
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371186328.000000006ADD1000.00000020.00000001.01000000.00000018.sdmp, Offset: 6ADD0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371148872.000000006ADD0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371227574.000000006ADD4000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371263832.000000006ADD7000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6add0000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ??3@Crypt$ContextDestroyHashRelease
                                                                                  • String ID:
                                                                                  • API String ID: 1700615305-0
                                                                                  • Opcode ID: bdbb9e1decad9e9fea80a9bde6a69e3c33bae578435a7b2c25f096dc1304de4d
                                                                                  • Instruction ID: 0ccf393f126638f720d549c4aa5fac67513940d2d8ca1a8820b1e22e91af0ada
                                                                                  • Opcode Fuzzy Hash: bdbb9e1decad9e9fea80a9bde6a69e3c33bae578435a7b2c25f096dc1304de4d
                                                                                  • Instruction Fuzzy Hash: 06E07532C10159EBEF016FA1E8848ADBA79FF00716B538069F125700718B310851DF20
                                                                                  Function 6ADD2274 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35encryptionCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000001,00000010), ref: 6ADD22AC
                                                                                  • GetLastError.KERNEL32 ref: 6ADD22B6
                                                                                    • Part of subcall function 6ADD1033: FormatMessageA.KERNEL32(00001000,00000000,?,00000000,?,00000400,00000000,00000000,?), ref: 6ADD106F
                                                                                    • Part of subcall function 6ADD1033: strcpy.MSVCR100(00000000,Unknown error), ref: 6ADD1085
                                                                                  Strings
                                                                                  • java/security/KeyStoreException, xrefs: 6ADD22BD
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371186328.000000006ADD1000.00000020.00000001.01000000.00000018.sdmp, Offset: 6ADD0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371148872.000000006ADD0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371227574.000000006ADD4000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371263832.000000006ADD7000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6add0000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: AcquireContextCryptErrorFormatLastMessagestrcpy
                                                                                  • String ID: java/security/KeyStoreException
                                                                                  • API String ID: 1975011473-1849184896
                                                                                  • Opcode ID: 69e0fdbac0b7e0126f13c646b9c7028cff5f616cabfbc1141ede1d49dc270dc2
                                                                                  • Instruction ID: db86e028dfa5965449be6ac87c28b0074448562ca12db3756a4171b0524973bf
                                                                                  • Opcode Fuzzy Hash: 69e0fdbac0b7e0126f13c646b9c7028cff5f616cabfbc1141ede1d49dc270dc2
                                                                                  • Instruction Fuzzy Hash: 67F049B1900205ABDB10BFA58C08E9EBABCBF99304F02054AF550E7161CBB485109F71
                                                                                  Function 6ADD2500 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31encryptionCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CryptGetKeyParam.ADVAPI32(?,00000009,?,00000004,00000000,?,?,?,?,?,?,?,6ADD4668,00000010), ref: 6ADD2529
                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,6ADD4668,00000010), ref: 6ADD2533
                                                                                    • Part of subcall function 6ADD1033: FormatMessageA.KERNEL32(00001000,00000000,?,00000000,?,00000400,00000000,00000000,?), ref: 6ADD106F
                                                                                    • Part of subcall function 6ADD1033: strcpy.MSVCR100(00000000,Unknown error), ref: 6ADD1085
                                                                                  Strings
                                                                                  • java/security/KeyException, xrefs: 6ADD253A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371186328.000000006ADD1000.00000020.00000001.01000000.00000018.sdmp, Offset: 6ADD0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371148872.000000006ADD0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371227574.000000006ADD4000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371263832.000000006ADD7000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6add0000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: CryptErrorFormatLastMessageParamstrcpy
                                                                                  • String ID: java/security/KeyException
                                                                                  • API String ID: 17190833-513935434
                                                                                  • Opcode ID: e63c45f88f6d465607c245b05008604a38d61daa051a32e4f6b4032b66ce2f16
                                                                                  • Instruction ID: 3bc5a43a58a7cd1299ec3c837f59c5e6ac1ede0fcb51754466b56f23f607fee9
                                                                                  • Opcode Fuzzy Hash: e63c45f88f6d465607c245b05008604a38d61daa051a32e4f6b4032b66ce2f16
                                                                                  • Instruction Fuzzy Hash: 5CF01DB1900209EEDB00EFA4CC08EEE7BBCBF08304F024566E511E21A1EB3099158F71
                                                                                  Function 6B3E69B7 Relevance: 4.5, APIs: 3, Instructions: 26COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetLocaleInfoW.KERNEL32(?,00001004,?,00000007), ref: 6B3E69D7
                                                                                  • _wtoi.MSVCR100(?), ref: 6B3E69E5
                                                                                  • GetACP.KERNEL32 ref: 6B3E69EE
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: InfoLocale_wtoi
                                                                                  • String ID:
                                                                                  • API String ID: 2158664808-0
                                                                                  • Opcode ID: e47118e8de30a3bea1921dc0857bc04b7d81148fa25cc1ce0ecc73d530f0feda
                                                                                  • Instruction ID: 59dfa85f80de56b9b76853c169278a09669c781d5eeb1d4f9915a4fe5c023c72
                                                                                  • Opcode Fuzzy Hash: e47118e8de30a3bea1921dc0857bc04b7d81148fa25cc1ce0ecc73d530f0feda
                                                                                  • Instruction Fuzzy Hash: 5AE06530A00208EBDF00EFB8CA49FAE77FCAB08705B40042EF602D6181DB34D505D761
                                                                                  Function 6ADD1C59 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29encryptionCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CryptGetProvParam.ADVAPI32(?,00000006,?,?,00000000), ref: 6ADD1C96
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371186328.000000006ADD1000.00000020.00000001.01000000.00000018.sdmp, Offset: 6ADD0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371148872.000000006ADD0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371227574.000000006ADD4000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371263832.000000006ADD7000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6add0000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: CryptParamProv
                                                                                  • String ID: @Hu
                                                                                  • API String ID: 4265472505-509163104
                                                                                  • Opcode ID: ae9a277fed6746643d0bcb43f9156a4bc3c4659247939b967c0d1ab69a1892e6
                                                                                  • Instruction ID: 060454c77f8bc00804539cb2e473cbeab15ce5565237e3f365851a0bf2d4a237
                                                                                  • Opcode Fuzzy Hash: ae9a277fed6746643d0bcb43f9156a4bc3c4659247939b967c0d1ab69a1892e6
                                                                                  • Instruction Fuzzy Hash: F9F01D75910218ABDB10DF54CC49BEEB7B8AF19304F004095E585A7180DBB06E848BA1
                                                                                  Function 6ADD1363 Relevance: 3.0, APIs: 2, Instructions: 27encryptionCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,6ADD1353), ref: 6ADD1381
                                                                                  • CryptReleaseContext.ADVAPI32(?,00000000,6ADD1353), ref: 6ADD13A5
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371186328.000000006ADD1000.00000020.00000001.01000000.00000018.sdmp, Offset: 6ADD0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371148872.000000006ADD0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371227574.000000006ADD4000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371263832.000000006ADD7000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6add0000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ??3@ContextCryptRelease
                                                                                  • String ID:
                                                                                  • API String ID: 2205233037-0
                                                                                  • Opcode ID: d2b5994e1330deca66d428832e24dbf2fad205c08986e1736c95b65991943824
                                                                                  • Instruction ID: caa925e4d76c1869e5b74d6f04b9186bfa7c990ebece1c97976989b981dc7249
                                                                                  • Opcode Fuzzy Hash: d2b5994e1330deca66d428832e24dbf2fad205c08986e1736c95b65991943824
                                                                                  • Instruction Fuzzy Hash: 86F05A32801159EFDF02AFD4D948AEEBABAFF09301F5240A9F255750618B358951DF24
                                                                                  Function 6ADD16EE Relevance: 3.0, APIs: 2, Instructions: 15encryptionCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CryptDestroyKey.ADVAPI32(?), ref: 6ADD16FC
                                                                                  • CryptReleaseContext.ADVAPI32(?,00000000), ref: 6ADD170F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371186328.000000006ADD1000.00000020.00000001.01000000.00000018.sdmp, Offset: 6ADD0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371148872.000000006ADD0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371227574.000000006ADD4000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371263832.000000006ADD7000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6add0000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Crypt$ContextDestroyRelease
                                                                                  • String ID:
                                                                                  • API String ID: 1322390979-0
                                                                                  • Opcode ID: b8dc043b463cc28d835e7c6ac4a7088708d683f44aab9ecde36e9ad7c567d00c
                                                                                  • Instruction ID: 8ec01a31936eb7edb8dcf2bb05e60af22be130daf17466e26dbda60db577b658
                                                                                  • Opcode Fuzzy Hash: b8dc043b463cc28d835e7c6ac4a7088708d683f44aab9ecde36e9ad7c567d00c
                                                                                  • Instruction Fuzzy Hash: A7D0423115024EDBDB00AF04D88AA9A3BA8FB15741F414410F81592161D731E8609BA0
                                                                                  Function 6B3F6800 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetKeyboardState.USER32(6B44E460), ref: 6B3F6887
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: KeyboardState
                                                                                  • String ID:
                                                                                  • API String ID: 1724228437-0
                                                                                  • Opcode ID: 292e14a04146e5979bfff35bb9f627e5395692d1910a3ead4eb8b9995b302c24
                                                                                  • Instruction ID: 981542f0c430e8af5db97590d4fa9c7bb1f04cc28e866faffada1e90ade6b329
                                                                                  • Opcode Fuzzy Hash: 292e14a04146e5979bfff35bb9f627e5395692d1910a3ead4eb8b9995b302c24
                                                                                  • Instruction Fuzzy Hash: 31116D317102118BE7109AA9D8D4B8EB39EDBC9721F10497AE959DB341C72EFCC2C792
                                                                                  Function 6ADD24F0 Relevance: 1.5, APIs: 1, Instructions: 6encryptionCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CryptReleaseContext.ADVAPI32(?,00000000,6ADD24E1,?,?,?,?,00000000,6ADD4648,00000010), ref: 6ADD24F9
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371186328.000000006ADD1000.00000020.00000001.01000000.00000018.sdmp, Offset: 6ADD0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371148872.000000006ADD0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371227574.000000006ADD4000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371263832.000000006ADD7000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6add0000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ContextCryptRelease
                                                                                  • String ID:
                                                                                  • API String ID: 829835001-0
                                                                                  • Opcode ID: 2c5f6871f641612e385feed7af2efe4511426b43ded83f904659d0346c1502f2
                                                                                  • Instruction ID: 9a324bae04e29e8dc0110db0af320fb243196088ce96e3e8a52bc304a56555e4
                                                                                  • Opcode Fuzzy Hash: 2c5f6871f641612e385feed7af2efe4511426b43ded83f904659d0346c1502f2
                                                                                  • Instruction Fuzzy Hash: 5BB00271C0014BDFEF016F91D98457E7A7DFF51345752C065E525710648A390D15DF50
                                                                                  Function 6B36AD60 Relevance: .1, Instructions: 92COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 13d04c81870f823ea261a0a934e3f9b1b60f862b2337b1ce74e9a8aa7c241b14
                                                                                  • Instruction ID: c15bdd94653f19bbf349199af8b300bf7393da85f028a65065a6145327e54be2
                                                                                  • Opcode Fuzzy Hash: 13d04c81870f823ea261a0a934e3f9b1b60f862b2337b1ce74e9a8aa7c241b14
                                                                                  • Instruction Fuzzy Hash: D341A4314263AA9EC31EDE38D687742FFA9BF43708771259ED0429E4B4D2362112CBA5
                                                                                  Function 6B3D6B1C Relevance: 60.2, APIs: 20, Strings: 20, Instructions: 200COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: wcsstr
                                                                                  • String ID: ANSI_CHARSET$ARABIC_CHARSET$BALTIC_CHARSET$CHINESEBIG5_CHARSET$DEFAULT_CHARSET$EASTEUROPE_CHARSET$GB2312_CHARSET$GREEK_CHARSET$HANGEUL_CHARSET$HEBREW_CHARSET$JOHAB_CHARSET$MAC_CHARSET$OEM_CHARSET$RUSSIAN_CHARSET$SHIFTJIS_CHARSET$SYMBOL_CHARSET$THAI_CHARSET$TURKISH_CHARSET$VIETNAMESE_CHARSET$WingDings
                                                                                  • API String ID: 2735924446-499274865
                                                                                  • Opcode ID: 0e70c56e8fbb128783c732dc2fab555ab145ac674cb6c8a37737d31b93800789
                                                                                  • Instruction ID: 0c6e1875f8f3ef81892b5d76b6e070698299ac3d2bbe5cc9f83850ed3c6f3570
                                                                                  • Opcode Fuzzy Hash: 0e70c56e8fbb128783c732dc2fab555ab145ac674cb6c8a37737d31b93800789
                                                                                  • Instruction Fuzzy Hash: AE41982370C66728BA29216DBC51FBA57A8CB825B6F2040BFF520D55C0EF0ED48276B5
                                                                                  Function 6B39ACD0 Relevance: 50.9, APIs: 10, Strings: 19, Instructions: 193stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 6B39AA50: J2dTraceImpl.AWT(00000001,00000001,OGLContext_IsExtensionAvailable: extension string is null,00000000,?,6B39AD05,00000000,GL_ARB_fragment_shader), ref: 6B39AA68
                                                                                    • Part of subcall function 6B39AA50: strlen.MSVCR100 ref: 6B39AA79
                                                                                    • Part of subcall function 6B39AA50: strcspn.MSVCR100 ref: 6B39AA96
                                                                                    • Part of subcall function 6B39AA50: strlen.MSVCR100 ref: 6B39AA9F
                                                                                    • Part of subcall function 6B39AA50: strncmp.MSVCR100 ref: 6B39AAAE
                                                                                    • Part of subcall function 6B39AA50: J2dTraceImpl.AWT(00000003,00000001,OGLContext_IsExtensionAvailable: %s=%s,?,false,00000000,6B3BD391,?,?,?,?,WGLGraphicsConfig_getWGLConfigInfo), ref: 6B39AAD7
                                                                                  • getenv.MSVCR100 ref: 6B39AD53
                                                                                  • _JNU_GetStaticFieldByName@20.JAVA(?,00000000,sun/java2d/opengl/OGLSurfaceData,isBIOpShaderEnabled,6B409480,?,?,00000000), ref: 6B39ADAD
                                                                                  • J2dTraceImpl.AWT(00000003,00000001,OGLContext_IsBIOpShaderSupportAvailable: disabled via flag,?,00000000,sun/java2d/opengl/OGLSurfaceData,isBIOpShaderEnabled,6B409480,?,?,00000000), ref: 6B39ADC3
                                                                                  • J2dTraceImpl.AWT(00000003,00000001,OGLContext_IsBIOpShaderSupportAvailable: BufferedImageOp shader supported,?,00000000,sun/java2d/opengl/OGLSurfaceData,isBIOpShaderEnabled,6B409480,?,?,00000000), ref: 6B39ADD6
                                                                                    • Part of subcall function 6B3AEA57: _J2dTraceInit@0.AWT(?,6B354EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B3AEA63
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEABA
                                                                                    • Part of subcall function 6B3AEA57: vfprintf.MSVCR100 ref: 6B3AEACB
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEAE5
                                                                                    • Part of subcall function 6B3AEA57: fflush.MSVCR100 ref: 6B3AEAEF
                                                                                  • _JNU_GetStaticFieldByName@20.JAVA(?,00000000,sun/java2d/opengl/OGLSurfaceData,isGradShaderEnabled,6B409480,sun/java2d/opengl/OGLSurfaceData,isBIOpShaderEnabled,6B409480,?,?,00000000), ref: 6B39ADF6
                                                                                  • J2dTraceImpl.AWT(00000003,00000001,OGLContext_IsGradShaderSupportAvailable: disabled via flag,?,00000000,sun/java2d/opengl/OGLSurfaceData,isGradShaderEnabled,6B409480,sun/java2d/opengl/OGLSurfaceData,isBIOpShaderEnabled,6B409480,?,?,00000000), ref: 6B39AE0C
                                                                                  • J2dTraceImpl.AWT(00000003,00000001,OGLContext_IsGradShaderSupportAvailable: Linear/RadialGradientPaint shader supported,?,00000000,sun/java2d/opengl/OGLSurfaceData,isGradShaderEnabled,6B409480,sun/java2d/opengl/OGLSurfaceData,isBIOpShaderEnabled,6B409480,?,?,00000000), ref: 6B39AE1F
                                                                                  • strncmp.MSVCR100 ref: 6B39AEB9
                                                                                  • strncmp.MSVCR100 ref: 6B39AEDE
                                                                                  • strncmp.MSVCR100 ref: 6B39AF0A
                                                                                  Strings
                                                                                  • GL_NV_fragment_program2, xrefs: 6B39AE40
                                                                                  • NVIDIA, xrefs: 6B39AED8
                                                                                  • OGLContext_IsBIOpShaderSupportAvailable: BufferedImageOp shader supported, xrefs: 6B39ADCD
                                                                                  • OGLContext_IsGradShaderSupportAvailable: disabled via flag, xrefs: 6B39AE03
                                                                                  • GL_ARB_multitexture, xrefs: 6B39AD0E
                                                                                  • GL_ARB_fragment_program, xrefs: 6B39AE54
                                                                                  • Intel, xrefs: 6B39AF04
                                                                                  • OGLContext_IsGradShaderSupportAvailable: Linear/RadialGradientPaint shader supported, xrefs: 6B39AE16
                                                                                  • ATI, xrefs: 6B39AEB3
                                                                                  • sun/java2d/opengl/OGLSurfaceData, xrefs: 6B39ADA5, 6B39ADEE
                                                                                  • GL_ARB_texture_non_power_of_two, xrefs: 6B39AD27
                                                                                  • OGLContext_IsBIOpShaderSupportAvailable: disabled via flag, xrefs: 6B39ADBA
                                                                                  • GL_NV_texture_barrier, xrefs: 6B39AE8B
                                                                                  • isBIOpShaderEnabled, xrefs: 6B39ADA0
                                                                                  • GL_ARB_fragment_shader, xrefs: 6B39ACFA
                                                                                  • GL_ARB_texture_rectangle, xrefs: 6B39AD3C
                                                                                  • GL_NV_fragment_program, xrefs: 6B39AE2D
                                                                                  • J2D_OGL_TEXRECT, xrefs: 6B39AD4E
                                                                                  • isGradShaderEnabled, xrefs: 6B39ADE9
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Trace$Impl$strncmp$FieldName@20Staticfprintfstrlen$Init@0fflushgetenvstrcspnvfprintf
                                                                                  • String ID: ATI$GL_ARB_fragment_program$GL_ARB_fragment_shader$GL_ARB_multitexture$GL_ARB_texture_non_power_of_two$GL_ARB_texture_rectangle$GL_NV_fragment_program$GL_NV_fragment_program2$GL_NV_texture_barrier$Intel$J2D_OGL_TEXRECT$NVIDIA$OGLContext_IsBIOpShaderSupportAvailable: BufferedImageOp shader supported$OGLContext_IsBIOpShaderSupportAvailable: disabled via flag$OGLContext_IsGradShaderSupportAvailable: Linear/RadialGradientPaint shader supported$OGLContext_IsGradShaderSupportAvailable: disabled via flag$isBIOpShaderEnabled$isGradShaderEnabled$sun/java2d/opengl/OGLSurfaceData
                                                                                  • API String ID: 3318883300-1738552187
                                                                                  • Opcode ID: 45a5a69ffa8405be65b9c60ddcc40ebf8e8308601a2bc8e5bcce062b1aec2bc1
                                                                                  • Instruction ID: c4a4e71e92c6954f1a5116d7dd02940f7693cb86115a19d12b086a2641bf5f7a
                                                                                  • Opcode Fuzzy Hash: 45a5a69ffa8405be65b9c60ddcc40ebf8e8308601a2bc8e5bcce062b1aec2bc1
                                                                                  • Instruction Fuzzy Hash: CE510871F483016BEB00BB28BD42F6A77A4EF4174DF004164FD9576282F76F921986BA
                                                                                  Function 6B3D827D Relevance: 45.8, APIs: 12, Strings: 14, Instructions: 306COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog3_catchwcscmp
                                                                                  • String ID: Arial$Courier$Courier New$Dialog$DialogInput$Helvetica$MS Sans Serif$Monospaced$SansSerif$Serif$Times New Roman$TimesRoman$WingDings$ZapfDingbats
                                                                                  • API String ID: 1789132593-793057055
                                                                                  • Opcode ID: 9b85d765050ab0b7c3e721aeb061796cf4c0e2d35a5d0e07b496ad802a2ac917
                                                                                  • Instruction ID: 30c24796dd2c142aafee76426ff42429e14264a4235b7236a58d9e472c2807d2
                                                                                  • Opcode Fuzzy Hash: 9b85d765050ab0b7c3e721aeb061796cf4c0e2d35a5d0e07b496ad802a2ac917
                                                                                  • Instruction Fuzzy Hash: 5FB1D636A04206EFDF119FA4CC49EAE7BB9FF49314F200069F850B6290DB3A9911DF65
                                                                                  Function 6B368940 Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 155COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DPPLM::CheckDeviceCaps: adapter %d: Failed (cap %s not supported),?,D3DPBLENDCAPS_ZERO), ref: 6B368994
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DPPLM::CheckDeviceCaps: adapter %d: Failed (pixel shaders 2.0 required),?), ref: 6B368B21
                                                                                  • J2dTraceImpl.AWT(00000003,00000001,D3DPPLM::CheckDeviceCaps: adapter %d: Passed,?), ref: 6B368B38
                                                                                    • Part of subcall function 6B3AEA57: _J2dTraceInit@0.AWT(?,6B354EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B3AEA63
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEABA
                                                                                    • Part of subcall function 6B3AEA57: vfprintf.MSVCR100 ref: 6B3AEACB
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEAE5
                                                                                    • Part of subcall function 6B3AEA57: fflush.MSVCR100 ref: 6B3AEAEF
                                                                                  Strings
                                                                                  • D3DPCMPCAPS_LESS, xrefs: 6B368A4F
                                                                                  • D3DPBLENDCAPS_INVSRCALPHA, xrefs: 6B368A99
                                                                                  • D3DPCMPCAPS_ALWAYS, xrefs: 6B368A41
                                                                                  • D3DPMISCCAPS_MASKZ, xrefs: 6B368A2F
                                                                                  • D3DPPLM::CheckDeviceCaps: adapter %d: Failed (pixel shaders 2.0 required), xrefs: 6B368B18
                                                                                  • D3DPBLENDCAPS_ZERO, xrefs: 6B368A61
                                                                                  • D3DPPLM::CheckDeviceCaps: adapter %d: Passed, xrefs: 6B368B2F
                                                                                  • D3DDEVCAPS_DRAWPRIMTLVERTEX, xrefs: 6B368985
                                                                                  • , xrefs: 6B3689FA
                                                                                  • D3DPBLENDCAPS_INVDESTALPHA, xrefs: 6B368AA7
                                                                                  • D3DDEVCAPS_HWTRANSFORMANDLIGHT, xrefs: 6B3689CD
                                                                                  • D3DPBLENDCAPS_ONE, xrefs: 6B368A6F
                                                                                  • D3DPMISCCAPS_BLENDOP, xrefs: 6B368A21
                                                                                  • D3DDEVCAPS_HWRASTERIZATION, xrefs: 6B3689E2
                                                                                  • D3DPTADDRESSCAPS_CLAMP, xrefs: 6B368AD5
                                                                                  • D3DPBLENDCAPS_DESTALPHA, xrefs: 6B368A8B
                                                                                  • D3DCAPS3_ALPHA_FULLSCREEN_FLIP_OR_DISCARD, xrefs: 6B368A01
                                                                                  • D3DPTADDRESSCAPS_WRAP, xrefs: 6B368AE3
                                                                                  • D3DPBLENDCAPS_SRCALPHA, xrefs: 6B368A7D
                                                                                  • D3DTEXOPCAPS_MODULATE, xrefs: 6B368AF7
                                                                                  • D3DPMISCCAPS_CULLNONE, xrefs: 6B368A10
                                                                                  • D3DPRASTERCAPS_SCISSORTEST, xrefs: 6B3689F3
                                                                                  • D3DPPLM::CheckDeviceCaps: adapter %d: Failed (cap %s not supported), xrefs: 6B36898B
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Trace$Impl$fprintf$Init@0fflushvfprintf
                                                                                  • String ID: $D3DCAPS3_ALPHA_FULLSCREEN_FLIP_OR_DISCARD$D3DDEVCAPS_DRAWPRIMTLVERTEX$D3DDEVCAPS_HWRASTERIZATION$D3DDEVCAPS_HWTRANSFORMANDLIGHT$D3DPBLENDCAPS_DESTALPHA$D3DPBLENDCAPS_INVDESTALPHA$D3DPBLENDCAPS_INVSRCALPHA$D3DPBLENDCAPS_ONE$D3DPBLENDCAPS_SRCALPHA$D3DPBLENDCAPS_ZERO$D3DPCMPCAPS_ALWAYS$D3DPCMPCAPS_LESS$D3DPMISCCAPS_BLENDOP$D3DPMISCCAPS_CULLNONE$D3DPMISCCAPS_MASKZ$D3DPPLM::CheckDeviceCaps: adapter %d: Failed (cap %s not supported)$D3DPPLM::CheckDeviceCaps: adapter %d: Failed (pixel shaders 2.0 required)$D3DPPLM::CheckDeviceCaps: adapter %d: Passed$D3DPRASTERCAPS_SCISSORTEST$D3DPTADDRESSCAPS_CLAMP$D3DPTADDRESSCAPS_WRAP$D3DTEXOPCAPS_MODULATE
                                                                                  • API String ID: 1961874229-2265019216
                                                                                  • Opcode ID: ad21c6d71234212e6db8c8fd626c5d14650745efe460e1802eb25a23e1b9d773
                                                                                  • Instruction ID: be12167de53c8c2f0efe1bf34bcdfe5af119a10141bcb464f8b7b959ef1df5ae
                                                                                  • Opcode Fuzzy Hash: ad21c6d71234212e6db8c8fd626c5d14650745efe460e1802eb25a23e1b9d773
                                                                                  • Instruction Fuzzy Hash: AF415270F5D281A9D61085188A11FA667E46B5F7DCF085D4BEDC8B6189F21F84438573
                                                                                  Function 6B3ECBC2 Relevance: 40.7, APIs: 27, Instructions: 221memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GlobalAlloc.KERNEL32(00000040,6B3EDDC0,?,00000002,00000000,00000000,6B3EDDC0,00000000,?,?,00000000,?,?,?,?,6B3EDDC0), ref: 6B3ECBF6
                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6B3ECC19
                                                                                  • _control87.MSVCR100 ref: 6B3ECC42
                                                                                  • _control87.MSVCR100 ref: 6B3ECC5D
                                                                                  • _control87.MSVCR100 ref: 6B3ECC6B
                                                                                  • GlobalAlloc.KERNEL32(00000042,?,?,?,?), ref: 6B3ECC79
                                                                                  • GlobalLock.KERNEL32(00000000), ref: 6B3ECC87
                                                                                  • _control87.MSVCR100 ref: 6B3ECCA6
                                                                                  • _control87.MSVCR100 ref: 6B3ECCB4
                                                                                  • GlobalUnlock.KERNEL32(?), ref: 6B3ECCC1
                                                                                  • GlobalAlloc.KERNEL32(00000042,?,?,?,00000002,00000000,6B3EDDC0,?,?,?,?,6B3EDDC0,?,?,?), ref: 6B3ECCD7
                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6B3ECCE5
                                                                                  • GlobalLock.KERNEL32(00000000), ref: 6B3ECCEE
                                                                                  • GlobalFree.KERNEL32(?), ref: 6B3ECD01
                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6B3ECD04
                                                                                  • memcpy.MSVCR100(00000000,?,?,?,?,?,6B3EDDC0,?,?,?), ref: 6B3ECD21
                                                                                  • GlobalUnlock.KERNEL32(?), ref: 6B3ECD2C
                                                                                  • wcslen.MSVCR100 ref: 6B3ECD43
                                                                                  • wcslen.MSVCR100 ref: 6B3ECD4B
                                                                                  • wcslen.MSVCR100 ref: 6B3ECD56
                                                                                  • GlobalAlloc.KERNEL32(00000042,?,?,?,?,?,?,?,?,?,?,6B3EDDC0,?,?,?), ref: 6B3ECD70
                                                                                  • GlobalLock.KERNEL32(00000000), ref: 6B3ECD7A
                                                                                  • memcpy.MSVCR100(00000008,?,00000000,?,?,?,?,?,?,?,?,?,6B3EDDC0,?,?,?), ref: 6B3ECD94
                                                                                  • memcpy.MSVCR100(?,?,?,00000008,?,00000000,?,?,?,?,?,?,?,?,?,6B3EDDC0), ref: 6B3ECDB1
                                                                                  • memcpy.MSVCR100(?,?,?,?,?,?,00000008,?,00000000), ref: 6B3ECDD2
                                                                                  • GlobalUnlock.KERNEL32(?), ref: 6B3ECDE4
                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6B3ECDEB
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Global$Free_control87$Allocmemcpy$LockUnlockwcslen
                                                                                  • String ID:
                                                                                  • API String ID: 1392141960-0
                                                                                  • Opcode ID: d7bb7d125ffe520750cf456f494bef2e08bed376c71c4b21f2de6fea23f0acf2
                                                                                  • Instruction ID: 3ca872d794472612c289a523987bde1a0a6d768324bf05ef6a41359c84307cca
                                                                                  • Opcode Fuzzy Hash: d7bb7d125ffe520750cf456f494bef2e08bed376c71c4b21f2de6fea23f0acf2
                                                                                  • Instruction Fuzzy Hash: D1716DB1900219BFDF009FA4CD85EBEBFB8EF09314B10446AF954E2151EB3AD955DBA0
                                                                                  Function 6B3BCCA0 Relevance: 40.4, APIs: 9, Strings: 14, Instructions: 146COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • J2dTraceImpl.AWT ref: 6B3BCD1E
                                                                                    • Part of subcall function 6B3AEA57: _J2dTraceInit@0.AWT(?,6B354EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B3AEA63
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEABA
                                                                                    • Part of subcall function 6B3AEA57: vfprintf.MSVCR100 ref: 6B3AEACB
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEAE5
                                                                                    • Part of subcall function 6B3AEA57: fflush.MSVCR100 ref: 6B3AEAEF
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,WGLGC_GetPixelFormatForDC: error choosing pixel format), ref: 6B3BCD4A
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,WGLGC_GetPixelFormatForDC: no pixel formats found), ref: 6B3BCD66
                                                                                  Strings
                                                                                  • false (large depth), xrefs: 6B3BCE28
                                                                                  • + , xrefs: 6B3BCCD5
                                                                                  • WGLGC_GetPixelFormatForDC: error choosing pixel format, xrefs: 6B3BCD43
                                                                                  • " , xrefs: 6B3BCDBC
                                                                                  • " , xrefs: 6B3BCD01
                                                                                  • candidate pixel formats:, xrefs: 6B3BCD75
                                                                                  • WGLGC_GetPixelFormatForDC: no pixel formats found, xrefs: 6B3BCD5F
                                                                                  • - , xrefs: 6B3BCCE9
                                                                                  • true, xrefs: 6B3BCE12
                                                                                  • [V] pixfmt=%d db=%d alpha=%d depth=%d stencil=%d valid=, xrefs: 6B3BCDFB
                                                                                  • WGLGC_GetPixelFormatForDC: chose %d as the best pixel format, xrefs: 6B3BCE6D
                                                                                  • # , xrefs: 6B3BCDC4
                                                                                  • WGLGC_GetPixelFormatForDC, xrefs: 6B3BCCBD
                                                                                  • WGLGC_GetPixelFormatForDC: could not find appropriate pixfmt, xrefs: 6B3BCE59
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Trace$Impl$fprintf$Init@0fflushvfprintf
                                                                                  • String ID: candidate pixel formats:$" $" $# $+ $- $WGLGC_GetPixelFormatForDC$WGLGC_GetPixelFormatForDC: chose %d as the best pixel format$WGLGC_GetPixelFormatForDC: could not find appropriate pixfmt$WGLGC_GetPixelFormatForDC: error choosing pixel format$WGLGC_GetPixelFormatForDC: no pixel formats found$[V] pixfmt=%d db=%d alpha=%d depth=%d stencil=%d valid=$false (large depth)$true
                                                                                  • API String ID: 1961874229-499134102
                                                                                  • Opcode ID: 84008c84fd8650c0c75d51e6bb6325425556d7ee645e66e8b42547eb604efce2
                                                                                  • Instruction ID: 7cb6c7e387c81cec72cc90115302048ad727db38fd5dfe180c14154c85397aeb
                                                                                  • Opcode Fuzzy Hash: 84008c84fd8650c0c75d51e6bb6325425556d7ee645e66e8b42547eb604efce2
                                                                                  • Instruction Fuzzy Hash: 315162B1A58350ABE3209F65C889F5BBBE8FF95708F10091DF69466240D7B99508CBA3
                                                                                  Function 6B368850 Relevance: 40.3, APIs: 12, Strings: 11, Instructions: 84stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • getenv.MSVCR100 ref: 6B368857
                                                                                  • J2dTraceImpl.AWT(00000002,00000000,[W] D3DPPLM::SelectDeviceType: ), ref: 6B368879
                                                                                    • Part of subcall function 6B3AEA57: _J2dTraceInit@0.AWT(?,6B354EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B3AEA63
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEABA
                                                                                    • Part of subcall function 6B3AEA57: vfprintf.MSVCR100 ref: 6B3AEACB
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEAE5
                                                                                    • Part of subcall function 6B3AEA57: fflush.MSVCR100 ref: 6B3AEAEF
                                                                                  • strncmp.MSVCR100 ref: 6B36888C
                                                                                  • strncmp.MSVCR100 ref: 6B36889D
                                                                                  • strncmp.MSVCR100 ref: 6B3688AE
                                                                                  • strncmp.MSVCR100 ref: 6B3688BF
                                                                                  • strncmp.MSVCR100 ref: 6B3688D0
                                                                                  • J2dTraceImpl.AWT(00000002,00000000,nullref rasterizer selected), ref: 6B3688E1
                                                                                  • J2dTraceImpl.AWT(00000002,00000000,unknown rasterizer: %s, only (ref|hal|nul) supported, hal selected instead,00000000), ref: 6B3688F7
                                                                                  • J2dTraceImpl.AWT(00000002,00000000,hal rasterizer selected), ref: 6B36890A
                                                                                  • J2dTraceImpl.AWT(00000002,00000000,ref rasterizer selected), ref: 6B36891A
                                                                                  • J2dTraceImpl.AWT(00000002,00000000,6B418D84), ref: 6B368930
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Trace$Impl$strncmp$fprintf$Init@0fflushgetenvvfprintf
                                                                                  • String ID: J2D_D3D_RASTERIZER$[W] D3DPPLM::SelectDeviceType: $hal$hal rasterizer selected$nul$nullref rasterizer selected$ref$ref rasterizer selected$rgb$tnl$unknown rasterizer: %s, only (ref|hal|nul) supported, hal selected instead
                                                                                  • API String ID: 3195847988-1892569255
                                                                                  • Opcode ID: ec34436d68aeeb5d19fa42ffb5247bed971f7a0482e5f64a9dcfc3299972561e
                                                                                  • Instruction ID: 01b58eba389edcfd06b0c968096391e4b60bcad14a9c4dc07c72abb19dea442c
                                                                                  • Opcode Fuzzy Hash: ec34436d68aeeb5d19fa42ffb5247bed971f7a0482e5f64a9dcfc3299972561e
                                                                                  • Instruction Fuzzy Hash: 5C11A370BA83A072F61025255D57FBA27AC8F47B8CF150025FE58B82C7F68F920580B7
                                                                                  Function 6B3EC798 Relevance: 39.4, APIs: 26, Instructions: 389COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Globalfabsfree$_control87$LockUnlock$_wcsdup$ExceptionThrow
                                                                                  • String ID:
                                                                                  • API String ID: 2712839795-0
                                                                                  • Opcode ID: 242373225fb357c8daa7815f8f44bff0055152cd1f6fd719dd91e839cc682432
                                                                                  • Instruction ID: 84d717e78d2c1003ae3b9aa322f978074edf8ca924d5219d0e85b1f1ecaa965c
                                                                                  • Opcode Fuzzy Hash: 242373225fb357c8daa7815f8f44bff0055152cd1f6fd719dd91e839cc682432
                                                                                  • Instruction Fuzzy Hash: D0E1A031D0021EEADF00AFA4D9446EEBFB4FF45350F61419BE9A076190DF3A9961DBA0
                                                                                  Function 6B3FA99C Relevance: 35.1, APIs: 9, Strings: 11, Instructions: 142registryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetSystemDefaultLangID.KERNEL32 ref: 6B3FA9CC
                                                                                  • RegOpenKeyExW.ADVAPI32(80000001,EUDC\936,00000000,00020019,?), ref: 6B3FAA5B
                                                                                  • RegQueryValueExW.ADVAPI32(?,SystemDefaultEUDCFont,00000000,?,?,?), ref: 6B3FAA83
                                                                                  • RegCloseKey.ADVAPI32(?), ref: 6B3FAA8E
                                                                                  • wcsstr.MSVCR100 ref: 6B3FAAB8
                                                                                  • _wgetenv.MSVCR100 ref: 6B3FAAC9
                                                                                  • wcscmp.MSVCR100 ref: 6B3FAB21
                                                                                  • GetWindowsDirectoryW.KERNEL32(?,00000105), ref: 6B3FAB36
                                                                                  • wcslen.MSVCR100 ref: 6B3FAB64
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: CloseDefaultDirectoryLangOpenQuerySystemValueWindows_wgetenvwcscmpwcslenwcsstr
                                                                                  • String ID: %SystemRoot%$%s%s$%s\FONTS\EUDC.TTE$EUDC.TTE$EUDC\1252$EUDC\932$EUDC\936$EUDC\949$EUDC\950$SystemDefaultEUDCFont$SystemRoot
                                                                                  • API String ID: 3696901863-1206960182
                                                                                  • Opcode ID: 8ad2aa69c9b84e484fad77b862c98d51bf91488c87f9d30a0a8e3c9ed11f333b
                                                                                  • Instruction ID: 645d162df4b30196f42b0363010d52256b033bc81b429013bdb92fa22d6b2f14
                                                                                  • Opcode Fuzzy Hash: 8ad2aa69c9b84e484fad77b862c98d51bf91488c87f9d30a0a8e3c9ed11f333b
                                                                                  • Instruction Fuzzy Hash: 2F41C675B001049FEF34EB68DD44EDA33BCEF45314F50402DEA96D7185EB7A964A8B21
                                                                                  Function 6B3CE212 Relevance: 31.6, APIs: 1, Strings: 17, Instructions: 101COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetVersion.KERNEL32(00000000), ref: 6B3CE22A
                                                                                    • Part of subcall function 6B3CDC8F: _JNU_GetEnv@8.JAVA(00010002,?,00000000,?,6B3CE267,win.frame.captionFont,?), ref: 6B3CDCA7
                                                                                    • Part of subcall function 6B3CDC8F: wcslen.MSVCR100 ref: 6B3CDCBC
                                                                                    • Part of subcall function 6B3CDC8F: _CxxThrowException.MSVCR100(?,6B429388), ref: 6B3CDCEC
                                                                                    • Part of subcall function 6B3CDC8F: _JNU_GetEnv@8.JAVA(00010002), ref: 6B3CDD1D
                                                                                    • Part of subcall function 6B3CDC8F: wcslen.MSVCR100 ref: 6B3CDD27
                                                                                    • Part of subcall function 6B3CDC8F: _JNU_GetEnv@8.JAVA(00010002), ref: 6B3CDD40
                                                                                    • Part of subcall function 6B3CDC8F: _JNU_GetEnv@8.JAVA(00010002), ref: 6B3CDD79
                                                                                    • Part of subcall function 6B3CDC8F: _JNU_GetEnv@8.JAVA(00010002), ref: 6B3CDD8C
                                                                                    • Part of subcall function 6B3CD8BC: _JNU_GetEnv@8.JAVA(00010002,?,00000000,?,?,6B3CEB84,win.properties.version,00000003,?,?,6B3CEC15), ref: 6B3CD8D0
                                                                                    • Part of subcall function 6B3CD8BC: wcslen.MSVCR100 ref: 6B3CD8DA
                                                                                    • Part of subcall function 6B3CD8BC: _CxxThrowException.MSVCR100(?,6B429388), ref: 6B3CD907
                                                                                    • Part of subcall function 6B3CD8BC: _JNU_GetEnv@8.JAVA(00010002,?,?,6B3CEB84,win.properties.version,00000003,?,?,6B3CEC15), ref: 6B3CD913
                                                                                    • Part of subcall function 6B3CD8BC: _JNU_GetEnv@8.JAVA(00010002), ref: 6B3CD934
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Env@8$wcslen$ExceptionThrow$Version
                                                                                  • String ID: win.frame.captionButtonHeight$win.frame.captionButtonWidth$win.frame.captionFont$win.frame.captionHeight$win.frame.sizingBorderWidth$win.frame.smallCaptionButtonHeight$win.frame.smallCaptionButtonWidth$win.frame.smallCaptionFont$win.frame.smallCaptionHeight$win.menu.buttonWidth$win.menu.font$win.menu.height$win.messagebox.font$win.scrollbar.height$win.scrollbar.width$win.status.font$win.tooltip.font
                                                                                  • API String ID: 2390684449-2548947993
                                                                                  • Opcode ID: 01e9a82cd57e39053a0ac4c1b1aaaa1e58f508bff6b62e6ba957c39e5b7575b3
                                                                                  • Instruction ID: 30858a626d4cdf30931268a9e52ba4b655377b8ca232c64e330e98dbcfcd9b6e
                                                                                  • Opcode Fuzzy Hash: 01e9a82cd57e39053a0ac4c1b1aaaa1e58f508bff6b62e6ba957c39e5b7575b3
                                                                                  • Instruction Fuzzy Hash: CE31A6317801687BEF256BB48C25EFE7FA6DF44708F400199F85962340DF785E84ABA6
                                                                                  Function 6ADD10B3 Relevance: 27.1, APIs: 9, Strings: 9, Instructions: 101stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371186328.000000006ADD1000.00000020.00000001.01000000.00000018.sdmp, Offset: 6ADD0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371148872.000000006ADD0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371227574.000000006ADD4000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371263832.000000006ADD7000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6add0000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: strcmp
                                                                                  • String ID: MD2$MD5$SHA$SHA-1$SHA-256$SHA-384$SHA-512$SHA1$SHA1+MD5
                                                                                  • API String ID: 1004003707-3948903587
                                                                                  • Opcode ID: ff9b1ae0cefe076e01b6f14387f4c939a006ccb5bba05d8f0c643e32a7795534
                                                                                  • Instruction ID: c2c831256b1f1d9f65526d2632a9d22e8744077bbf57f4748f66cdb3a0f8afad
                                                                                  • Opcode Fuzzy Hash: ff9b1ae0cefe076e01b6f14387f4c939a006ccb5bba05d8f0c643e32a7795534
                                                                                  • Instruction Fuzzy Hash: 5C21653A68C342BEB2783B55DC98D071ABCDB87768F13456EF980851B1EE01984EC735
                                                                                  Function 6B3F83EA Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 98stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: lstrcmplstrlenwcscpy_swcsncpy
                                                                                  • String ID: ERROR$INFO$NONE$WARNING$l:@k):@kb:@kX:@kN:@kD:@k
                                                                                  • API String ID: 3272366325-280749744
                                                                                  • Opcode ID: 926db839af851673d1cd96f12873c0129ca8b9f63f234fa511b54d38ca44b80f
                                                                                  • Instruction ID: b9a0e851fb22fc3b47e8996600970542b8828016448eb8c862434c535e0ebaa4
                                                                                  • Opcode Fuzzy Hash: 926db839af851673d1cd96f12873c0129ca8b9f63f234fa511b54d38ca44b80f
                                                                                  • Instruction Fuzzy Hash: 5331CD70A95301EBD324AB36CC49F9BB3ECEF41710F00581DE54AE7181DB7AA1458B36
                                                                                  Function 6B3CE10C Relevance: 26.3, APIs: 6, Strings: 9, Instructions: 85COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: free$ExceptionH_prolog3_catchThrow
                                                                                  • String ID: ColorName$DllName$SizeName$ThemeActive$f4@k\4@kR4@kH4@k$win.xpstyle.colorName$win.xpstyle.dllName$win.xpstyle.sizeName$win.xpstyle.themeActive
                                                                                  • API String ID: 2975937513-2570319662
                                                                                  • Opcode ID: e12bb87758a1f3162d5ed0a243b63e9d3cbcfbc3a50aca45844c106357de14a9
                                                                                  • Instruction ID: 9cf1a1d85e48826a495040088d42df541d27987ebbb7101ca5405423eb8589df
                                                                                  • Opcode Fuzzy Hash: e12bb87758a1f3162d5ed0a243b63e9d3cbcfbc3a50aca45844c106357de14a9
                                                                                  • Instruction Fuzzy Hash: 9D216032E541599F9B14AFF89C92C7F7BF6EA85298B20002EE254A7240CF395D41D7A3
                                                                                  Function 6B368CA0 Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 129COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • J2dTraceImpl.AWT(00000002,00000001,D3DPPLM::CreateDefaultFocusWindow: existing default focus window!), ref: 6B368CC0
                                                                                    • Part of subcall function 6B3AEA57: _J2dTraceInit@0.AWT(?,6B354EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B3AEA63
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEABA
                                                                                    • Part of subcall function 6B3AEA57: vfprintf.MSVCR100 ref: 6B3AEACB
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEAE5
                                                                                    • Part of subcall function 6B3AEA57: fflush.MSVCR100 ref: 6B3AEAEF
                                                                                  • memset.MSVCR100 ref: 6B368CE5
                                                                                  • GetModuleHandleW.KERNEL32(00000000), ref: 6B368CF5
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DPPLM::CreateDefaultFocusWindow: error registering window class), ref: 6B368D26
                                                                                  Strings
                                                                                  • (, xrefs: 6B368D55
                                                                                  • D3DPPLM::CreateDefaultFocusWindow: error registering window class, xrefs: 6B368D1D
                                                                                  • D3DPPLM::CreateDefaultFocusWindow: error getting monitor info for adapter=%d, xrefs: 6B368DF1
                                                                                  • D3DFocusWindow, xrefs: 6B368D0A, 6B368D9D, 6B368DA2
                                                                                  • D3DPPLM::CreateDefaultFocusWindow: existing default focus window!, xrefs: 6B368CB7
                                                                                  • D3DPPLM::CreateDefaultFocusWindow: CreateWindow failed, xrefs: 6B368DB5
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Trace$Implfprintf$HandleInit@0Modulefflushmemsetvfprintf
                                                                                  • String ID: ($D3DFocusWindow$D3DPPLM::CreateDefaultFocusWindow: CreateWindow failed$D3DPPLM::CreateDefaultFocusWindow: error getting monitor info for adapter=%d$D3DPPLM::CreateDefaultFocusWindow: error registering window class$D3DPPLM::CreateDefaultFocusWindow: existing default focus window!
                                                                                  • API String ID: 4014809333-1279274881
                                                                                  • Opcode ID: 4d0a505de5204abe2f7d5f3de0c47a7d3e2e4dafe1ebd6ebeee5bee4b0dbc8cf
                                                                                  • Instruction ID: cb87bb1bd2d381cad4159b3d910a7a50975bd9f348fb6371a9253ca4705e0e70
                                                                                  • Opcode Fuzzy Hash: 4d0a505de5204abe2f7d5f3de0c47a7d3e2e4dafe1ebd6ebeee5bee4b0dbc8cf
                                                                                  • Instruction Fuzzy Hash: 0741B671B443407BE610AB68CC47F5AB3A5AF94748F40452DF6499A1C0EBE9D41487E3
                                                                                  Function 6B36A766 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 116pipeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ?UpdateState@D3DContext@@QAEJC@Z.AWT(00000000), ref: 6B36A787
                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,6B44BDA0), ref: 6B36A79F
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_FlushBuffer: failed to get context,?,6B44BDA0), ref: 6B36A7B3
                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(?,6B44BDA0), ref: 6B36A7DE
                                                                                    • Part of subcall function 6B364FB0: ?Render@D3DVertexCacher@@QAEJH@Z.AWT(00000000), ref: 6B364FC5
                                                                                  • ?SetRenderTarget@D3DContext@@QAEJPAUIDirect3DSurface9@@@Z.AWT(?,?,6B44BDA0), ref: 6B36A800
                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC6C
                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC73
                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6C3E5A58,00010002), ref: 6B36ACC2
                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B36ACD6
                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B36AD08
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Context@@$Manager@@Pipeline$Context@Context@@@Scene@$Cacher@@CallDirect3ImplInstance@MethodNameRenderRender@State@Surface9@@@Sync@Target@TraceUpdateVertex
                                                                                  • String ID: ()V$D3DRQ_FlushBuffer: failed to get context$run
                                                                                  • API String ID: 1862989597-2912635533
                                                                                  • Opcode ID: 622bb7149356bef36d7cea49c4eaf3e039969a2b377d3650f58c1181342a478b
                                                                                  • Instruction ID: 04ef1693352dc584e005955f26571d1776862cdc5a537c4bcf6fd7d6011fdc98
                                                                                  • Opcode Fuzzy Hash: 622bb7149356bef36d7cea49c4eaf3e039969a2b377d3650f58c1181342a478b
                                                                                  • Instruction Fuzzy Hash: 6241AEB57042154FDB44EB79C9D1B2A73A5EFC9384F1000A8E949CB359FB7AE811DBA0
                                                                                  Function 6B3EE783 Relevance: 22.7, APIs: 15, Instructions: 203COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3EE78A
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                    • Part of subcall function 6B3EC6AB: _JNU_GetFieldByName@20.JAVA(?,?,?,6B3EDF31,6B40946C,?,?,?,6B3EDF31,?,?,?,00000048), ref: 6B3EC6C1
                                                                                  • _control87.MSVCR100 ref: 6B3EE7F8
                                                                                    • Part of subcall function 6B3EC798: fabs.MSVCR100 ref: 6B3EC805
                                                                                    • Part of subcall function 6B3EC798: fabs.MSVCR100 ref: 6B3EC824
                                                                                    • Part of subcall function 6B3EC798: GlobalLock.KERNEL32(?), ref: 6B3EC85C
                                                                                    • Part of subcall function 6B3EC798: GlobalUnlock.KERNEL32(?), ref: 6B3EC876
                                                                                  • GlobalLock.KERNEL32(?), ref: 6B3EE888
                                                                                  • GlobalLock.KERNEL32(?), ref: 6B3EE8DA
                                                                                  • _wcsdup.MSVCR100 ref: 6B3EE8E8
                                                                                  • _control87.MSVCR100 ref: 6B3EE91D
                                                                                  • _control87.MSVCR100 ref: 6B3EE92B
                                                                                  • free.MSVCR100 ref: 6B3EE93A
                                                                                  • GlobalUnlock.KERNEL32(?), ref: 6B3EE94C
                                                                                  • _control87.MSVCR100 ref: 6B3EE95E
                                                                                  • _control87.MSVCR100 ref: 6B3EE96C
                                                                                  • GlobalUnlock.KERNEL32(?), ref: 6B3EE978
                                                                                  • GlobalUnlock.KERNEL32(?), ref: 6B3EE989
                                                                                  • _control87.MSVCR100 ref: 6B3EE9A2
                                                                                  • _control87.MSVCR100 ref: 6B3EE9B0
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Global_control87$Unlock$Lock$fabs$CreateCurrentEnv@8EventExceptionFieldH_prolog3_catchName@20ObjectSingleThreadThrowWait_wcsdupfree
                                                                                  • String ID:
                                                                                  • API String ID: 1525313426-0
                                                                                  • Opcode ID: f3b20af8ea1fca5d9a9b8d50f1912b84be310d0fcd64b7486f25524ad2588b19
                                                                                  • Instruction ID: dca18825c49f3f704c488c6777181b74613cde04693327949bbd59dc6e93667f
                                                                                  • Opcode Fuzzy Hash: f3b20af8ea1fca5d9a9b8d50f1912b84be310d0fcd64b7486f25524ad2588b19
                                                                                  • Instruction Fuzzy Hash: 1E619272904229AFDF50AFB4DC45CEE7BB8EF09314B20446FF550A60A0DF3A9955DBA0
                                                                                  Function 6B354D30 Relevance: 21.4, APIs: 6, Strings: 6, Instructions: 421COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,BufferedMaskBlit_enqueueTile: srcOps is null), ref: 6B354D9E
                                                                                    • Part of subcall function 6B3AEA57: _J2dTraceInit@0.AWT(?,6B354EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B3AEA63
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEABA
                                                                                    • Part of subcall function 6B3AEA57: vfprintf.MSVCR100 ref: 6B3AEACB
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEAE5
                                                                                    • Part of subcall function 6B3AEA57: fflush.MSVCR100 ref: 6B3AEAEF
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,BufferedMaskBlit_enqueueTile: cannot get direct buffer address), ref: 6B354DBA
                                                                                  Strings
                                                                                  • BufferedMaskBlit_enqueueTile: cannot get direct buffer address, xrefs: 6B354DB1
                                                                                  • BufferedMaskBlit_enqueueTile: could not acquire lock, xrefs: 6B354E50
                                                                                  • BufferedMaskBlit_enqueueTile: mask array too large, xrefs: 6B354DF4
                                                                                  • BufferedMaskBlit_enqueueTile: cannot lock mask array, xrefs: 6B354ED6
                                                                                  • BufferedMaskBlit_enqueueTile: mask array is null, xrefs: 6B354DCF
                                                                                  • BufferedMaskBlit_enqueueTile: srcOps is null, xrefs: 6B354D95
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Trace$Implfprintf$Init@0fflushvfprintf
                                                                                  • String ID: BufferedMaskBlit_enqueueTile: cannot get direct buffer address$BufferedMaskBlit_enqueueTile: cannot lock mask array$BufferedMaskBlit_enqueueTile: could not acquire lock$BufferedMaskBlit_enqueueTile: mask array is null$BufferedMaskBlit_enqueueTile: mask array too large$BufferedMaskBlit_enqueueTile: srcOps is null
                                                                                  • API String ID: 1389929741-1464262851
                                                                                  • Opcode ID: 5c92f2b09d99c2e5a375c6a9a2b8bce863d2644cc001d9a3eeef009e4de53582
                                                                                  • Instruction ID: 480f7cb7df2e4bee735c9c0813657165baa0713e333211941ef6a1ba7d40f606
                                                                                  • Opcode Fuzzy Hash: 5c92f2b09d99c2e5a375c6a9a2b8bce863d2644cc001d9a3eeef009e4de53582
                                                                                  • Instruction Fuzzy Hash: 63F19E716083968FD324CF59C880B6AB7E0FFC5304F05493CE99887242D779EA65CBA2
                                                                                  Function 6B3742A0 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 291COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _GrPrim_Sg2dGetPixel@8.AWT ref: 6B374303
                                                                                  • _JNU_ThrowArrayIndexOutOfBoundsException@8.JAVA(?,polygon length array size), ref: 6B374376
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,coordinate array), ref: 6B3745ED
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Exception@8Throw$ArrayBoundsIndexNullPixel@8PointerPrim_Sg2d
                                                                                  • String ID: coordinate array$coordinate array length$polygon length array$polygon length array size
                                                                                  • API String ID: 3307046617-438434412
                                                                                  • Opcode ID: e365ec0f3b9f64dd8ec6c246069490fe1c2e7706dcbba5e8f767265e691fbc56
                                                                                  • Instruction ID: f52f8f42cb2448e719bc309a44a66dae957eabf59084ac0988170382ead37c0f
                                                                                  • Opcode Fuzzy Hash: e365ec0f3b9f64dd8ec6c246069490fe1c2e7706dcbba5e8f767265e691fbc56
                                                                                  • Instruction Fuzzy Hash: BBA11E71208741AFD364EF58C880F6BB3E9AFC9714F10892DF59987240DB39E905CBA6
                                                                                  Function 6B3EA28A Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 276COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Global$wcslen$LockUnlock$wcscmp
                                                                                  • String ID: $ $FILE:$f4@k\4@kR4@kH4@k
                                                                                  • API String ID: 4049719868-1354521056
                                                                                  • Opcode ID: 1da1379a0d8358758ad7b112b57e64ba0d62ed3605ca1a5b26a40d10ddb04b63
                                                                                  • Instruction ID: 4300704c97884ea09e0b6ad4c214a12889a0f0eaf30ee578d9e4497bf9d49380
                                                                                  • Opcode Fuzzy Hash: 1da1379a0d8358758ad7b112b57e64ba0d62ed3605ca1a5b26a40d10ddb04b63
                                                                                  • Instruction Fuzzy Hash: 00A1D471A00626FBDF119F68CC49AAEBBB8FF05300F10845BF951A6151E73AE661DB70
                                                                                  Function 6B36A80A Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 106pipeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ?GetAdapterOrdinalForScreen@D3DPipelineManager@@QAEIJ@Z.AWT ref: 6B36A816
                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(00000000,6B44BDA0), ref: 6B36A83B
                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(00000000,6B44BDA0), ref: 6B36A862
                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC6C
                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC73
                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6C3E5A58,00010002), ref: 6B36ACC2
                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B36ACD6
                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B36AD08
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Manager@@Pipeline$Context@@$Context@Context@@@Scene@$AdapterCallInstance@MethodNameOrdinalScreen@Sync@
                                                                                  • String ID: ()V$D3DRQ_FlushBuffer: failed to get context$run
                                                                                  • API String ID: 1592665751-2912635533
                                                                                  • Opcode ID: 7a905831ebd8600ed96bae293f6d9220f73cc826ff2968216fea73a4cdc50a91
                                                                                  • Instruction ID: 0ad90a0a87a135342c277dba477323624d860f3c561b7c5add18d33550fa0ce8
                                                                                  • Opcode Fuzzy Hash: 7a905831ebd8600ed96bae293f6d9220f73cc826ff2968216fea73a4cdc50a91
                                                                                  • Instruction Fuzzy Hash: 9E319CB57042144FDB44EB79C9E1B2E33A6AFC9294F1000ACE949DB259FB7AEC11D760
                                                                                  Function 6B3E6A00 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 97windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetLastError.KERNEL32(00000000,00000000,00000000,?,?,6B3E63E6,00000000,?,00000000), ref: 6B3E6A12
                                                                                  • wcslen.MSVCR100 ref: 6B3E6A23
                                                                                  • _CxxThrowException.MSVCR100(00000000,6B429388), ref: 6B3E6A53
                                                                                  • JNU_NewObjectByName.JAVA(?,java/lang/OutOfMemoryError,(Ljava/lang/String;)V,00000000,00000000,6B429388,?,6B3E63E6,00000000,?,00000000), ref: 6B3E6A64
                                                                                  • FormatMessageW.KERNEL32(00001100,00000000,00000000,00000400,00000000,00000000,00000000,?,?,6B3E63E6,00000000,?,00000000), ref: 6B3E6A82
                                                                                  • wcslen.MSVCR100 ref: 6B3E6A8B
                                                                                  • JNU_NewObjectByName.JAVA(?,java/lang/InternalError,(Ljava/lang/String;)V,00000000,?,6B3E63E6,00000000,?,00000000), ref: 6B3E6AB4
                                                                                  • LocalFree.KERNEL32(00000000), ref: 6B3E6AC1
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: NameObjectwcslen$ErrorExceptionFormatFreeLastLocalMessageThrow
                                                                                  • String ID: (Ljava/lang/String;)V$java/lang/InternalError$java/lang/OutOfMemoryError$too many menu handles
                                                                                  • API String ID: 633141992-867821964
                                                                                  • Opcode ID: fbb4f20f20d63f29111cb39660377d4578567cd00c18677336802cf062149ded
                                                                                  • Instruction ID: efc07a5d0efae17facd278cbb23643c7f62557ccbd92be25ab0ae7984ab44e20
                                                                                  • Opcode Fuzzy Hash: fbb4f20f20d63f29111cb39660377d4578567cd00c18677336802cf062149ded
                                                                                  • Instruction Fuzzy Hash: 8C21C375600154BFDB12AFA4CC88CEF7BBDEF4A355B10446AFA4193201DB3A9D129B71
                                                                                  Function 6B3BE011 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 61stringmemoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch_GS.LIBCMT ref: 6B3BE01B
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  • GetVersionExW.KERNEL32 ref: 6B3BE042
                                                                                  • GetProfileStringW.KERNEL32(windows,device,,,,,?,000000FA), ref: 6B3BE070
                                                                                  • lstrlenW.KERNEL32(?), ref: 6B3BE083
                                                                                  • GlobalAlloc.KERNEL32(00000040,00000002), ref: 6B3BE0A6
                                                                                  • lstrcpynW.KERNEL32(00000000,?,00000001), ref: 6B3BE0B8
                                                                                  • wcslen.MSVCR100 ref: 6B3BE0BF
                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6B3BE0D4
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Global$AllocCreateCurrentEnv@8EventExceptionFreeH_prolog3_catch_ObjectProfileSingleStringThreadThrowVersionWaitlstrcpynlstrlenwcslen
                                                                                  • String ID: ,$,,,$device$windows
                                                                                  • API String ID: 2158518943-142822725
                                                                                  • Opcode ID: 603512be0415b51c1123729d76c2bdc2740b8d988944435ee40b67db959be485
                                                                                  • Instruction ID: 32f7b672dabd6622d24c0df32af82ec77cf971d71e557227c66033b1ffeeb5ca
                                                                                  • Opcode Fuzzy Hash: 603512be0415b51c1123729d76c2bdc2740b8d988944435ee40b67db959be485
                                                                                  • Instruction Fuzzy Hash: FA11A275A50224ABDF20AB698D48FAF77BCEB06704F4084E8F94596441DB39C9458B61
                                                                                  Function 6B3DC150 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 56timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: getenv$MlibStopTimerawt_set$Imagingawt_getsscanf
                                                                                  • String ID: IMLIB_DEBUG$IMLIB_NOMLIB$IMLIB_PRINT$IMLIB_START
                                                                                  • API String ID: 684862927-446633176
                                                                                  • Opcode ID: df016e956a6054448bdfaa651462777cf5828e00b1d302c9ef3a6cc1dcedc10a
                                                                                  • Instruction ID: 4e4343e980c32e37fa6e90c02ca50db81dc75dafd693c4a5294035484e8e0386
                                                                                  • Opcode Fuzzy Hash: df016e956a6054448bdfaa651462777cf5828e00b1d302c9ef3a6cc1dcedc10a
                                                                                  • Instruction Fuzzy Hash: BA0140B2AA026057FE04FBB45DC5E577A98FB09248F004167E851D6201EB3EC465EBB3
                                                                                  Function 6B3CCBBD Relevance: 20.0, APIs: 13, Instructions: 450COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch_GS.LIBCMT ref: 6B3CCBC4
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,00000001,0000002C), ref: 6B3CCCC0
                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,00000001,0000002C), ref: 6B3CCD40
                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,00000001,0000002C), ref: 6B3CCD8E
                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,00000001,0000002C), ref: 6B3CCDB5
                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,0000002C), ref: 6B3CCDF0
                                                                                  • free.MSVCR100 ref: 6B3CCE57
                                                                                  • _CxxThrowException.MSVCR100(?,6B429388), ref: 6B3CD08D
                                                                                  • free.MSVCR100 ref: 6B3CD0C8
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ErrorLast$ExceptionThrowfree$CreateCurrentEnv@8EventH_prolog3_catch_ObjectSingleThreadWait
                                                                                  • String ID:
                                                                                  • API String ID: 1826456516-0
                                                                                  • Opcode ID: 03f3739125b81e2f27806302889cf3b1e775b8d63416d4cb177c8e8ef26dab0d
                                                                                  • Instruction ID: 9a4f13ce1d0644d86e5c6edf3658614910261eefd3c29b923a06bcd3642fe78f
                                                                                  • Opcode Fuzzy Hash: 03f3739125b81e2f27806302889cf3b1e775b8d63416d4cb177c8e8ef26dab0d
                                                                                  • Instruction Fuzzy Hash: 4B023A71E40219EFDF119FE8C988AAEBFB8FF09711F10002AF905A7240D7799951DBA1
                                                                                  Function 6B3C0C23 Relevance: 19.5, APIs: 4, Strings: 7, Instructions: 241COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch_GS.LIBCMT ref: 6B3C0C2A
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  • _JNU_GetEnv@8.JAVA(00010002,00000074), ref: 6B3C0C54
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null target), ref: 6B3C0C93
                                                                                  • _CxxThrowException.MSVCR100(?,6B429388), ref: 6B3C0DCF
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Throw$Env@8Exception$CreateCurrentEventException@8H_prolog3_catch_NullObjectPointerSingleThreadWait
                                                                                  • String ID: Unable to set Pixel format on Canvas$java/awt/Canvas$java/lang/RuntimeException$null hParent$null parent$null target$sun/awt/Win32GraphicsConfig
                                                                                  • API String ID: 2175204537-2000726936
                                                                                  • Opcode ID: a7c729f1c5c1e97ab8f5ae307958049dd3ccc8ecfe17b2b1941aa24aeb72703b
                                                                                  • Instruction ID: 6cb0fc99e02ebc98eff8b45744bab89b20f2cc92df4ad790e03dd8e05de9f635
                                                                                  • Opcode Fuzzy Hash: a7c729f1c5c1e97ab8f5ae307958049dd3ccc8ecfe17b2b1941aa24aeb72703b
                                                                                  • Instruction Fuzzy Hash: 52913874A01654EFDB11DFE8C888E9EBBB9FF49304F104059F984AB211DB399942DF61
                                                                                  Function 6B3BE849 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 185COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: _control87$??3@Error@8H_prolog3_catchMemoryThrowwcslen
                                                                                  • String ID: OutOfMemoryError$java/lang/String
                                                                                  • API String ID: 2688024138-341214972
                                                                                  • Opcode ID: 9688b8e2319b0ab2eefd690b8420d406ade6ba3758e0f7d38ab7b0a771d1dd24
                                                                                  • Instruction ID: fe66bea55a0daf57d5cf1731d92fe3cfc7355dff5c5dcce16994ab07b221252b
                                                                                  • Opcode Fuzzy Hash: 9688b8e2319b0ab2eefd690b8420d406ade6ba3758e0f7d38ab7b0a771d1dd24
                                                                                  • Instruction Fuzzy Hash: 33610B71A00219EFDF019FA8CC88CEEBBB9FF49310F1404A9F954A6160DB3A9951DF65
                                                                                  Function 6B3EC21D Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 160COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • memset.MSVCR100 ref: 6B3EC24C
                                                                                  • labs.MSVCR100(00000001,?,00000000,0000002C,00000000,?), ref: 6B3EC282
                                                                                    • Part of subcall function 6B3EBD9B: floor.MSVCR100 ref: 6B3EBE16
                                                                                    • Part of subcall function 6B3EBD9B: floor.MSVCR100 ref: 6B3EBE33
                                                                                    • Part of subcall function 6B3EBD9B: floor.MSVCR100 ref: 6B3EBE55
                                                                                    • Part of subcall function 6B3EBD9B: floor.MSVCR100 ref: 6B3EBE6E
                                                                                    • Part of subcall function 6B3EBD9B: floor.MSVCR100 ref: 6B3EBE94
                                                                                    • Part of subcall function 6B3EBD9B: floor.MSVCR100 ref: 6B3EBEB6
                                                                                  • floor.MSVCR100 ref: 6B3EC2C4
                                                                                  • floor.MSVCR100 ref: 6B3EC2E4
                                                                                  • floor.MSVCR100 ref: 6B3EC30B
                                                                                  • floor.MSVCR100 ref: 6B3EC324
                                                                                  • floor.MSVCR100 ref: 6B3EC33A
                                                                                  • floor.MSVCR100 ref: 6B3EC356
                                                                                  • floor.MSVCR100 ref: 6B3EC372
                                                                                  • free.MSVCR100 ref: 6B3EC38D
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: floor$freelabsmemset
                                                                                  • String ID: (
                                                                                  • API String ID: 351452808-3887548279
                                                                                  • Opcode ID: 3408e311d13ab4598c3104005b77965a561b327845d8aa6a070eaeee583190a0
                                                                                  • Instruction ID: 5d4f681aa533804b8f4a71ecef27502f25f09d06ce721cc351585c8ed79421c5
                                                                                  • Opcode Fuzzy Hash: 3408e311d13ab4598c3104005b77965a561b327845d8aa6a070eaeee583190a0
                                                                                  • Instruction Fuzzy Hash: 785167B2D14618EFDB04AFA4E8499EEBFB8FF09710F10442EF544A2140DB3A9911DBA4
                                                                                  Function 6B400F00 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 136COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,null BufferedImage object,00000000,6B3E14DA,?,?,?,00000000), ref: 6B400F13
                                                                                  • calloc.MSVCR100 ref: 6B400F25
                                                                                  • _JNU_ThrowOutOfMemoryError@8.JAVA(?,Out of memory), ref: 6B400F3E
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Throw$Error@8Exception@8MemoryNullPointercalloc
                                                                                  • String ID: Out of memory$null BufferedImage object$null Raster object
                                                                                  • API String ID: 3879535940-3542467003
                                                                                  • Opcode ID: b1d103f12a485e399fbe928c69951c136988f81e766db53b8dc6042fa75d89b6
                                                                                  • Instruction ID: c139696fcd44aa31ba70e94488d904524bf325dcf3f3063cde3f0d307baa53ea
                                                                                  • Opcode Fuzzy Hash: b1d103f12a485e399fbe928c69951c136988f81e766db53b8dc6042fa75d89b6
                                                                                  • Instruction Fuzzy Hash: EB31D7B27052056BD210AF79EC81EBBB3ACEF86265F00017DF918C7340DB7AE81196E1
                                                                                  Function 6B39AAF0 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 102COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 6B39AA50: J2dTraceImpl.AWT(00000001,00000001,OGLContext_IsExtensionAvailable: extension string is null,00000000,?,6B39AD05,00000000,GL_ARB_fragment_shader), ref: 6B39AA68
                                                                                    • Part of subcall function 6B39AA50: strlen.MSVCR100 ref: 6B39AA79
                                                                                    • Part of subcall function 6B39AA50: strcspn.MSVCR100 ref: 6B39AA96
                                                                                    • Part of subcall function 6B39AA50: strlen.MSVCR100 ref: 6B39AA9F
                                                                                    • Part of subcall function 6B39AA50: strncmp.MSVCR100 ref: 6B39AAAE
                                                                                    • Part of subcall function 6B39AA50: J2dTraceImpl.AWT(00000003,00000001,OGLContext_IsExtensionAvailable: %s=%s,?,false,00000000,6B3BD391,?,?,?,?,WGLGraphicsConfig_getWGLConfigInfo), ref: 6B39AAD7
                                                                                  • _JNU_GetStaticFieldByName@20.JAVA(?,00000000,sun/java2d/opengl/OGLSurfaceData,isFBObjectEnabled,6B409480,?,?,?,?,?,?,6B39AD71,?,00000000), ref: 6B39AB2D
                                                                                  • J2dTraceImpl.AWT(00000003,00000001,OGLContext_IsFBObjectExtensionAvailable: disabled via flag,?,00000000,sun/java2d/opengl/OGLSurfaceData,isFBObjectEnabled,6B409480,?,?,?,?,?,?,6B39AD71,?), ref: 6B39AB43
                                                                                    • Part of subcall function 6B3AEA57: _J2dTraceInit@0.AWT(?,6B354EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B3AEA63
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEABA
                                                                                    • Part of subcall function 6B3AEA57: vfprintf.MSVCR100 ref: 6B3AEACB
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEAE5
                                                                                    • Part of subcall function 6B3AEA57: fflush.MSVCR100 ref: 6B3AEAEF
                                                                                  • J2dTraceImpl.AWT(00000003,00000001,OGLContext_IsFBObjectExtensionAvailable: fbobject unsupported,?,?,00000000,sun/java2d/opengl/OGLSurfaceData,isFBObjectEnabled,6B409480,?,?,?,?,?,?,6B39AD71), ref: 6B39ABE6
                                                                                  • J2dTraceImpl.AWT(00000003,00000001,OGLContext_IsFBObjectExtensionAvailable: fbobject supported,?,?,?,00000000,sun/java2d/opengl/OGLSurfaceData,isFBObjectEnabled,6B409480), ref: 6B39AC2F
                                                                                  Strings
                                                                                  • GL_ARB_depth_texture, xrefs: 6B39AB05
                                                                                  • OGLContext_IsFBObjectExtensionAvailable: fbobject supported, xrefs: 6B39AC26
                                                                                  • OGLContext_IsFBObjectExtensionAvailable: disabled via flag, xrefs: 6B39AB3A
                                                                                  • GL_EXT_framebuffer_object, xrefs: 6B39AAF3
                                                                                  • OGLContext_IsFBObjectExtensionAvailable: fbobject unsupported, xrefs: 6B39ABDD
                                                                                  • sun/java2d/opengl/OGLSurfaceData, xrefs: 6B39AB25
                                                                                  • isFBObjectEnabled, xrefs: 6B39AB20
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Trace$Impl$fprintfstrlen$FieldInit@0Name@20Staticfflushstrcspnstrncmpvfprintf
                                                                                  • String ID: GL_ARB_depth_texture$GL_EXT_framebuffer_object$OGLContext_IsFBObjectExtensionAvailable: disabled via flag$OGLContext_IsFBObjectExtensionAvailable: fbobject supported$OGLContext_IsFBObjectExtensionAvailable: fbobject unsupported$isFBObjectEnabled$sun/java2d/opengl/OGLSurfaceData
                                                                                  • API String ID: 554788551-3888500106
                                                                                  • Opcode ID: 8ec06f0f592da427467c547fef55b2c0d982bc05d45f7f9ffb7a70b1683b68c7
                                                                                  • Instruction ID: 31d2b181cdb6398e7d0091c0d2cad6308a764c2db54c69cb640ac694e9767b18
                                                                                  • Opcode Fuzzy Hash: 8ec06f0f592da427467c547fef55b2c0d982bc05d45f7f9ffb7a70b1683b68c7
                                                                                  • Instruction Fuzzy Hash: 8C310674B943007FFE04BBA0DD87FAA3364AB49F04F000058F7856D1C1E6EAA11987B6
                                                                                  Function 6B3AEB00 Relevance: 18.2, APIs: 12, Instructions: 169COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: fabs$Transform_transform@12
                                                                                  • String ID:
                                                                                  • API String ID: 3810233683-0
                                                                                  • Opcode ID: a7430c296d652e5076081a112a4f85dcb040938b6a3fda52d8d00bc07cd3dce0
                                                                                  • Instruction ID: f025d5b7d7caf4597db1fea3df0e2b5fdcde83ecf1d146c06b5dd0d963e3762d
                                                                                  • Opcode Fuzzy Hash: a7430c296d652e5076081a112a4f85dcb040938b6a3fda52d8d00bc07cd3dce0
                                                                                  • Instruction Fuzzy Hash: 0E51B171914744FBC740BF28D589A9ABBF4FF85384F9059ADF8C801250EF369168CB92
                                                                                  Function 6B400040 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 327COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,null ColorModel object,?,6B400FED,?,00000000,?,000001E0), ref: 6B400053
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(6B400FED,null nBits structure in CModel), ref: 6B4000FD
                                                                                  Strings
                                                                                  • Unable to find default CM, xrefs: 6B40028A
                                                                                  • null ColorModel object, xrefs: 6B40004D
                                                                                  • java/awt/image/ColorModel, xrefs: 6B400246
                                                                                  • null nBits structure in CModel, xrefs: 6B4000F7
                                                                                  • Out of memory, xrefs: 6B400153
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Exception@8NullPointerThrow
                                                                                  • String ID: Out of memory$Unable to find default CM$java/awt/image/ColorModel$null ColorModel object$null nBits structure in CModel
                                                                                  • API String ID: 473278687-1597489467
                                                                                  • Opcode ID: 556d1cfde177e81247b7576860b4176275258ab3a3238941222b6f7d305c01bf
                                                                                  • Instruction ID: bc23d6a6d6fd61ab715738542b8b3f0ad344216bc9012880fabda1b014491a58
                                                                                  • Opcode Fuzzy Hash: 556d1cfde177e81247b7576860b4176275258ab3a3238941222b6f7d305c01bf
                                                                                  • Instruction Fuzzy Hash: 5BB19E716005019FD756DF28D8C0EAA77F9EFCA310B2045ADE9588B349DB39E942CBA1
                                                                                  Function 6B3FEE2D Relevance: 17.8, APIs: 2, Strings: 8, Instructions: 274COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3FEE56
                                                                                  • _JNU_IsInstanceOfByName@12.JAVA(00000000,?,com/sun/java/swing/plaf/windows/WindowsPopupWindow,00000001), ref: 6B3FEEF0
                                                                                    • Part of subcall function 6B3CEC30: _JNU_GetEnv@8.JAVA(00010002,00000000,00000000,00000000,6B3FC50C,?,00010002), ref: 6B3CEC40
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Env@8$InstanceName@12
                                                                                  • String ID: COMBOBOX_POPUP_WINDOW_TYPE$MENU_WINDOW_TYPE$POPUPMENU_WINDOW_TYPE$SUBMENU_WINDOW_TYPE$TOOLTIP_WINDOW_TYPE$UNDEFINED_WINDOW_TYPE$com/sun/java/swing/plaf/windows/WindowsPopupWindow$windowType
                                                                                  • API String ID: 4055069336-3059720911
                                                                                  • Opcode ID: 1dee92c0be4abc49e952e837d65a10417c57dfd089964f85789704fdac9487ab
                                                                                  • Instruction ID: db9d6cce4a8f098cc320785f28f017f300ac1ec257aa97c7b111459737bfa64e
                                                                                  • Opcode Fuzzy Hash: 1dee92c0be4abc49e952e837d65a10417c57dfd089964f85789704fdac9487ab
                                                                                  • Instruction Fuzzy Hash: 15A13971611219AFEB10EFA4CC89FAEBBBCEF49704F100069F945E7240D7799842DB65
                                                                                  Function 6B3C6A92 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 194COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 6B3C3B9F: GetCurrentThreadId.KERNEL32 ref: 6B3C3B9F
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3C6AF9
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,null pData,?,00010002), ref: 6B3C6B75
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,00010002), ref: 6B3C6CC8
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ??3@CurrentEnv@8Exception@8NullPointerThreadThrow
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 1717875540-751156914
                                                                                  • Opcode ID: 9ea6231ea248f0fe262fb819bd1d64e39729f224201e1b240fd0d35b5c01c275
                                                                                  • Instruction ID: 70f9f6a53d57652ffb76cacce986683de573069da6c649e7e1257d50db178772
                                                                                  • Opcode Fuzzy Hash: 9ea6231ea248f0fe262fb819bd1d64e39729f224201e1b240fd0d35b5c01c275
                                                                                  • Instruction Fuzzy Hash: EA716571A003089FDF20DFF5C884AAEBBB9FF48314F10456AE419AB255EB36A845DF51
                                                                                  Function 6B3BE2DA Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 173COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3BE2E1
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  • _control87.MSVCR100 ref: 6B3BE314
                                                                                  • _control87.MSVCR100 ref: 6B3BE330
                                                                                  • _control87.MSVCR100 ref: 6B3BE33E
                                                                                  • GlobalFree.KERNEL32(?), ref: 6B3BE393
                                                                                  • _control87.MSVCR100 ref: 6B3BE3D6
                                                                                  • _control87.MSVCR100 ref: 6B3BE3E4
                                                                                  • GlobalFree.KERNEL32(?), ref: 6B3BE488
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: _control87$FreeGlobal$CreateCurrentEnv@8EventExceptionH_prolog3_catchObjectSingleThreadThrowWait
                                                                                  • String ID: WINSPOOL$f4@k\4@kR4@kH4@k
                                                                                  • API String ID: 158622547-2559286835
                                                                                  • Opcode ID: 0ebee919ae4316cb60ebe5de70d50fdcad2a632c6347213dad79fc9c5cd862a4
                                                                                  • Instruction ID: 3264e213d50c96df3b432474b3db60b3b9f28e12ba9e217b69c3abbd9745780c
                                                                                  • Opcode Fuzzy Hash: 0ebee919ae4316cb60ebe5de70d50fdcad2a632c6347213dad79fc9c5cd862a4
                                                                                  • Instruction Fuzzy Hash: 46512771E0421AEFDF009FA4CD899AE7FB5FF08350F1444A9FA14A6160D73A8961DFA1
                                                                                  Function 6B3E2E88 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 170stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3E2E8F
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  • free.MSVCR100 ref: 6B3E2F13
                                                                                  • getJavaIDFromLangID.JAVA(?), ref: 6B3E2F34
                                                                                  • strcmp.MSVCR100 ref: 6B3E2F4E
                                                                                  • free.MSVCR100 ref: 6B3E2F5A
                                                                                  • free.MSVCR100 ref: 6B3E2FEF
                                                                                  • free.MSVCR100 ref: 6B3E3011
                                                                                  • free.MSVCR100 ref: 6B3E3016
                                                                                  • _CxxThrowException.MSVCR100(?,6B429388), ref: 6B3E3037
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: free$ExceptionThrow$CreateCurrentEnv@8EventFromH_prolog3_catchJavaLangObjectSingleThreadWaitstrcmp
                                                                                  • String ID: java/util/Locale
                                                                                  • API String ID: 2790792904-3098095476
                                                                                  • Opcode ID: 3397cae9a26b900211fb415e3a1777489a4e8964f0fc62062929dc288f082199
                                                                                  • Instruction ID: 78c9df5760a047513eba50ff3ce1ff5538f941a929804fa925ac015ffc7167cc
                                                                                  • Opcode Fuzzy Hash: 3397cae9a26b900211fb415e3a1777489a4e8964f0fc62062929dc288f082199
                                                                                  • Instruction Fuzzy Hash: 09517E71A0462A9FCF129FA4CC84DEEBBB8FF49310B11005BE451BB150DB3A9943DBA0
                                                                                  Function 6B39C890 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 132stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • strncmp.MSVCR100 ref: 6B39C907
                                                                                  • sprintf.MSVCR100 ref: 6B39C953
                                                                                  • sprintf.MSVCR100 ref: 6B39C984
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,OGLPaints_CreateMultiGradProgram: error creating program), ref: 6B39C9A5
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: sprintf$ImplTracestrncmp
                                                                                  • String ID: ATI$OGLPaints_CreateMultiGradProgram: error creating program$colors$dist = gl_TexCoord[0].s;$mask$result *= texture2D(mask, gl_TexCoord[0].st);
                                                                                  • API String ID: 3811402655-2533435260
                                                                                  • Opcode ID: 1a800788ff8fea63a647aad965efa87620631b63b9c92a92fe3d242c7f318a0a
                                                                                  • Instruction ID: e024325df56f713d1af90a4f891b9987520aea6cfe673a92a73705a40442c08a
                                                                                  • Opcode Fuzzy Hash: 1a800788ff8fea63a647aad965efa87620631b63b9c92a92fe3d242c7f318a0a
                                                                                  • Instruction Fuzzy Hash: 2141B471B48300ABD714FF68EC45FAB77A8EB89344F80441DF644D7246DB39D5508BA2
                                                                                  Function 6B368710 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 100COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DPPLM::CheckForBadHardware: found matching hardware: VendorId=0x%04x DeviceId=0x%04x,?,?), ref: 6B3687A1
                                                                                  • J2dTraceImpl.AWT(00000001,00000001, bad driver found, device disabled), ref: 6B3687BB
                                                                                  • J2dTraceImpl.AWT(00000001,00000001, update your driver to at least version %d.%d.%d.%d,FFFFFFFF,00000000,FFFFFFFF,?,00000001,00000001, bad driver found, device disabled), ref: 6B3687D9
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DPPLM::CheckForBadHardware: bad hardware found, device disabled), ref: 6B3687EC
                                                                                    • Part of subcall function 6B3AEA57: _J2dTraceInit@0.AWT(?,6B354EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B3AEA63
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEABA
                                                                                    • Part of subcall function 6B3AEA57: vfprintf.MSVCR100 ref: 6B3AEACB
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEAE5
                                                                                    • Part of subcall function 6B3AEA57: fflush.MSVCR100 ref: 6B3AEAEF
                                                                                  • J2dTraceImpl.AWT(00000002,00000001, Warning: hw/driver match overridden (via J2D_D3D_NO_HWCHECK)), ref: 6B368806
                                                                                  Strings
                                                                                  • Warning: hw/driver match overridden (via J2D_D3D_NO_HWCHECK), xrefs: 6B3687FD
                                                                                  • bad driver found, device disabled, xrefs: 6B3687B2
                                                                                  • update your driver to at least version %d.%d.%d.%d, xrefs: 6B3687D0
                                                                                  • D3DPPLM::CheckForBadHardware: bad hardware found, device disabled, xrefs: 6B3687E3
                                                                                  • D3DPPLM::CheckForBadHardware: found matching hardware: VendorId=0x%04x DeviceId=0x%04x, xrefs: 6B368798
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Trace$Impl$fprintf$Init@0fflushvfprintf
                                                                                  • String ID: Warning: hw/driver match overridden (via J2D_D3D_NO_HWCHECK)$ bad driver found, device disabled$ update your driver to at least version %d.%d.%d.%d$D3DPPLM::CheckForBadHardware: bad hardware found, device disabled$D3DPPLM::CheckForBadHardware: found matching hardware: VendorId=0x%04x DeviceId=0x%04x
                                                                                  • API String ID: 1961874229-1460756124
                                                                                  • Opcode ID: fe56f2c885f38000242a737f0fab10efe2acbe4aa1dda0b5e540214ee6fcb807
                                                                                  • Instruction ID: bf9f6fc76afc57c903c2411938442d7dcffdba9d40bed3924e5fce6c44cab2f6
                                                                                  • Opcode Fuzzy Hash: fe56f2c885f38000242a737f0fab10efe2acbe4aa1dda0b5e540214ee6fcb807
                                                                                  • Instruction Fuzzy Hash: 94215C31B243109BDB1096258C81F6733E8EF45BA8F110667F164A61D2F76FD05182B2
                                                                                  Function 6B39AA50 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 64stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,OGLContext_IsExtensionAvailable: extension string is null,00000000,?,6B39AD05,00000000,GL_ARB_fragment_shader), ref: 6B39AA68
                                                                                    • Part of subcall function 6B3AEA57: _J2dTraceInit@0.AWT(?,6B354EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B3AEA63
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEABA
                                                                                    • Part of subcall function 6B3AEA57: vfprintf.MSVCR100 ref: 6B3AEACB
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEAE5
                                                                                    • Part of subcall function 6B3AEA57: fflush.MSVCR100 ref: 6B3AEAEF
                                                                                  • strlen.MSVCR100 ref: 6B39AA79
                                                                                  • strcspn.MSVCR100 ref: 6B39AA96
                                                                                  • strlen.MSVCR100 ref: 6B39AA9F
                                                                                  • strncmp.MSVCR100 ref: 6B39AAAE
                                                                                  • J2dTraceImpl.AWT(00000003,00000001,OGLContext_IsExtensionAvailable: %s=%s,?,false,00000000,6B3BD391,?,?,?,?,WGLGraphicsConfig_getWGLConfigInfo), ref: 6B39AAD7
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Trace$Implfprintfstrlen$Init@0fflushstrcspnstrncmpvfprintf
                                                                                  • String ID: OGLContext_IsExtensionAvailable: %s=%s$OGLContext_IsExtensionAvailable: extension string is null$false$true
                                                                                  • API String ID: 768495179-2176556697
                                                                                  • Opcode ID: c7c1883be826316d0c04408f917d5aa353287c6381a27384e30981c22f681756
                                                                                  • Instruction ID: ed5cff8fe9a13e294900f48161d3458fb958a9991de3e8e43c118e1e00290e59
                                                                                  • Opcode Fuzzy Hash: c7c1883be826316d0c04408f917d5aa353287c6381a27384e30981c22f681756
                                                                                  • Instruction Fuzzy Hash: A0016B31F483117BE62166286D49FDB73A8DB82359F040129FDD563200F72AA80442B2
                                                                                  Function 6B3AEA57 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 54COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _J2dTraceInit@0.AWT(?,6B354EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B3AEA63
                                                                                    • Part of subcall function 6B3AE9C4: getenv.MSVCR100 ref: 6B3AE9D4
                                                                                    • Part of subcall function 6B3AE9C4: sscanf.MSVCR100 ref: 6B3AE9F0
                                                                                    • Part of subcall function 6B3AE9C4: getenv.MSVCR100 ref: 6B3AEA0F
                                                                                    • Part of subcall function 6B3AE9C4: fopen.MSVCR100 ref: 6B3AEA1E
                                                                                    • Part of subcall function 6B3AE9C4: printf.MSVCR100 ref: 6B3AEA35
                                                                                    • Part of subcall function 6B3AE9C4: __iob_func.MSVCR100 ref: 6B3AEA46
                                                                                  • fprintf.MSVCR100 ref: 6B3AEABA
                                                                                  • vfprintf.MSVCR100 ref: 6B3AEACB
                                                                                  • fprintf.MSVCR100 ref: 6B3AEAE5
                                                                                  • fflush.MSVCR100 ref: 6B3AEAEF
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: fprintfgetenv$Init@0Trace__iob_funcfflushfopenprintfsscanfvfprintf
                                                                                  • String ID: [E] $[I] $[V] $[W] $[X]
                                                                                  • API String ID: 3824705280-1883721685
                                                                                  • Opcode ID: d5229d959e0f0a1865edecfbdb5284ce52fc12ff713a587562fffd3896bc78c8
                                                                                  • Instruction ID: d97d662cd34a4bcff6d048bf5d539ead76efef35a5eff854d4c15fe86dd09d2b
                                                                                  • Opcode Fuzzy Hash: d5229d959e0f0a1865edecfbdb5284ce52fc12ff713a587562fffd3896bc78c8
                                                                                  • Instruction Fuzzy Hash: 34012931A787B8EEFF00BB54D944A743B68F703358F344056E81091091D73E9964EB72
                                                                                  Function 6B3CE06C Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 54COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3CE073
                                                                                    • Part of subcall function 6B3CDA79: wcscmp.MSVCR100 ref: 6B3CDB11
                                                                                    • Part of subcall function 6B3CDA79: _JNU_GetEnv@8.JAVA(00010002), ref: 6B3CDB33
                                                                                    • Part of subcall function 6B3CDA79: wcslen.MSVCR100 ref: 6B3CDB3F
                                                                                    • Part of subcall function 6B3CDA79: free.MSVCR100 ref: 6B3CDB56
                                                                                    • Part of subcall function 6B3CDA79: ??3@YAXPAX@Z.MSVCR100(?), ref: 6B3CDBA8
                                                                                    • Part of subcall function 6B3CDA79: _CxxThrowException.MSVCR100(?,?), ref: 6B3CDBC4
                                                                                    • Part of subcall function 6B3CDA79: wcslen.MSVCR100 ref: 6B3CDB67
                                                                                    • Part of subcall function 6B3CDA79: _JNU_GetEnv@8.JAVA(00010002), ref: 6B3CDBF7
                                                                                    • Part of subcall function 6B3CDA79: wcslen.MSVCR100 ref: 6B3CDC01
                                                                                    • Part of subcall function 6B3CDA79: _JNU_GetEnv@8.JAVA(00010002), ref: 6B3CDC1E
                                                                                    • Part of subcall function 6B3CDA79: _JNU_GetEnv@8.JAVA(00010002), ref: 6B3CDC56
                                                                                    • Part of subcall function 6B3CDA79: _JNU_GetEnv@8.JAVA(00010002), ref: 6B3CDC69
                                                                                    • Part of subcall function 6B3CDA79: ??3@YAXPAX@Z.MSVCR100(?), ref: 6B3CDC78
                                                                                    • Part of subcall function 6B3CDA79: _JNU_GetEnv@8.JAVA(00010002), ref: 6B3CDB81
                                                                                    • Part of subcall function 6B3CDA79: wcslen.MSVCR100 ref: 6B3CDB8B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Env@8$wcslen$??3@$ExceptionH_prolog3_catchThrowfreewcscmp
                                                                                  • String ID: DISPLAY$f4@k\4@kR4@kH4@k$win.ansiFixed.font$win.ansiVar.font$win.defaultGUI.font$win.deviceDefault.font$win.oemFixed.font$win.system.font$win.systemFixed.font
                                                                                  • API String ID: 912931181-1036115313
                                                                                  • Opcode ID: fb50f369b00727821e254371f654e64abc434f92f7c4c2fc5e4dcb03190679b3
                                                                                  • Instruction ID: 9b1fab3b460851e5cc3b3766650c0b98aecb1f6aa245ba238d7585c286b767b9
                                                                                  • Opcode Fuzzy Hash: fb50f369b00727821e254371f654e64abc434f92f7c4c2fc5e4dcb03190679b3
                                                                                  • Instruction Fuzzy Hash: B80128B87D525436F925A7B44CA3FBF269E5BA9748F45001AB182B62D0CFAC0C0163F6
                                                                                  Function 6B3540F0 Relevance: 16.8, APIs: 11, Instructions: 260COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _GetNativePrim@8.AWT(?,?), ref: 6B354152
                                                                                    • Part of subcall function 6B37F1F0: _JNU_ThrowInternalError@8.JAVA(?,Non-native Primitive invoked natively,?,?,6B354157,?,?), ref: 6B37F219
                                                                                  • _Region_GetInfo@12.AWT(?,?,?,?,?), ref: 6B354185
                                                                                  • _SurfaceData_GetOps@8.AWT(?,?,?,?,?,?,?), ref: 6B354198
                                                                                  • _SurfaceData_GetOps@8.AWT(?,?,?,?,?,?,?,?,?), ref: 6B3541B1
                                                                                  • _SurfaceData_IntersectBounds@8.AWT(?,?,?,?,?,?,?,?,?,?,?), ref: 6B35422F
                                                                                  • _SurfaceData_IntersectBlitBounds@16.AWT(?,?,?,?), ref: 6B354290
                                                                                  • _SurfaceData_IntersectBounds@8.AWT(?,?,?,?,?,?), ref: 6B3542A2
                                                                                  • _Region_StartIteration@8.AWT(?,?), ref: 6B354326
                                                                                  • _Region_NextIteration@8.AWT(?,?,?,?), ref: 6B354338
                                                                                  • _Region_NextIteration@8.AWT(?,?), ref: 6B3543D4
                                                                                  • _Region_EndIteration@8.AWT(?,?,?,?,?,?), ref: 6B3543EE
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Data_Region_Surface$Iteration@8$Intersect$Bounds@8NextOps@8$BlitBounds@16Error@8Info@12InternalNativePrim@8StartThrow
                                                                                  • String ID:
                                                                                  • API String ID: 662380520-0
                                                                                  • Opcode ID: 35462427ec44c38d42513c02497419baf5555c49e8e09b508e516097c82ab558
                                                                                  • Instruction ID: 2fe341bd8db9286a98e7e668ccf0c9ad4af6e3fb4c79e4fe4b5ad8aebeae854f
                                                                                  • Opcode Fuzzy Hash: 35462427ec44c38d42513c02497419baf5555c49e8e09b508e516097c82ab558
                                                                                  • Instruction Fuzzy Hash: 5EA1F771248345AFD328DF54C890EABB7E9FFC9704F44891DE59987204E738EA15CBA2
                                                                                  Function 6B3E2CD9 Relevance: 16.6, APIs: 11, Instructions: 144stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3E2CE0
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  • getJavaIDFromLangID.JAVA(00000000), ref: 6B3E2D1B
                                                                                  • strcmp.MSVCR100 ref: 6B3E2D29
                                                                                  • free.MSVCR100 ref: 6B3E2D42
                                                                                  • free.MSVCR100 ref: 6B3E2D4E
                                                                                  • getJavaIDFromLangID.JAVA(00000000), ref: 6B3E2DD8
                                                                                  • strcmp.MSVCR100 ref: 6B3E2DE9
                                                                                  • free.MSVCR100 ref: 6B3E2E1D
                                                                                  • free.MSVCR100 ref: 6B3E2E37
                                                                                  • free.MSVCR100 ref: 6B3E2E49
                                                                                  • _CxxThrowException.MSVCR100(?,6B429388), ref: 6B3E2E6D
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: free$ExceptionFromJavaLangThrowstrcmp$CreateCurrentEnv@8EventH_prolog3_catchObjectSingleThreadWait
                                                                                  • String ID:
                                                                                  • API String ID: 4251823016-0
                                                                                  • Opcode ID: 20ddc1561ff8f8d735980b658c44e9703a5a88a8350c064f98e4fdf76617bd78
                                                                                  • Instruction ID: 0f3c8ec441423e55aed62a23eee9cc0185efe8b5cfe077c080bf6f67910f4926
                                                                                  • Opcode Fuzzy Hash: 20ddc1561ff8f8d735980b658c44e9703a5a88a8350c064f98e4fdf76617bd78
                                                                                  • Instruction Fuzzy Hash: 6641B136A0422A9FDF019FB8CD49AAF77B9AF4A315F00005AF9509A190DF39C816DB70
                                                                                  Function 6B3E0A20 Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 438COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • calloc.MSVCR100 ref: 6B3E0AAB
                                                                                  • _JNU_ThrowOutOfMemoryError@8.JAVA(?,Out of memory), ref: 6B3E0AC0
                                                                                    • Part of subcall function 6B4003B0: free.MSVCR100 ref: 6B4003C7
                                                                                    • Part of subcall function 6B4003B0: free.MSVCR100 ref: 6B4003D4
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: free$Error@8MemoryThrowcalloc
                                                                                  • String ID: Out of memory
                                                                                  • API String ID: 2512986758-696950042
                                                                                  • Opcode ID: 64d84bcfb3ae2379862f6102d315e4e504d017ca9144139fb4528c7d5c5aa94c
                                                                                  • Instruction ID: 15311535199bf786afaed84b6b2ea59a3ec9189a55d9b0d85576acb96d18e5e8
                                                                                  • Opcode Fuzzy Hash: 64d84bcfb3ae2379862f6102d315e4e504d017ca9144139fb4528c7d5c5aa94c
                                                                                  • Instruction Fuzzy Hash: BAF19D717083159FD310DF28C882F5BB7E9AB88704F04496EF98997341DB79E946CBA2
                                                                                  Function 6B3D4E8C Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 130COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  • Error:%08x in spSrc->CopyTo(spDst, si.cbSize, NULL, NULL), xrefs: 6B3D4FAE
                                                                                  • Error:%08x in E_INVALIDARG, xrefs: 6B3D4F1D
                                                                                  • Error:%08x in CreateStreamOnHGlobal( stgmedium.hGlobal, FALSE, &spSrc ), xrefs: 6B3D4EF5
                                                                                  • Error:%08x in spSrc->Stat(&si, STATFLAG_NONAME ), xrefs: 6B3D4F82
                                                                                  • Error:%08x in SHCreateStreamOnFile( pFileName, STGM_WRITE | STGM_CREATE, &spDst ), xrefs: 6B3D4F42
                                                                                  • Error:%08x in ExtractNativeData(CF_FILECONTENTS, lIndex, &stgmedium), xrefs: 6B3D4EBD
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog3_catch__com_raise_errormemset
                                                                                  • String ID: Error:%08x in CreateStreamOnHGlobal( stgmedium.hGlobal, FALSE, &spSrc )$Error:%08x in E_INVALIDARG$Error:%08x in ExtractNativeData(CF_FILECONTENTS, lIndex, &stgmedium)$Error:%08x in SHCreateStreamOnFile( pFileName, STGM_WRITE | STGM_CREATE, &spDst )$Error:%08x in spSrc->CopyTo(spDst, si.cbSize, NULL, NULL)$Error:%08x in spSrc->Stat(&si, STATFLAG_NONAME )
                                                                                  • API String ID: 2483397267-3596637406
                                                                                  • Opcode ID: 32c6dce5a1b1c02789fdc6c3d16224473438b73a7829efe9b3c9ad4787a8bb0c
                                                                                  • Instruction ID: 1cfdab2bb6643991d5ff21811bec97c229778e185e8393a95aefd01a6b10998a
                                                                                  • Opcode Fuzzy Hash: 32c6dce5a1b1c02789fdc6c3d16224473438b73a7829efe9b3c9ad4787a8bb0c
                                                                                  • Instruction Fuzzy Hash: 0D418A72E05258AFCB10EFE4C888E9EBBB9EB05348F10456DF505AB210C73A9D45DB60
                                                                                  Function 6B3EAE9B Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 85COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GlobalLock.KERNEL32(00000000), ref: 6B3EAEDB
                                                                                  • wcscmp.MSVCR100 ref: 6B3EAF10
                                                                                    • Part of subcall function 6B3EAE16: GlobalAlloc.KERNEL32(00000040,?,?,00000002,00000000,00000000,?,00000000,?,?,00000000,?,?,?,FILE:,6B3EAF1E), ref: 6B3EAE46
                                                                                  • wcscmp.MSVCR100 ref: 6B3EAF24
                                                                                  • wcslen.MSVCR100 ref: 6B3EAF32
                                                                                  • free.MSVCR100 ref: 6B3EAF7B
                                                                                  • GlobalUnlock.KERNEL32(?), ref: 6B3EAF88
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Global$wcscmp$AllocLockUnlockfreewcslen
                                                                                  • String ID: FILE:$WINSPOOL$f4@k\4@kR4@kH4@k
                                                                                  • API String ID: 1126228227-2425000317
                                                                                  • Opcode ID: c3dba6ac6198e8f055d9f438b3387b0ea943a841e7fda38af7af64fc111925e4
                                                                                  • Instruction ID: be74a0125da4d46e01626e06009ce8b5592b95cbba8b9f6891a37af6d8360357
                                                                                  • Opcode Fuzzy Hash: c3dba6ac6198e8f055d9f438b3387b0ea943a841e7fda38af7af64fc111925e4
                                                                                  • Instruction Fuzzy Hash: 8221D271608321AFEB016F29CC04A2B7BF8FF85354F01885FF894A5162D73AD5229B72
                                                                                  Function 6B3E8301 Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 60COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3E8308
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: CreateCurrentEnv@8EventExceptionH_prolog3_catchObjectSingleThreadThrowWait
                                                                                  • String ID: (Ljava/lang/Object;)Lsun/awt/windows/WObjectPeer;$Ljava/lang/Error;$Ljava/lang/Object;$createError$destroyed$getPeerForTarget$pData$target
                                                                                  • API String ID: 2376344244-897352690
                                                                                  • Opcode ID: 6bf953be952b61c82e609c3469e6d718faefaf3d6b393c6d7ff2790e42c0c996
                                                                                  • Instruction ID: f7ecd5c936a46fcdaca115883914ec9e18ba4a6b8d51017bf43b61e24d4b6bf1
                                                                                  • Opcode Fuzzy Hash: 6bf953be952b61c82e609c3469e6d718faefaf3d6b393c6d7ff2790e42c0c996
                                                                                  • Instruction Fuzzy Hash: AE115B34744291AFEB21EF758849E9A3BF8EF86349B0444AAB88497201CB39D041DF75
                                                                                  Function 6B3AE9C4 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 51fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: getenv$__iob_funcfopenprintfsscanf
                                                                                  • String ID: J2D_TRACE_FILE$J2D_TRACE_LEVEL$[E]: Error opening trace file %s
                                                                                  • API String ID: 3900815957-32029167
                                                                                  • Opcode ID: 960408d47febaf6fb67f574a983cea3fd6367c6d21d6f2b54c053604ac6ffe0b
                                                                                  • Instruction ID: 68e10b6e8444aaa9a1b8aaa7bded0a60647af108cafad99d36ee5c7f4d932e6a
                                                                                  • Opcode Fuzzy Hash: 960408d47febaf6fb67f574a983cea3fd6367c6d21d6f2b54c053604ac6ffe0b
                                                                                  • Instruction Fuzzy Hash: 9301B571A28761EFFB04BB68994CAA53BE8EB07365B300149E401D6182E736D500BA70
                                                                                  Function 6B39AC40 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 42COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetStaticFieldByName@20.JAVA(?,00000000,sun/java2d/opengl/OGLSurfaceData,isLCDShaderEnabled,6B409480), ref: 6B39AC60
                                                                                  • J2dTraceImpl.AWT(00000003,00000001,OGLContext_IsLCDShaderSupportAvailable: disabled via flag,?,00000000,sun/java2d/opengl/OGLSurfaceData,isLCDShaderEnabled,6B409480), ref: 6B39AC76
                                                                                    • Part of subcall function 6B3AEA57: _J2dTraceInit@0.AWT(?,6B354EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B3AEA63
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEABA
                                                                                    • Part of subcall function 6B3AEA57: vfprintf.MSVCR100 ref: 6B3AEACB
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEAE5
                                                                                    • Part of subcall function 6B3AEA57: fflush.MSVCR100 ref: 6B3AEAEF
                                                                                  • J2dTraceImpl.AWT(00000003,00000001,OGLContext_IsLCDShaderSupportAvailable: not enough tex units (%d),00000000), ref: 6B39ACA7
                                                                                  • J2dTraceImpl.AWT(00000003,00000001,OGLContext_IsLCDShaderSupportAvailable: LCD text shader supported), ref: 6B39ACB8
                                                                                  Strings
                                                                                  • OGLContext_IsLCDShaderSupportAvailable: not enough tex units (%d), xrefs: 6B39AC9E
                                                                                  • OGLContext_IsLCDShaderSupportAvailable: disabled via flag, xrefs: 6B39AC6D
                                                                                  • OGLContext_IsLCDShaderSupportAvailable: LCD text shader supported, xrefs: 6B39ACAF
                                                                                  • isLCDShaderEnabled, xrefs: 6B39AC53
                                                                                  • sun/java2d/opengl/OGLSurfaceData, xrefs: 6B39AC58
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Trace$Impl$fprintf$FieldInit@0Name@20Staticfflushvfprintf
                                                                                  • String ID: OGLContext_IsLCDShaderSupportAvailable: LCD text shader supported$OGLContext_IsLCDShaderSupportAvailable: disabled via flag$OGLContext_IsLCDShaderSupportAvailable: not enough tex units (%d)$isLCDShaderEnabled$sun/java2d/opengl/OGLSurfaceData
                                                                                  • API String ID: 3136869086-3733076949
                                                                                  • Opcode ID: 071aa80206c981aec22c0e496a87977f24162b70ea4303b1efe6a712ea86eb30
                                                                                  • Instruction ID: 16f690c0ea98e021e27dc4fde3598808154d0f5015583003fd75dc4ca092d344
                                                                                  • Opcode Fuzzy Hash: 071aa80206c981aec22c0e496a87977f24162b70ea4303b1efe6a712ea86eb30
                                                                                  • Instruction Fuzzy Hash: BEF0F6B1F683417BFA106A645C03F693374AB94B08F504958F5A8B92C0E7AF51198673
                                                                                  Function 6B3A8380 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 201COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,private data), ref: 6B3A83A9
                                                                                  • _JNU_ThrowInternalError@8.JAVA(?,bad path delivery sequence), ref: 6B3A83C2
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Throw$Error@8Exception@8InternalNullPointer
                                                                                  • String ID: bad path delivery sequence$path segment data$private data
                                                                                  • API String ID: 1693744675-460574378
                                                                                  • Opcode ID: ee1da4a51a33ee6a5fbccdaeb8455523063c80eab35c67eb5e270f8267421ce5
                                                                                  • Instruction ID: 6bfb7c7fe4089dad70ee059cad6a0362e5f556ff6f75d75ca23c6d6529febbe2
                                                                                  • Opcode Fuzzy Hash: ee1da4a51a33ee6a5fbccdaeb8455523063c80eab35c67eb5e270f8267421ce5
                                                                                  • Instruction Fuzzy Hash: 36716B72A08741DFC322AF15D14829BBFB0FF81780F624D8CE5D2225A9E73694758F96
                                                                                  Function 6B366DE0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 171pipeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT ref: 6B366DEF
                                                                                  • ?GetAdapterOrdinalForScreen@D3DPipelineManager@@QAEIJ@Z.AWT(?), ref: 6B366E07
                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(00000000,?,?), ref: 6B366E16
                                                                                  • ?ConfigureContext@D3DContext@@QAEJPAU_D3DPRESENT_PARAMETERS_@@@Z.AWT(?), ref: 6B366E98
                                                                                    • Part of subcall function 6B369CF0: ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,xl6k,00000000,00000000,6B368ECD,00000000,00000000,00000000,00000000,00000000,?,6B366C78,00000000,00000000), ref: 6B369D21
                                                                                    • Part of subcall function 6B369CF0: ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,xl6k,00000000,00000000,6B368ECD,00000000,00000000,00000000,00000000,00000000,?,6B366C78,00000000,00000000), ref: 6B369D28
                                                                                  Strings
                                                                                  • D3DGD_configDisplayModeNative: no 16-bit formats, xrefs: 6B366F78
                                                                                  • D3DGD_configDisplayModeNative: unsupported depth: %d, xrefs: 6B366FAC
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Manager@@Pipeline$Context@$Context@@@Instance@$AdapterConfigureContext@@OrdinalS_@@@Screen@
                                                                                  • String ID: D3DGD_configDisplayModeNative: no 16-bit formats$D3DGD_configDisplayModeNative: unsupported depth: %d
                                                                                  • API String ID: 1996268019-1250672074
                                                                                  • Opcode ID: 711f5aaffbe61c46fdf35d3158a1c85b75b76f2978b9b9a2b8c27a452ed46d24
                                                                                  • Instruction ID: a2a6d8f5b91514dd565420f81579b4a88ddc436ca9c6ef3033a3aadd68416755
                                                                                  • Opcode Fuzzy Hash: 711f5aaffbe61c46fdf35d3158a1c85b75b76f2978b9b9a2b8c27a452ed46d24
                                                                                  • Instruction Fuzzy Hash: FD519131B043409BD310DF28C881AAFB7E5AFC9784F50492DF6949B245EB7AD8058BE2
                                                                                  Function 6B3FC9ED Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 161COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3FCA01
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null target), ref: 6B3FCBB7
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B3FCBC6
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ??3@Env@8Exception@8NullPointerThrow
                                                                                  • String ID: null pData$null target$peer
                                                                                  • API String ID: 2303478036-3834951249
                                                                                  • Opcode ID: 3a174be1a407eda8e5cb0b91b39841869296166e6ab104bf280f39428a559dd8
                                                                                  • Instruction ID: 6843db8e73af180e36bb379ed94203405f4fd5a0de7490d57f04bb598183d650
                                                                                  • Opcode Fuzzy Hash: 3a174be1a407eda8e5cb0b91b39841869296166e6ab104bf280f39428a559dd8
                                                                                  • Instruction Fuzzy Hash: B7510835A40204EFDF02EFA4C988EAEBBB9FF09340F1040A9F94597255DB359992DF90
                                                                                  Function 6B3A8010 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 153COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,private data), ref: 6B3A8039
                                                                                  • _JNU_ThrowInternalError@8.JAVA(?,bad path delivery sequence), ref: 6B3A8052
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Throw$Error@8Exception@8InternalNullPointer
                                                                                  • String ID: bad path delivery sequence$path segment data$private data
                                                                                  • API String ID: 1693744675-460574378
                                                                                  • Opcode ID: 1326e8bdedb92e2defa02e590a21f78cd9986c20e81c3e3a2556380848bcdd96
                                                                                  • Instruction ID: 209cca4b5d1b705721337787bdd67319961470b4c28941d4755090b42d089a99
                                                                                  • Opcode Fuzzy Hash: 1326e8bdedb92e2defa02e590a21f78cd9986c20e81c3e3a2556380848bcdd96
                                                                                  • Instruction Fuzzy Hash: CD517C72A09751EFC322AF15E248657BFB0FF81740F614D8CE1C6229A9D335A4758F92
                                                                                  Function 6B3C2799 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 142COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3C27AC
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B3C27D7
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null items,?,00010002), ref: 6B3C2831
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B3C2920
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Exception@8NullPointerThrow$??3@Env@8
                                                                                  • String ID: null items$null pData$peer
                                                                                  • API String ID: 3243432782-2031890214
                                                                                  • Opcode ID: abc888bb49330b55b5e8c249de594c077e3a53f5629e054e5e4cabfd656ce53b
                                                                                  • Instruction ID: 9c13d58d9bf202968349d8020dbdbc0e676d5cb8894a587d5574d93f1aeee908
                                                                                  • Opcode Fuzzy Hash: abc888bb49330b55b5e8c249de594c077e3a53f5629e054e5e4cabfd656ce53b
                                                                                  • Instruction Fuzzy Hash: A7513A31A00609EFDB12AF94CD89FAEBBB5FF09304F1000A5F945A6251C739D991DF66
                                                                                  Function 6B3A81E0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 137COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,private data), ref: 6B3A8209
                                                                                  • _JNU_ThrowInternalError@8.JAVA(?,bad path delivery sequence), ref: 6B3A8222
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Throw$Error@8Exception@8InternalNullPointer
                                                                                  • String ID: bad path delivery sequence$path segment data$private data
                                                                                  • API String ID: 1693744675-460574378
                                                                                  • Opcode ID: ce69fcd96ad3c1bc0bc150827c5c3dfc4af6b8c3aa4ecd3aa4ecaea950a5f8fb
                                                                                  • Instruction ID: 592b6db84ed4299ddaad8099ecd7754a93f18775021d92454158073fbf4080e2
                                                                                  • Opcode Fuzzy Hash: ce69fcd96ad3c1bc0bc150827c5c3dfc4af6b8c3aa4ecd3aa4ecaea950a5f8fb
                                                                                  • Instruction Fuzzy Hash: 8F413832A09601EFC722AF15E1486ABBFB0FFC1740F514C8CE1C6225A9D73598759E92
                                                                                  Function 6B39AF70 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 124COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • J2dTraceImpl.AWT(00000002,00000001,OGLContext_CreateFragmentProgram: linker msg (%d):%s,00000001,?), ref: 6B39B0B8
                                                                                  • J2dTraceImpl.AWT(00000002,00000001,OGLContext_CreateFragmentProgram: compiler msg (%d):%s,00000001,?), ref: 6B39B00B
                                                                                    • Part of subcall function 6B3AEA57: _J2dTraceInit@0.AWT(?,6B354EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B3AEA63
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEABA
                                                                                    • Part of subcall function 6B3AEA57: vfprintf.MSVCR100 ref: 6B3AEACB
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEAE5
                                                                                    • Part of subcall function 6B3AEA57: fflush.MSVCR100 ref: 6B3AEAEF
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,OGLContext_CreateFragmentProgram: error compiling shader), ref: 6B39B023
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,OGLContext_CreateFragmentProgram: error linking shader), ref: 6B39B0D0
                                                                                  Strings
                                                                                  • OGLContext_CreateFragmentProgram: compiler msg (%d):%s, xrefs: 6B39B002
                                                                                  • OGLContext_CreateFragmentProgram: error compiling shader, xrefs: 6B39B01A
                                                                                  • OGLContext_CreateFragmentProgram: error linking shader, xrefs: 6B39B0C7
                                                                                  • OGLContext_CreateFragmentProgram: linker msg (%d):%s, xrefs: 6B39B0AF
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Trace$Impl$fprintf$Init@0fflushvfprintf
                                                                                  • String ID: OGLContext_CreateFragmentProgram: compiler msg (%d):%s$OGLContext_CreateFragmentProgram: error compiling shader$OGLContext_CreateFragmentProgram: error linking shader$OGLContext_CreateFragmentProgram: linker msg (%d):%s
                                                                                  • API String ID: 1961874229-1394464611
                                                                                  • Opcode ID: c5f6871a7156ca6196d0093c139cf042e2036f4df9884bcdd31a04170c7db1a6
                                                                                  • Instruction ID: 607be2d9d87866cdd62f7093e6290f41d9da5dc811789fb76f89c2ba4d9793fd
                                                                                  • Opcode Fuzzy Hash: c5f6871a7156ca6196d0093c139cf042e2036f4df9884bcdd31a04170c7db1a6
                                                                                  • Instruction Fuzzy Hash: EB419FB1654301BFE710BB20CD8AFAF77A8EBC9705F40851CF24995180EBB894459BA3
                                                                                  Function 6B3D6FBF Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 100COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3D6FC6
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,Can't access widths.), ref: 6B3D6FE7
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Throw$CreateCurrentEnv@8EventExceptionException@8H_prolog3_catchNullObjectPointerSingleThreadWait
                                                                                  • String ID: Can't access str bytes.$Can't access widths array.$Can't access widths.$bytes argument$off or len argument
                                                                                  • API String ID: 608574450-1927489194
                                                                                  • Opcode ID: 85e920b60b56e6aedf2f5cf408b8ba3c2c3630f25e363c993405c3421c83d548
                                                                                  • Instruction ID: ca550358a499d83e83e39f019d6d4cf50f38f7f601d9e8e4e594e044c503b3ea
                                                                                  • Opcode Fuzzy Hash: 85e920b60b56e6aedf2f5cf408b8ba3c2c3630f25e363c993405c3421c83d548
                                                                                  • Instruction Fuzzy Hash: 1A417E35600549EFCF22DF64C948D9E7FB9EF49304F20445EF95597211C7398A50DBA1
                                                                                  Function 6B36A71D Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 86pipeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ?SetTransform@D3DContext@@QAEJNNNNNN@Z.AWT ref: 6B36A74A
                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC6C
                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC73
                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6C3E5A58,00010002), ref: 6B36ACC2
                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B36ACD6
                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B36AD08
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6C3E5A58,00010002), ref: 6B36AD21
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Context@@$Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@TraceTransform@
                                                                                  • String ID: ()V$run
                                                                                  • API String ID: 210851641-1990820779
                                                                                  • Opcode ID: 79dafcec5c3b3289372980e5428f3795269b938ca27e4a64b46832becf33a77c
                                                                                  • Instruction ID: 64e6c42aef00b7b3fb71b41340034912974ba9ce2394e4e77b40520966a055c3
                                                                                  • Opcode Fuzzy Hash: 79dafcec5c3b3289372980e5428f3795269b938ca27e4a64b46832becf33a77c
                                                                                  • Instruction Fuzzy Hash: 2331DF747002118BEB00EB35D4D0A2EB7E5FFC9394F110898D9C887269FB3AD864C762
                                                                                  Function 6B39A380 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 81COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,OGLContext_SetSurfaces: texture cannot be used as destination), ref: 6B39A3AB
                                                                                    • Part of subcall function 6B3AEA57: _J2dTraceInit@0.AWT(?,6B354EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B3AEA63
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEABA
                                                                                    • Part of subcall function 6B3AEA57: vfprintf.MSVCR100 ref: 6B3AEACB
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEAE5
                                                                                    • Part of subcall function 6B3AEA57: fflush.MSVCR100 ref: 6B3AEAEF
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,OGLContext_SetSurfaces: could not init OGL window), ref: 6B39A3D8
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,OGLContext_SetSurfaces: ops are null), ref: 6B39A43B
                                                                                  Strings
                                                                                  • OGLContext_SetSurfaces: could not make context current, xrefs: 6B39A3F7
                                                                                  • OGLContext_SetSurfaces: texture cannot be used as destination, xrefs: 6B39A3A2
                                                                                  • OGLContext_SetSurfaces: could not init OGL window, xrefs: 6B39A3CF
                                                                                  • OGLContext_SetSurfaces: ops are null, xrefs: 6B39A432
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Trace$Impl$fprintf$Init@0fflushvfprintf
                                                                                  • String ID: OGLContext_SetSurfaces: could not init OGL window$OGLContext_SetSurfaces: could not make context current$OGLContext_SetSurfaces: ops are null$OGLContext_SetSurfaces: texture cannot be used as destination
                                                                                  • API String ID: 1961874229-3679325416
                                                                                  • Opcode ID: d6f6e802c9a8173a5fd5162ae45105484b09b18675b8f2c9e61a2eb9e5b89bf6
                                                                                  • Instruction ID: 1b45d881fd84108bcb9e53210a8c691a77929f07016b9858da60c94f49fb3940
                                                                                  • Opcode Fuzzy Hash: d6f6e802c9a8173a5fd5162ae45105484b09b18675b8f2c9e61a2eb9e5b89bf6
                                                                                  • Instruction Fuzzy Hash: C0113A72F8831027E71065793CC2FCB33959FE072AF140179F988A6281F39F805452B2
                                                                                  Function 6B368726 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 81COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DPPLM::CheckForBadHardware: found matching hardware: VendorId=0x%04x DeviceId=0x%04x,?,?), ref: 6B3687A1
                                                                                  • J2dTraceImpl.AWT(00000001,00000001, bad driver found, device disabled), ref: 6B3687BB
                                                                                  • J2dTraceImpl.AWT(00000001,00000001, update your driver to at least version %d.%d.%d.%d,FFFFFFFF,00000000,FFFFFFFF,?,00000001,00000001, bad driver found, device disabled), ref: 6B3687D9
                                                                                  • J2dTraceImpl.AWT(00000002,00000001, Warning: hw/driver match overridden (via J2D_D3D_NO_HWCHECK)), ref: 6B368806
                                                                                  Strings
                                                                                  • Warning: hw/driver match overridden (via J2D_D3D_NO_HWCHECK), xrefs: 6B3687FD
                                                                                  • bad driver found, device disabled, xrefs: 6B3687B2
                                                                                  • update your driver to at least version %d.%d.%d.%d, xrefs: 6B3687D0
                                                                                  • D3DPPLM::CheckForBadHardware: found matching hardware: VendorId=0x%04x DeviceId=0x%04x, xrefs: 6B368798
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ImplTrace
                                                                                  • String ID: Warning: hw/driver match overridden (via J2D_D3D_NO_HWCHECK)$ bad driver found, device disabled$ update your driver to at least version %d.%d.%d.%d$D3DPPLM::CheckForBadHardware: found matching hardware: VendorId=0x%04x DeviceId=0x%04x
                                                                                  • API String ID: 2049967658-289879705
                                                                                  • Opcode ID: 82b5aef4029938525a425a6ee1f8551a9c3135873c860988a755e0765d58389a
                                                                                  • Instruction ID: f4b25a3c53a84d38b18074b92a85dc5ca0be2c0f2732807dc0315b1b2ec546dd
                                                                                  • Opcode Fuzzy Hash: 82b5aef4029938525a425a6ee1f8551a9c3135873c860988a755e0765d58389a
                                                                                  • Instruction Fuzzy Hash: 35212C31B143109BDB209A258C81F6A33A4FF457A8F150667F578A61D7F76FE061C2A2
                                                                                  Function 6B36A8D0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 77pipeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ?HandleLostDevices@D3DPipelineManager@@QAEJXZ.AWT ref: 6B36A8D4
                                                                                    • Part of subcall function 6B369140: memset.MSVCR100 ref: 6B36917C
                                                                                    • Part of subcall function 6B369140: GetTickCount.KERNEL32 ref: 6B3691A4
                                                                                    • Part of subcall function 6B369140: Sleep.KERNEL32(00000064), ref: 6B3691BB
                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC6C
                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC73
                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6C3E5A58,00010002), ref: 6B36ACC2
                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B36ACD6
                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B36AD08
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6C3E5A58,00010002), ref: 6B36AD21
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Manager@@Pipeline$Context@@$CallContext@Context@@@CountDevices@HandleImplInstance@LostMethodNameScene@SleepSync@TickTracememset
                                                                                  • String ID: ()V$run
                                                                                  • API String ID: 248119441-1990820779
                                                                                  • Opcode ID: 3ec7fc302fd62f1064a3a429880ddebe03f71622fbbf5f1750296f95d5e6ab26
                                                                                  • Instruction ID: 8c302d5eeb5e9eebdcaddbfe23c589581eb0855fa635cae260541654deabf6ef
                                                                                  • Opcode Fuzzy Hash: 3ec7fc302fd62f1064a3a429880ddebe03f71622fbbf5f1750296f95d5e6ab26
                                                                                  • Instruction Fuzzy Hash: D521ACB57002109FDB00EB35C9E0B2A33A6EFC9294F1144A8D949CB269FB7ADC11D7A1
                                                                                  Function 6B36A8A5 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 76pipeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT ref: 6B36A8A9
                                                                                    • Part of subcall function 6B364FB0: ?Render@D3DVertexCacher@@QAEJH@Z.AWT(00000000), ref: 6B364FC5
                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC6C
                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC73
                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6C3E5A58,00010002), ref: 6B36ACC2
                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B36ACD6
                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B36AD08
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Context@@$Manager@@PipelineScene@$Cacher@@CallContext@Context@@@Instance@MethodNameRender@Sync@Vertex
                                                                                  • String ID: ()V$run
                                                                                  • API String ID: 3165823349-1990820779
                                                                                  • Opcode ID: 7a515bad0100759c0a99651d69b2f0ad2901cb7ec01892872be5454a5f815256
                                                                                  • Instruction ID: cd22fe5ccda89a6ba8469a007998e3169e900e755397b8437c7ffe53ace913dd
                                                                                  • Opcode Fuzzy Hash: 7a515bad0100759c0a99651d69b2f0ad2901cb7ec01892872be5454a5f815256
                                                                                  • Instruction Fuzzy Hash: C221AFB57042104FDB04EB35C990B2E33A5AFCA294F1144A8E959CB259FB7ADC11D7A1
                                                                                  Function 6B36A8FE Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 74pipeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ?RestoreState@D3DContext@@QAEJXZ.AWT ref: 6B36A906
                                                                                    • Part of subcall function 6B3663B0: ?Render@D3DVertexCacher@@QAEJH@Z.AWT(00000000), ref: 6B3663BE
                                                                                    • Part of subcall function 6B3663B0: ?UpdateState@D3DContext@@QAEJC@Z.AWT(00000000), ref: 6B3663C7
                                                                                    • Part of subcall function 6B3663B0: memset.MSVCR100 ref: 6B366404
                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC6C
                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC73
                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6C3E5A58,00010002), ref: 6B36ACC2
                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B36ACD6
                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B36AD08
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6C3E5A58,00010002), ref: 6B36AD21
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Context@@$Manager@@PipelineState@$Cacher@@CallContext@Context@@@ImplInstance@MethodNameRender@RestoreScene@Sync@TraceUpdateVertexmemset
                                                                                  • String ID: ()V$run
                                                                                  • API String ID: 307790130-1990820779
                                                                                  • Opcode ID: 48197aad3618f6770ff0dd04394c6fd044c7479be04f26745a6dcf6ad78bdb83
                                                                                  • Instruction ID: 74e3a610b36a72b8c19edd8fe526c560cebe27eeeb5a7de1485b8d450e312fd9
                                                                                  • Opcode Fuzzy Hash: 48197aad3618f6770ff0dd04394c6fd044c7479be04f26745a6dcf6ad78bdb83
                                                                                  • Instruction Fuzzy Hash: F821CF757002104FDA00EB35C9D0B3A33A5AFC92D4F100498D949CB269FB3EDC11D7A1
                                                                                  Function 6B36A8EC Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 74pipeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ?SaveState@D3DContext@@QAEJXZ.AWT ref: 6B36A8F4
                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC6C
                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC73
                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6C3E5A58,00010002), ref: 6B36ACC2
                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B36ACD6
                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B36AD08
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6C3E5A58,00010002), ref: 6B36AD21
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Context@@$Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameSaveScene@State@Sync@Trace
                                                                                  • String ID: ()V$run
                                                                                  • API String ID: 3520596367-1990820779
                                                                                  • Opcode ID: 99ee277f702b0a1edc99273113751645955abda890d4eaaaccc8b23861eabfaf
                                                                                  • Instruction ID: b7d9ffa1f82fc17a67b35e96140c549d83cad735ed1ee1a567ec303937300ecc
                                                                                  • Opcode Fuzzy Hash: 99ee277f702b0a1edc99273113751645955abda890d4eaaaccc8b23861eabfaf
                                                                                  • Instruction Fuzzy Hash: E021CF757002104FDA00EB35C9D0B3A33A5AFC92D4F100498D949CB269FB3EDC11D7A1
                                                                                  Function 6B36A70A Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 74pipeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ?ResetComposite@D3DContext@@QAEJXZ.AWT ref: 6B36A712
                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC6C
                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC73
                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6C3E5A58,00010002), ref: 6B36ACC2
                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B36ACD6
                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B36AD08
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6C3E5A58,00010002), ref: 6B36AD21
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Context@@$Manager@@Pipeline$CallComposite@Context@Context@@@ImplInstance@MethodNameResetScene@Sync@Trace
                                                                                  • String ID: ()V$run
                                                                                  • API String ID: 4174294933-1990820779
                                                                                  • Opcode ID: 81abe62927d6848c9c16939f9839f16266242a73237fb211cb35c3ab777c31ff
                                                                                  • Instruction ID: bab7d9d7e29d8fb76cab275e251a0e90b9eb8ac6379eb907ce28413447064bfe
                                                                                  • Opcode Fuzzy Hash: 81abe62927d6848c9c16939f9839f16266242a73237fb211cb35c3ab777c31ff
                                                                                  • Instruction Fuzzy Hash: B021CF757002104FDA00EB35C9D0B3A33A5AFC92D4F100498D949CB269FB7EDC11D7A1
                                                                                  Function 6B36A754 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 74pipeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ?ResetTransform@D3DContext@@QAEJXZ.AWT ref: 6B36A75C
                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC6C
                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC73
                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6C3E5A58,00010002), ref: 6B36ACC2
                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B36ACD6
                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B36AD08
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6C3E5A58,00010002), ref: 6B36AD21
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Context@@$Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameResetScene@Sync@TraceTransform@
                                                                                  • String ID: ()V$run
                                                                                  • API String ID: 968191137-1990820779
                                                                                  • Opcode ID: a87df3657aa2b8d465d90a87de1de413278ed7743e6f0928ba77b4734f3fc9b1
                                                                                  • Instruction ID: daaf79fc6b642dd94a87ffa5c839ca14764a2bbc39f7d2602c4820b6a387406a
                                                                                  • Opcode Fuzzy Hash: a87df3657aa2b8d465d90a87de1de413278ed7743e6f0928ba77b4734f3fc9b1
                                                                                  • Instruction Fuzzy Hash: 2621CF757002144FDA04EB35C9E0B3A33A5AFC92D4F1104A8D949CB269FB3EDC11D7A1
                                                                                  Function 6B3BCD97 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 70COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • J2dTraceImpl.AWT(00000004,00000000,true,?,?,?,?,00000000,00000004,?,?), ref: 6B3BCE1B
                                                                                  • J2dTraceImpl.AWT(00000004,00000000,false (large depth),?,?,00000000,?,00000000,00000004,?,?), ref: 6B3BCE31
                                                                                  • J2dTraceImpl.AWT(00000004,00000000,[V] pixfmt=%d db=%d alpha=%d depth=%d stencil=%d valid=,?,?,?,?,?), ref: 6B3BCE04
                                                                                    • Part of subcall function 6B3AEA57: _J2dTraceInit@0.AWT(?,6B354EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B3AEA63
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEABA
                                                                                    • Part of subcall function 6B3AEA57: vfprintf.MSVCR100 ref: 6B3AEACB
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEAE5
                                                                                    • Part of subcall function 6B3AEA57: fflush.MSVCR100 ref: 6B3AEAEF
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,WGLGC_GetPixelFormatForDC: could not find appropriate pixfmt), ref: 6B3BCE60
                                                                                  Strings
                                                                                  • true, xrefs: 6B3BCE12
                                                                                  • [V] pixfmt=%d db=%d alpha=%d depth=%d stencil=%d valid=, xrefs: 6B3BCDFB
                                                                                  • " , xrefs: 6B3BCDBC
                                                                                  • # , xrefs: 6B3BCDC4
                                                                                  • WGLGC_GetPixelFormatForDC: could not find appropriate pixfmt, xrefs: 6B3BCE59
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Trace$Impl$fprintf$Init@0fflushvfprintf
                                                                                  • String ID: " $# $WGLGC_GetPixelFormatForDC: could not find appropriate pixfmt$[V] pixfmt=%d db=%d alpha=%d depth=%d stencil=%d valid=$true
                                                                                  • API String ID: 1961874229-1123049345
                                                                                  • Opcode ID: 729f7ebfd34b78bb8551a8504c7504c2ae5a82a6bcd422964c104d1b7fd601b0
                                                                                  • Instruction ID: b085bcdaf89cc488e6b7986bace1c65474837a5022f4849dceb0ae68e1f09de2
                                                                                  • Opcode Fuzzy Hash: 729f7ebfd34b78bb8551a8504c7504c2ae5a82a6bcd422964c104d1b7fd601b0
                                                                                  • Instruction Fuzzy Hash: F7219272648350EBD320DF58C885F1BF7E4FBD8714F50081CF688A7240D7B9A8048BA2
                                                                                  Function 6B3BCD95 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 69COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • J2dTraceImpl.AWT(00000004,00000000,true,?,?,?,?,00000000,00000004,?,?), ref: 6B3BCE1B
                                                                                  • J2dTraceImpl.AWT(00000004,00000000,false (large depth),?,?,00000000,?,00000000,00000004,?,?), ref: 6B3BCE31
                                                                                  • J2dTraceImpl.AWT(00000004,00000000,[V] pixfmt=%d db=%d alpha=%d depth=%d stencil=%d valid=,?,?,?,?,?), ref: 6B3BCE04
                                                                                    • Part of subcall function 6B3AEA57: _J2dTraceInit@0.AWT(?,6B354EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B3AEA63
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEABA
                                                                                    • Part of subcall function 6B3AEA57: vfprintf.MSVCR100 ref: 6B3AEACB
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEAE5
                                                                                    • Part of subcall function 6B3AEA57: fflush.MSVCR100 ref: 6B3AEAEF
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,WGLGC_GetPixelFormatForDC: could not find appropriate pixfmt), ref: 6B3BCE60
                                                                                  Strings
                                                                                  • true, xrefs: 6B3BCE12
                                                                                  • [V] pixfmt=%d db=%d alpha=%d depth=%d stencil=%d valid=, xrefs: 6B3BCDFB
                                                                                  • " , xrefs: 6B3BCDBC
                                                                                  • # , xrefs: 6B3BCDC4
                                                                                  • WGLGC_GetPixelFormatForDC: could not find appropriate pixfmt, xrefs: 6B3BCE59
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Trace$Impl$fprintf$Init@0fflushvfprintf
                                                                                  • String ID: " $# $WGLGC_GetPixelFormatForDC: could not find appropriate pixfmt$[V] pixfmt=%d db=%d alpha=%d depth=%d stencil=%d valid=$true
                                                                                  • API String ID: 1961874229-1123049345
                                                                                  • Opcode ID: 5e53efca062c3ba7417f2b2a4194d81e4187a51f5fff205952ea4b3f69a2afda
                                                                                  • Instruction ID: 63e6e9e3ca7a266bd50e18fbe00b45cd450618fd7fae7780aee20456f8cf5907
                                                                                  • Opcode Fuzzy Hash: 5e53efca062c3ba7417f2b2a4194d81e4187a51f5fff205952ea4b3f69a2afda
                                                                                  • Instruction Fuzzy Hash: EC218472659350EBD320DF58C885F1BB7E4FBD8714F50081CF68867240D7B9A90487A2
                                                                                  Function 6B362850 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 379COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ?IsTextureFilteringSupported@D3DContext@@QAEHW4_D3DTEXTUREFILTERTYPE@@@Z.AWT(00000001), ref: 6B362893
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DBlitToSurfaceViaTexture: could not init blit tile,00000100,00000100,?,?,00000001), ref: 6B36290D
                                                                                    • Part of subcall function 6B3AEA57: _J2dTraceInit@0.AWT(?,6B354EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B3AEA63
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEABA
                                                                                    • Part of subcall function 6B3AEA57: vfprintf.MSVCR100 ref: 6B3AEACB
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEAE5
                                                                                    • Part of subcall function 6B3AEA57: fflush.MSVCR100 ref: 6B3AEAEF
                                                                                  • ?BeginScene@D3DContext@@QAEJC@Z.AWT(00000008,00000100,00000100,?,?,00000001), ref: 6B3629A0
                                                                                  • ?SetTexture@D3DContext@@QAEJPAUIDirect3DTexture9@@K@Z.AWT(00000000,00000000,00000008,00000100,00000100,?,?,00000001), ref: 6B3629B2
                                                                                  Strings
                                                                                  • D3DBlitToSurfaceViaTexture: could not init blit tile, xrefs: 6B362904
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Context@@$Tracefprintf$BeginDirect3E@@@FilteringImplInit@0Scene@Supported@TextureTexture9@@Texture@fflushvfprintf
                                                                                  • String ID: D3DBlitToSurfaceViaTexture: could not init blit tile
                                                                                  • API String ID: 2142637201-2730297016
                                                                                  • Opcode ID: 878b17de0f485a882e31d82d8af3efc86c062a4618cd0ece5143d1dfb9fe5dc1
                                                                                  • Instruction ID: a06f5079d377fd704b74da8eba02b6d426ba7ced0c879ad489898f997793d86b
                                                                                  • Opcode Fuzzy Hash: 878b17de0f485a882e31d82d8af3efc86c062a4618cd0ece5143d1dfb9fe5dc1
                                                                                  • Instruction Fuzzy Hash: 62E15671A083459BC364DF24C984B9ABBE4FFC8780F11495CF5C9A7298EB35D8648B92
                                                                                  Function 6B3D8910 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 321COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3D8917
                                                                                  • _JNU_GetEnv@8.JAVA(00010002,00000040,6B3C02B8,?,?,?,00000000,00000000,00000000,?,6B3D8D86,00000000,00000000,?,00000000), ref: 6B3D893C
                                                                                  • cos.MSVCR100 ref: 6B3D8C22
                                                                                  • sin.MSVCR100 ref: 6B3D8C33
                                                                                  • floor.MSVCR100 ref: 6B3D8C4A
                                                                                  • floor.MSVCR100 ref: 6B3D8C64
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: floor$Env@8H_prolog3_catch
                                                                                  • String ID: p4@kf4@k\4@kR4@kH4@k
                                                                                  • API String ID: 3293856499-4174628267
                                                                                  • Opcode ID: 175fd323d87963dde2bf2dd2746b1f5b34def3ef15fe4c24a9191c87d77bd824
                                                                                  • Instruction ID: 8fc31283691a00b39870847920f8f428a29fabc9561242ecf632cbc512ae4ba3
                                                                                  • Opcode Fuzzy Hash: 175fd323d87963dde2bf2dd2746b1f5b34def3ef15fe4c24a9191c87d77bd824
                                                                                  • Instruction Fuzzy Hash: 4AC12A72A00509EFDF02EFA5C888EEEBBB5FF49300F144169F994A6160DB359961DF60
                                                                                  Function 6B3C0387 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 201COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3C038E
                                                                                  • _JNU_GetEnv@8.JAVA(00010002,00000040), ref: 6B3C039E
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,target), ref: 6B3C03DE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Env@8Exception@8H_prolog3_catchNullPointerThrow
                                                                                  • String ID: null pData$peer$target
                                                                                  • API String ID: 1176200671-218633999
                                                                                  • Opcode ID: 2dba1b39275dc32994822a20ed9c1797d7742f5380d66900fd46f8b601984fbd
                                                                                  • Instruction ID: 66be3131bb9edba532099c983fed9cc56c227f6f45cc1cfda2d9b850c7d77d06
                                                                                  • Opcode Fuzzy Hash: 2dba1b39275dc32994822a20ed9c1797d7742f5380d66900fd46f8b601984fbd
                                                                                  • Instruction Fuzzy Hash: F9810471E05248EFDF129FE4C888EEEBBB5FF09304F104069EA54A6261C73A8951DF65
                                                                                  Function 6B3FE93C Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 177COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3FE943
                                                                                  • _JNU_GetEnv@8.JAVA(00010002,00000024), ref: 6B3FE953
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null target), ref: 6B3FE9C5
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Env@8Exception@8H_prolog3_catchNullPointerThrow
                                                                                  • String ID: javax/swing/Popup$HeavyWeightWindow$null pData$null target
                                                                                  • API String ID: 1176200671-4197837228
                                                                                  • Opcode ID: 9f61fe9853e228a231a64baf7c4851ee4aa5f34f832db61629afdbd58873f70c
                                                                                  • Instruction ID: c93e5df1237f52eb403887e0764b2a656a0cc8009f518af42dd1fe41e7faf236
                                                                                  • Opcode Fuzzy Hash: 9f61fe9853e228a231a64baf7c4851ee4aa5f34f832db61629afdbd58873f70c
                                                                                  • Instruction Fuzzy Hash: FE611770A00215EFDF01AFA4C888FAEBBB9FF09714F1440A9F909AB250D7398955DF61
                                                                                  Function 6B36AA35 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 125pipeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC6C
                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC73
                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6C3E5A58,00010002), ref: 6B36ACC2
                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B36ACD6
                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B36AD08
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6C3E5A58,00010002), ref: 6B36AD21
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                                                                  • String ID: ()V$run
                                                                                  • API String ID: 1221654457-1990820779
                                                                                  • Opcode ID: 659a962d624d33ea5d61d528072faba6ee0ff7fc4dcb2c9e7aa76ff7abf8beee
                                                                                  • Instruction ID: cf6ab425755f51b69b1f40f61cbbe2902428286afd6b56bb9a40f3fb3760c3a7
                                                                                  • Opcode Fuzzy Hash: 659a962d624d33ea5d61d528072faba6ee0ff7fc4dcb2c9e7aa76ff7abf8beee
                                                                                  • Instruction Fuzzy Hash: C0414675609250DFD710DF25D880A2BBBF5EFC9394F11888CE8D897259E739D824CBA2
                                                                                  Function 6B36A360 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 123pipeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC6C
                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC73
                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6C3E5A58,00010002), ref: 6B36ACC2
                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B36ACD6
                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B36AD08
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@Instance@MethodNameScene@Sync@
                                                                                  • String ID: ()V$run
                                                                                  • API String ID: 33532861-1990820779
                                                                                  • Opcode ID: f0c395c55cd3a49dab76f63bd44b62c245b474903cee1298e67882bdf3b4a486
                                                                                  • Instruction ID: 96277a879829ae19cc436482e194147e85c6a1eed9bb59c04b2d935a7e2b53a9
                                                                                  • Opcode Fuzzy Hash: f0c395c55cd3a49dab76f63bd44b62c245b474903cee1298e67882bdf3b4a486
                                                                                  • Instruction Fuzzy Hash: 7541BC717043509FC710DB29C9C0A6BB7F5EFC9384F55489CE98887359E63AE810CB62
                                                                                  Function 6B3F28B6 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 118COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3F28C8
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData), ref: 6B3F2922
                                                                                  • ??3@YAXPAX@Z.MSVCR100(00000000), ref: 6B3F295E
                                                                                  • wcslen.MSVCR100 ref: 6B3F2997
                                                                                  • ??3@YAXPAX@Z.MSVCR100(00000000), ref: 6B3F29AD
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ??3@$Env@8Exception@8NullPointerThrowwcslen
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 2570329011-751156914
                                                                                  • Opcode ID: c88a96ad881e9529192fd5517cf8f6c46742aa28a4d1e9f25426fffc91fe661c
                                                                                  • Instruction ID: ad131521a948e70c9bc1cda2c3a0c778cecf916a4d6eed87b07de3600dc6e5ab
                                                                                  • Opcode Fuzzy Hash: c88a96ad881e9529192fd5517cf8f6c46742aa28a4d1e9f25426fffc91fe661c
                                                                                  • Instruction Fuzzy Hash: CD318E31601144FFCB02AFB8CD88DAEBBBDEF093447204069F545D7251DB398A529B60
                                                                                  Function 6B36A9AE Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 109pipeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC6C
                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC73
                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6C3E5A58,00010002), ref: 6B36ACC2
                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B36ACD6
                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B36AD08
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6C3E5A58,00010002), ref: 6B36AD21
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                                                                  • String ID: ()V$run
                                                                                  • API String ID: 1221654457-1990820779
                                                                                  • Opcode ID: 9f00c9a25090289fc6af1e88c3a0afbdeab816f2de00ebbfa93903155eb1c212
                                                                                  • Instruction ID: 75a2f9e98f789b951fbe85cb5e012b17507b3be8dd8c00eb57b993189cce810c
                                                                                  • Opcode Fuzzy Hash: 9f00c9a25090289fc6af1e88c3a0afbdeab816f2de00ebbfa93903155eb1c212
                                                                                  • Instruction Fuzzy Hash: 6E41AD756042509FD710DB29C9D0A6BBBF5EFC9294F15889CE8C897219E739D820CB62
                                                                                  Function 6B3DA1C3 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 108COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3DA1D7
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,IMMOption argument,?,00010002), ref: 6B3DA24C
                                                                                  • ??3@YAXPAX@Z.MSVCR100(00000000,?,00010002), ref: 6B3DA2C3
                                                                                  • _CxxThrowException.MSVCR100(?,6B429388), ref: 6B3DA2E4
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Throw$??3@Env@8ExceptionException@8NullPointer
                                                                                  • String ID: IMMOption argument$null pData$peer
                                                                                  • API String ID: 4044272405-132805023
                                                                                  • Opcode ID: 8091136b81031b574c6079ef056e6a4fdf27164b98f84be72dcab68ebb4b5a75
                                                                                  • Instruction ID: 1f86ffc8726daf03b3a727f09b8fe27ca88509fb39a7b73c35f41e946c6c7b21
                                                                                  • Opcode Fuzzy Hash: 8091136b81031b574c6079ef056e6a4fdf27164b98f84be72dcab68ebb4b5a75
                                                                                  • Instruction Fuzzy Hash: 7C318E36640104FFCB12AFA5C988F9E7BB9FF09314F1040A5FA4097215CB3ADA919F50
                                                                                  Function 6B3FC77C Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 107COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3FC790
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null title,?,00010002), ref: 6B3FC800
                                                                                  • ??3@YAXPAX@Z.MSVCR100(00000000,?,00010002), ref: 6B3FC85E
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B3FC87F
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ??3@$Env@8Exception@8NullPointerThrow
                                                                                  • String ID: null pData$null title$peer
                                                                                  • API String ID: 1011067124-266430175
                                                                                  • Opcode ID: e79685521c84cafe5b462adbe07862dda18cccf1cc9118bff128df8fd94c3237
                                                                                  • Instruction ID: f5f25a2204f02d1111bb14dbf82753a410765f9183cfd4275a4e8d5a65a65b45
                                                                                  • Opcode Fuzzy Hash: e79685521c84cafe5b462adbe07862dda18cccf1cc9118bff128df8fd94c3237
                                                                                  • Instruction Fuzzy Hash: B0318F35640244BFCB11AFA8C888E9E7BFCEF49744B1040A9F94597221DB39ED42DBA4
                                                                                  Function 6B3E6337 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 106COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3E633E
                                                                                  • _JNU_GetEnv@8.JAVA(00010002,00000018), ref: 6B3E634E
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null target), ref: 6B3E639C
                                                                                  • SetLastError.KERNEL32(00000000), ref: 6B3E63CE
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData), ref: 6B3E644D
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Exception@8NullPointerThrow$Env@8ErrorH_prolog3_catchLast
                                                                                  • String ID: null pData$null target
                                                                                  • API String ID: 183863312-3892037755
                                                                                  • Opcode ID: e845fde421ec02af501ffc8f8260d791a1f40af2ed9e84e8936a7a685711e272
                                                                                  • Instruction ID: 23f73fbd7b5130e197d69b97b847e5488234cd4da38bf2702a440f8e5eebde04
                                                                                  • Opcode Fuzzy Hash: e845fde421ec02af501ffc8f8260d791a1f40af2ed9e84e8936a7a685711e272
                                                                                  • Instruction Fuzzy Hash: 80419270A40615EFCF01AF64C885E9D7BB5BF09304F10446BFA45A7251CB398652DFB1
                                                                                  Function 6B3C0872 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 101COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3C0885
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B3C08AB
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,00010002), ref: 6B3C08E9
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,00010002), ref: 6B3C093D
                                                                                  • _CxxThrowException.MSVCR100(?,6B429388), ref: 6B3C095E
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Throw$Exception@8NullPointer$??3@Env@8Exception
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 1048976382-751156914
                                                                                  • Opcode ID: adcb9066ddc842f3829cd727ff376419eaac7c4acbe16900062f88dceff5e664
                                                                                  • Instruction ID: 121fdf25065ef2ac09ae929e03acef414f1a4bb1690b4fce3649277dbcc4861a
                                                                                  • Opcode Fuzzy Hash: adcb9066ddc842f3829cd727ff376419eaac7c4acbe16900062f88dceff5e664
                                                                                  • Instruction Fuzzy Hash: B6319C75600144BFDB12AFA4C848FDE3BB8EF4A304F1040A8F854A7221CB3ADA81DF91
                                                                                  Function 6B36AAF7 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 99pipeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC6C
                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC73
                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6C3E5A58,00010002), ref: 6B36ACC2
                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B36ACD6
                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B36AD08
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6C3E5A58,00010002), ref: 6B36AD21
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                                                                  • String ID: ()V$run
                                                                                  • API String ID: 1221654457-1990820779
                                                                                  • Opcode ID: 31feec300f2f7d421890044c5491471692bb51fc44bbc43a9fe422492504df03
                                                                                  • Instruction ID: 1abe4617548e8c7d29c60e85536dda6be0df968c7743f7d70cf5530d3e8b5d00
                                                                                  • Opcode Fuzzy Hash: 31feec300f2f7d421890044c5491471692bb51fc44bbc43a9fe422492504df03
                                                                                  • Instruction Fuzzy Hash: AE31E1756046408FD710EB35D480A2BB7E5FFC9394F11489CE8C987219FB3AE864C7A2
                                                                                  Function 6B3F0260 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 99COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3F0280
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B3F02AB
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B3F02EE
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B3F0358
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Exception@8NullPointerThrow$??3@Env@8
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 3243432782-751156914
                                                                                  • Opcode ID: a096b5495cb91d80cee1356d6ec2da51fe1aa5b8a1631ac52a1276dde19f881b
                                                                                  • Instruction ID: 4bda0bf39786edc9b242228ae7f6e9ad05cc6a09990b22850d20a7b1229ef1fd
                                                                                  • Opcode Fuzzy Hash: a096b5495cb91d80cee1356d6ec2da51fe1aa5b8a1631ac52a1276dde19f881b
                                                                                  • Instruction Fuzzy Hash: E7314C71A00108AFDB01EFA8C884FEDBBB8EF4D714F10006AE905A7250DB75D851DF60
                                                                                  Function 6B36ABD8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 98pipeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC6C
                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC73
                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6C3E5A58,00010002), ref: 6B36ACC2
                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B36ACD6
                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B36AD08
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6C3E5A58,00010002), ref: 6B36AD21
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                                                                  • String ID: ()V$run
                                                                                  • API String ID: 1221654457-1990820779
                                                                                  • Opcode ID: 00a445f57d14147b05e22a0278235dbfdcc63935db5b63e3c26e88e09ae8d620
                                                                                  • Instruction ID: 7a0d5a2161d365e1faf95d5fe87316f1d382ef3accb8b5021fdd5a95766a0ab5
                                                                                  • Opcode Fuzzy Hash: 00a445f57d14147b05e22a0278235dbfdcc63935db5b63e3c26e88e09ae8d620
                                                                                  • Instruction Fuzzy Hash: D931CEB57042505FD710DB39C8D0A6BB7E9EFC9294F04489CE899C722AF639EC01CBA1
                                                                                  Function 6B36A95E Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 94pipeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC6C
                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC73
                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6C3E5A58,00010002), ref: 6B36ACC2
                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B36ACD6
                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B36AD08
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6C3E5A58,00010002), ref: 6B36AD21
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                                                                  • String ID: ()V$run
                                                                                  • API String ID: 1221654457-1990820779
                                                                                  • Opcode ID: a99ee9bacb69084e0fa1fc0f9e65842b44695751abe09a47456cb19cb498a80a
                                                                                  • Instruction ID: 5e6be26616182004a58ec0a1b9340a89ab2e183f160490006c161c1a24ee8b0e
                                                                                  • Opcode Fuzzy Hash: a99ee9bacb69084e0fa1fc0f9e65842b44695751abe09a47456cb19cb498a80a
                                                                                  • Instruction Fuzzy Hash: AB31AF757042508FD620EB39C9D0A6B77E5AFC9284F10489CE8D987219FB3AE824C761
                                                                                  Function 6B36AB5E Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 91pipeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC6C
                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC73
                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6C3E5A58,00010002), ref: 6B36ACC2
                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B36ACD6
                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B36AD08
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6C3E5A58,00010002), ref: 6B36AD21
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                                                                  • String ID: ()V$run
                                                                                  • API String ID: 1221654457-1990820779
                                                                                  • Opcode ID: 0035679c13caebcca953f4f7b35d26c47df57b429342eaaf80cc88d111d789ef
                                                                                  • Instruction ID: a45acaab0239e2bdff3cfe88b36b150bee354ab35b94a8c0095f27d457573a3e
                                                                                  • Opcode Fuzzy Hash: 0035679c13caebcca953f4f7b35d26c47df57b429342eaaf80cc88d111d789ef
                                                                                  • Instruction Fuzzy Hash: 5831AFB57002505FDA10DB39C9D0A6B73E9EFC9294F104898E99987219FB3AEC01CBA1
                                                                                  Function 6B36A910 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 88pipeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC6C
                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC73
                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6C3E5A58,00010002), ref: 6B36ACC2
                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B36ACD6
                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B36AD08
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6C3E5A58,00010002), ref: 6B36AD21
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                                                                  • String ID: ()V$run
                                                                                  • API String ID: 1221654457-1990820779
                                                                                  • Opcode ID: 1a98de1d7e016105ef9e6d1ae588ee9dc6379bb0e3ee98cb37520eda99a385ce
                                                                                  • Instruction ID: a1131cd89d82fb23db64f93406dbcc84aa0569a8f06e33aedb181e047a7d3adc
                                                                                  • Opcode Fuzzy Hash: 1a98de1d7e016105ef9e6d1ae588ee9dc6379bb0e3ee98cb37520eda99a385ce
                                                                                  • Instruction Fuzzy Hash: 1F3180B57002105FDA10EB29C9D0E2B73E5EFC9294F10449CE99987359FB7AEC11DBA1
                                                                                  Function 6B36ABA5 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 83pipeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC6C
                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC73
                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6C3E5A58,00010002), ref: 6B36ACC2
                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B36ACD6
                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B36AD08
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6C3E5A58,00010002), ref: 6B36AD21
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                                                                  • String ID: ()V$run
                                                                                  • API String ID: 1221654457-1990820779
                                                                                  • Opcode ID: 0c0b35c559a3b1944c8035770c6bcd848f31c3e567721e0e8be47d3df9363c38
                                                                                  • Instruction ID: 7438f389dbc2ad43f0fda2f85448781ccad7a58ee6050827e6a64874811a5fc7
                                                                                  • Opcode Fuzzy Hash: 0c0b35c559a3b1944c8035770c6bcd848f31c3e567721e0e8be47d3df9363c38
                                                                                  • Instruction Fuzzy Hash: 8921E1B67002504FDB10EB39C8D0B6B33E5AFC9294F144498D988C7259FB3ADC00C7A1
                                                                                  Function 6B368EF0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 83pipeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ?D3DEnabledOnAdapter@D3DPipelineManager@@AAEJI@Z.AWT(6B366B7F,00000000,00000000,?,?,6B366B7F,00000000,?,?), ref: 6B368F3A
                                                                                  • ?CreateInstance@D3DContext@@SAJPAUIDirect3D9@@IPAPAV1@@Z.AWT(?,6B366B7F,6B366B7F,6B366B7F,00000000,00000000,?,?,6B366B7F,00000000,?,?), ref: 6B368F4F
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DPPLM::GetContext: no d3d on adapter %d,6B366B7F,6B366B7F,00000000,00000000,?,?,6B366B7F,00000000,?,?), ref: 6B368F6F
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DPPLM::GetD3DContext: invalid parameters or failed init for adapter %d,6B366B7F,00000000,00000000,?,?,6B366B7F,00000000,?,?), ref: 6B368FB2
                                                                                  Strings
                                                                                  • D3DPPLM::GetD3DContext: invalid parameters or failed init for adapter %d, xrefs: 6B368FA9
                                                                                  • D3DPPLM::GetD3DContext: failed to create context for adapter=%d, xrefs: 6B368F5E
                                                                                  • D3DPPLM::GetContext: no d3d on adapter %d, xrefs: 6B368F66
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ImplTrace$Adapter@Context@@CreateD9@@Direct3EnabledInstance@Manager@@PipelineV1@@
                                                                                  • String ID: D3DPPLM::GetContext: no d3d on adapter %d$D3DPPLM::GetD3DContext: failed to create context for adapter=%d$D3DPPLM::GetD3DContext: invalid parameters or failed init for adapter %d
                                                                                  • API String ID: 2584849846-980454107
                                                                                  • Opcode ID: c0e763ce261839e5f5431d5708f64b034438d077b0228adcd30407ff2a13f840
                                                                                  • Instruction ID: 3b78431d92b4cf3b5617963e2f81a7c6dab7644eb4f4459ffbda64c9a4deaf05
                                                                                  • Opcode Fuzzy Hash: c0e763ce261839e5f5431d5708f64b034438d077b0228adcd30407ff2a13f840
                                                                                  • Instruction Fuzzy Hash: 422105713483059BC320CE59E880E67B7F6EF8AB54F00052EF9445B286E7BAA855C6A1
                                                                                  Function 6B3E4057 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 82COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3E406A
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B3E408C
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,?,00010002), ref: 6B3E40CB
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B3E412B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Exception@8NullPointerThrow$??3@Env@8
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 3243432782-751156914
                                                                                  • Opcode ID: afbb65c4ab06847875fe03aa3fc8bd47be1aae75d5365235e319ee9c0f4d50ef
                                                                                  • Instruction ID: 4c3a85c69c91af225aad7b25ccd113554ad8bbb4fc7d966e859fe8a8335e683a
                                                                                  • Opcode Fuzzy Hash: afbb65c4ab06847875fe03aa3fc8bd47be1aae75d5365235e319ee9c0f4d50ef
                                                                                  • Instruction Fuzzy Hash: BE21AF31600514FFDB12AFA4CC89E9E7BB9EF0D354B1000A6F94497261DB3ADD52DBA1
                                                                                  Function 6B370FE0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 81COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • free.MSVCR100 ref: 6B37106F
                                                                                    • Part of subcall function 6B3F91F4: ??3@YAXPAX@Z.MSVCR100(?,00000000,6B371054,?,00000000,00000000,6B405178,000000FF,6B3F9E5A,00000004,6B368496,00000000,?,6B36558C,?,00000000), ref: 6B3F91F9
                                                                                    • Part of subcall function 6B3F91F4: free.MSVCR100 ref: 6B3F9207
                                                                                    • Part of subcall function 6B3F91F4: ??3@YAXPAX@Z.MSVCR100(00000000,00000000,6B371054,?,00000000,00000000,6B405178,000000FF,6B3F9E5A,00000004,6B368496,00000000,?,6B36558C,?,00000000), ref: 6B3F9216
                                                                                    • Part of subcall function 6B3F91F4: ??3@YAXPAX@Z.MSVCR100(?,00000000,6B371054,?,00000000,00000000,6B405178,000000FF,6B3F9E5A,00000004,6B368496,00000000,?,6B36558C,?,00000000), ref: 6B3F9224
                                                                                    • Part of subcall function 6B3F91F4: _JNU_GetEnv@8.JAVA(00010002,00000000,6B371054,?,00000000,00000000,6B405178,000000FF,6B3F9E5A,00000004,6B368496,00000000,?,6B36558C,?,00000000), ref: 6B3F923B
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,00000000,00000000,6B405178,000000FF,6B3F9E5A,00000004,6B368496,00000000,?,6B36558C,?,00000000), ref: 6B371055
                                                                                  • ??3@YAXPAX@Z.MSVCR100(00000000,?,00000000,00000000,6B405178,000000FF,6B3F9E5A,00000004,6B368496,00000000,?,6B36558C,?,00000000), ref: 6B37107F
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ??3@$free$Env@8
                                                                                  • String ID: xaDk$xaDk$xaDk$xaDk
                                                                                  • API String ID: 315816452-4160870666
                                                                                  • Opcode ID: 43184a3c2df43a83308b8f2df95e6a727e2f1c93455e7fd513434104ea6a5bfd
                                                                                  • Instruction ID: 780097905987598fc822f797e4dc763ee589cffeb24fbf68ef21a48e2766034f
                                                                                  • Opcode Fuzzy Hash: 43184a3c2df43a83308b8f2df95e6a727e2f1c93455e7fd513434104ea6a5bfd
                                                                                  • Instruction Fuzzy Hash: 95319176204651CFE320EF18C881B26B3F5FB86360F504A7DD4A547391DB3AE845CBA2
                                                                                  Function 6B36A86C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 78pipeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 6B36C6C0: ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(00000000,?,6B36A877), ref: 6B36C6D7
                                                                                    • Part of subcall function 6B36C6C0: ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,00000000,?,6B36A877), ref: 6B36C6EB
                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC6C
                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC73
                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6C3E5A58,00010002), ref: 6B36ACC2
                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B36ACD6
                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B36AD08
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Manager@@Pipeline$Context@Context@@Context@@@Instance@$CallMethodNameScene@Sync@
                                                                                  • String ID: ()V$run
                                                                                  • API String ID: 4020212011-1990820779
                                                                                  • Opcode ID: d2320ebfc554fae5deaa00c304d1c5b4f60b4d51b37b2107ac7329c1444a8300
                                                                                  • Instruction ID: 35799fe3cf739b50242dab79343677fe23f6402b106ccbaeb930a12f43d2f479
                                                                                  • Opcode Fuzzy Hash: d2320ebfc554fae5deaa00c304d1c5b4f60b4d51b37b2107ac7329c1444a8300
                                                                                  • Instruction Fuzzy Hash: 8821B3B5B002105FDA00EB35C9D0B2B33A5EFC9398F1444A8D9499B269FB7EDC51DB61
                                                                                  Function 6B36A94A Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 77pipeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC6C
                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC73
                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6C3E5A58,00010002), ref: 6B36ACC2
                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B36ACD6
                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B36AD08
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6C3E5A58,00010002), ref: 6B36AD21
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                                                                  • String ID: ()V$run
                                                                                  • API String ID: 1221654457-1990820779
                                                                                  • Opcode ID: 3ee60b05542ca0c7c40f492018d23757b27fef5e8b109a3c94a45b8a79cbf350
                                                                                  • Instruction ID: 458e30bebbd91504a93f6a23286710fa94f8b04f4e43b236717862acd3226c57
                                                                                  • Opcode Fuzzy Hash: 3ee60b05542ca0c7c40f492018d23757b27fef5e8b109a3c94a45b8a79cbf350
                                                                                  • Instruction Fuzzy Hash: BB21B0B5B002105FDA00EB39C9D0B2A33E5EFC5294F1104A8E989D7259FB3EDC11D7A1
                                                                                  Function 6B36AB9A Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74pipeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC6C
                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC73
                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6C3E5A58,00010002), ref: 6B36ACC2
                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B36ACD6
                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B36AD08
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6C3E5A58,00010002), ref: 6B36AD21
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                                                                  • String ID: ()V$run
                                                                                  • API String ID: 1221654457-1990820779
                                                                                  • Opcode ID: f669e1edb0e30e9dafcb2efb53ccb5c2eac0f51dc96d7055fd76d40b0e705267
                                                                                  • Instruction ID: 56fe45f3c15121910ce50ff8988425c592e110e94f1e4abe4847e1f3714202a6
                                                                                  • Opcode Fuzzy Hash: f669e1edb0e30e9dafcb2efb53ccb5c2eac0f51dc96d7055fd76d40b0e705267
                                                                                  • Instruction Fuzzy Hash: B7219FB57002104FDA00EB39C9D1B6A33A5AFC9294F1144A8D949CB269FB7EDC11D7A1
                                                                                  Function 6B36A93F Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74pipeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC6C
                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC73
                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6C3E5A58,00010002), ref: 6B36ACC2
                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B36ACD6
                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B36AD08
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6C3E5A58,00010002), ref: 6B36AD21
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                                                                  • String ID: ()V$run
                                                                                  • API String ID: 1221654457-1990820779
                                                                                  • Opcode ID: 489c0772f84900b3920bb2f7587542fe7362d2ed4edd81251a6adc2c8e53c841
                                                                                  • Instruction ID: 498ac223ca2c2e9a2c15897a7fca040f934dba379861bee0f2248617213d84f3
                                                                                  • Opcode Fuzzy Hash: 489c0772f84900b3920bb2f7587542fe7362d2ed4edd81251a6adc2c8e53c841
                                                                                  • Instruction Fuzzy Hash: C3219FB57002104FDA00EB35C9D1B2A33A5AFC9294F1144A8D959CB269FB7EDC11D7A1
                                                                                  Function 6B36ABCD Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 73pipeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC6C
                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC73
                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6C3E5A58,00010002), ref: 6B36ACC2
                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B36ACD6
                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B36AD08
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6C3E5A58,00010002), ref: 6B36AD21
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                                                                  • String ID: ()V$run
                                                                                  • API String ID: 1221654457-1990820779
                                                                                  • Opcode ID: bcc1a6df088a01e9358a9351ef1dda5852cf5ca3dcd2c758bce1abc77a5964e8
                                                                                  • Instruction ID: d44b6b0549f4446b3931bd4f6b1ba3efc74ec74159b6391f7a207901484fd6db
                                                                                  • Opcode Fuzzy Hash: bcc1a6df088a01e9358a9351ef1dda5852cf5ca3dcd2c758bce1abc77a5964e8
                                                                                  • Instruction Fuzzy Hash: 3621A1B57002104FDA00EB35C9D1B7A33A5EFC5294F114498D9498B269FB7EDC11D7A1
                                                                                  Function 6B36AC2B Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 73pipeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC6C
                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC73
                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6C3E5A58,00010002), ref: 6B36ACC2
                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B36ACD6
                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B36AD08
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6C3E5A58,00010002), ref: 6B36AD21
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                                                                  • String ID: ()V$run
                                                                                  • API String ID: 1221654457-1990820779
                                                                                  • Opcode ID: 7a0c7fff716952ad2a2767f371677225356a5abfe5745daf799dd8e3e5b3f169
                                                                                  • Instruction ID: 2644d27e3a5bf718e7e9f9a04405f7fdff7d3c5d1966c75fb883fbb159b5eb5d
                                                                                  • Opcode Fuzzy Hash: 7a0c7fff716952ad2a2767f371677225356a5abfe5745daf799dd8e3e5b3f169
                                                                                  • Instruction Fuzzy Hash: 1A21A1B5B002105FDA00EB35C9D1B6A33A5EFC9298F1144A8D949CB259FB7EDC11D7A1
                                                                                  Function 6B36A895 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 72pipeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC6C
                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC73
                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6C3E5A58,00010002), ref: 6B36ACC2
                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B36ACD6
                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B36AD08
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6C3E5A58,00010002), ref: 6B36AD21
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                                                                  • String ID: ()V$run
                                                                                  • API String ID: 1221654457-1990820779
                                                                                  • Opcode ID: 1cd3f11e83ef6ffb0f9879e565c7febceb3b1a03bf5ebc0c091a5f08464e6762
                                                                                  • Instruction ID: 364ed858dde63695d63b63b22d2d4eba57ee198983c546363e893d8fd0a601ea
                                                                                  • Opcode Fuzzy Hash: 1cd3f11e83ef6ffb0f9879e565c7febceb3b1a03bf5ebc0c091a5f08464e6762
                                                                                  • Instruction Fuzzy Hash: E221AE75B042204FDA00EB35C9D0B3A33A5AFC5294F1144A8D959DB269FB7EDC11D7A1
                                                                                  Function 6B36A8C3 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 70pipeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC6C
                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC73
                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6C3E5A58,00010002), ref: 6B36ACC2
                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B36ACD6
                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B36AD08
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6C3E5A58,00010002), ref: 6B36AD21
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                                                                  • String ID: ()V$run
                                                                                  • API String ID: 1221654457-1990820779
                                                                                  • Opcode ID: 823ad16587cc3a16ab49e7d4c1e1a7ce1f46dc5f6513d16588a16fc7a2740184
                                                                                  • Instruction ID: c2d996322456ff5160105b518ce3badea9c5e1073c672a71d55964c49c3f8d85
                                                                                  • Opcode Fuzzy Hash: 823ad16587cc3a16ab49e7d4c1e1a7ce1f46dc5f6513d16588a16fc7a2740184
                                                                                  • Instruction Fuzzy Hash: A421DCB57042204FDA00EB35C8D0B2A33A5AFC5398F100498E9888B269FB7EDC40D7A1
                                                                                  Function 6B3D8DAD Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 70COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3D8DB4
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,str argument,?,?,?,?,00000004), ref: 6B3D8DD5
                                                                                  • _Java_sun_awt_windows_WFontMetrics_stringWidth@12.AWT(?,?,00000000,?,?,?,?,00000004), ref: 6B3D8E49
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,?,?,00000004), ref: 6B3D8E53
                                                                                  • _JNU_ThrowArrayIndexOutOfBoundsException@8.JAVA(?,off/len argument,?,?,?,?,00000004), ref: 6B3D8E69
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Throw$Exception@8$??3@ArrayBoundsCreateCurrentEnv@8EventExceptionFontH_prolog3_catchIndexJava_sun_awt_windows_Metrics_stringNullObjectPointerSingleThreadWaitWidth@12
                                                                                  • String ID: off/len argument$str argument
                                                                                  • API String ID: 4109992417-2050245980
                                                                                  • Opcode ID: 367cdb98dffdfba42b77ffa312b1d7d49108a67f21a2102732baa2177baa7ad1
                                                                                  • Instruction ID: c14ab00a4147402594d4b7881ff948695c2d2ef23c662a071a9593d54388bb11
                                                                                  • Opcode Fuzzy Hash: 367cdb98dffdfba42b77ffa312b1d7d49108a67f21a2102732baa2177baa7ad1
                                                                                  • Instruction Fuzzy Hash: 7D119D32301209AFDF118F74C845FAE3BB9AF49648F104469F9489B190CF39A9428BA0
                                                                                  Function 6B36A702 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 70pipeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC6C
                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6C3E5A58,00010002), ref: 6B36AC73
                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6C3E5A58,00010002), ref: 6B36ACC2
                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B36ACD6
                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B36AD08
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6C3E5A58,00010002), ref: 6B36AD21
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                                                                  • String ID: ()V$run
                                                                                  • API String ID: 1221654457-1990820779
                                                                                  • Opcode ID: 049f18a81796fbd3d3d39cbe77361fc18dae18f672514229e378ed490d117e1a
                                                                                  • Instruction ID: 1f3cbbcf622a51b1419d81bdf1cb65d388ae0d34dddff939b8b77e10c087b67e
                                                                                  • Opcode Fuzzy Hash: 049f18a81796fbd3d3d39cbe77361fc18dae18f672514229e378ed490d117e1a
                                                                                  • Instruction Fuzzy Hash: 5D21CD75B002204FDA00EB35C9D0B2A33A5AFC6294F1144A8E949DB269FB7EEC11D7A1
                                                                                  Function 6B3FA1ED Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3FA1F4
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,null pData), ref: 6B3FA21C
                                                                                  • _JNU_GetFieldByName@20.JAVA(?,00000000,00000000,alwaysOnTop,6B409480), ref: 6B3FA288
                                                                                  • _Java_sun_awt_windows_WWindowPeer_setAlwaysOnTopNative@12.AWT(?,?,?), ref: 6B3FA2B5
                                                                                    • Part of subcall function 6B3FD6A6: __EH_prolog3_catch.LIBCMT ref: 6B3FD6AD
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog3_catchThrow$AlwaysCreateCurrentEnv@8EventExceptionException@8FieldJava_sun_awt_windows_Name@20Native@12NullObjectPeer_setPointerSingleThreadWaitWindow
                                                                                  • String ID: alwaysOnTop$null pData$peer
                                                                                  • API String ID: 941843462-2711506980
                                                                                  • Opcode ID: 8b75d47d39ca97ce6ed51470f4cff68ed476e7ff958a66d545c9e39669754e09
                                                                                  • Instruction ID: 8a5f44940b44a495e9df3b9baaee0f70724237212412a21f9f3109605c246376
                                                                                  • Opcode Fuzzy Hash: 8b75d47d39ca97ce6ed51470f4cff68ed476e7ff958a66d545c9e39669754e09
                                                                                  • Instruction Fuzzy Hash: E7216D35641154BFCB12EFA4CD48D9E3FB9EF4A304B104469F980A6211CB3A8651DBA1
                                                                                  Function 6B3668A0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 67COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DGlyphCache::Init: could not init D3D glyph cache), ref: 6B3668DF
                                                                                    • Part of subcall function 6B3AEA57: _J2dTraceInit@0.AWT(?,6B354EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B3AEA63
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEABA
                                                                                    • Part of subcall function 6B3AEA57: vfprintf.MSVCR100 ref: 6B3AEACB
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEAE5
                                                                                    • Part of subcall function 6B3AEA57: fflush.MSVCR100 ref: 6B3AEAEF
                                                                                  • ?IsTextureFormatSupported@D3DContext@@QAEHW4_D3DFORMAT@@K@Z.AWT(0000001C,00000000,?,?,6B36466B), ref: 6B3668FD
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DGlyphCache::Init: could not create glyph cache texture,00000200,00000200,00000000,00000000,?,00000000,?,00000014,00000000,?,?,6B36466B), ref: 6B36694D
                                                                                    • Part of subcall function 6B351000: malloc.MSVCR100 ref: 6B351005
                                                                                    • Part of subcall function 6B351000: J2dTraceImpl.AWT(00000001,00000001,AccelGlyphCache_Init: could not allocate GlyphCacheInfo,?,6B36466B), ref: 6B35101B
                                                                                  • ?IsTextureFormatSupported@D3DContext@@QAEHW4_D3DFORMAT@@K@Z.AWT(00000014,00000000,?,?,6B36466B), ref: 6B36690D
                                                                                  Strings
                                                                                  • ;5, xrefs: 6B3668B4
                                                                                  • D3DGlyphCache::Init: could not create glyph cache texture, xrefs: 6B366944
                                                                                  • D3DGlyphCache::Init: could not init D3D glyph cache, xrefs: 6B3668D6
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Trace$Impl$Context@@FormatSupported@Texturefprintf$Init@0fflushmallocvfprintf
                                                                                  • String ID: D3DGlyphCache::Init: could not create glyph cache texture$D3DGlyphCache::Init: could not init D3D glyph cache$;5
                                                                                  • API String ID: 2734724971-1870317526
                                                                                  • Opcode ID: e3d8d41f04a76fe0f94853e8489634dcbea12fd883a5c0931318a608092bd7b5
                                                                                  • Instruction ID: 8cdc61fa2efcd5f458c415a677a7b5ca9087226e5cf148809683ef71f7a86efe
                                                                                  • Opcode Fuzzy Hash: e3d8d41f04a76fe0f94853e8489634dcbea12fd883a5c0931318a608092bd7b5
                                                                                  • Instruction Fuzzy Hash: 4011E972BC471176E32046389C03F8763D45F51FD4F11442AF694BE1C5F6FAE45085A5
                                                                                  Function 6B3BCBF0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 50COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • memset.MSVCR100 ref: 6B3BCC0C
                                                                                  • GetModuleHandleW.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6B3BD037,?,?,6B3BD208,WGLGraphicsConfig_getWGLConfigInfo), ref: 6B3BCC16
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,WGLGC_CreateScratchWindow: error registering window class), ref: 6B3BCC47
                                                                                    • Part of subcall function 6B3AEA57: _J2dTraceInit@0.AWT(?,6B354EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B3AEA63
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEABA
                                                                                    • Part of subcall function 6B3AEA57: vfprintf.MSVCR100 ref: 6B3AEACB
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEAE5
                                                                                    • Part of subcall function 6B3AEA57: fflush.MSVCR100 ref: 6B3AEAEF
                                                                                  • GetModuleHandleW.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,6B3BD037,?,?,6B3BD208,WGLGraphicsConfig_getWGLConfigInfo), ref: 6B3BCC61
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: HandleModuleTracefprintf$ImplInit@0fflushmemsetvfprintf
                                                                                  • String ID: LAk$Tmp$WGLGC_CreateScratchWindow: error registering window class
                                                                                  • API String ID: 803271967-2595124232
                                                                                  • Opcode ID: dac92052b857cabaf589fd6094bfb775fed8b6641d5eaa6ab55d3adbf93fa382
                                                                                  • Instruction ID: a300f69409803ba17a12e11a2e97e3a3472eae0c16a7fcddf87b11c7ffebc73c
                                                                                  • Opcode Fuzzy Hash: dac92052b857cabaf589fd6094bfb775fed8b6641d5eaa6ab55d3adbf93fa382
                                                                                  • Instruction Fuzzy Hash: 6C01F734E88300BAF620FB648C47F9A3B94DB45704F64440CF648751C5D7B5616487AA
                                                                                  Function 6B3FA2D5 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 45COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3FA2DC
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  • _JNU_ThrowInternalError@8.JAVA(?,Could not get display mode constructor), ref: 6B3FA30F
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Throw$CreateCurrentEnv@8Error@8EventExceptionH_prolog3_catchInternalObjectSingleThreadWait
                                                                                  • String ID: (IIII)V$<init>$Could not get display mode class$Could not get display mode constructor$java/awt/DisplayMode
                                                                                  • API String ID: 1683192215-835006744
                                                                                  • Opcode ID: de44c2b61a64f09f7aaba0ed62ce9e9a6e4f975af5724a8e82ee21ee15495221
                                                                                  • Instruction ID: c74ba61586731a7091581a574b670cd9b7ac1169fb135396ace68d12acc0a07c
                                                                                  • Opcode Fuzzy Hash: de44c2b61a64f09f7aaba0ed62ce9e9a6e4f975af5724a8e82ee21ee15495221
                                                                                  • Instruction Fuzzy Hash: 6401D135A45150BBCB21AFB48D04F8E3B7DAF19309F144058F98497115DF3EC6429BB2
                                                                                  Function 6B366B40 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 44pipeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • J2dTraceImpl.AWT(00000003,00000001,D3DGD_getDeviceCapsNative), ref: 6B366B4B
                                                                                    • Part of subcall function 6B3AEA57: _J2dTraceInit@0.AWT(?,6B354EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B3AEA63
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEABA
                                                                                    • Part of subcall function 6B3AEA57: vfprintf.MSVCR100 ref: 6B3AEACB
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEAE5
                                                                                    • Part of subcall function 6B3AEA57: fflush.MSVCR100 ref: 6B3AEAEF
                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT ref: 6B366B53
                                                                                  • ?GetAdapterOrdinalForScreen@D3DPipelineManager@@QAEIJ@Z.AWT(?), ref: 6B366B6B
                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(00000000,?,?), ref: 6B366B7A
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DGD_getDeviceCapsNative: device %d disabled,00000000,00000000,?,?), ref: 6B366B8D
                                                                                  Strings
                                                                                  • D3DGD_getDeviceCapsNative: device %d disabled, xrefs: 6B366B84
                                                                                  • D3DGD_getDeviceCapsNative, xrefs: 6B366B42
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Manager@@PipelineTrace$Implfprintf$AdapterContext@Context@@@Init@0Instance@OrdinalScreen@fflushvfprintf
                                                                                  • String ID: D3DGD_getDeviceCapsNative$D3DGD_getDeviceCapsNative: device %d disabled
                                                                                  • API String ID: 1313270379-1057826975
                                                                                  • Opcode ID: ded2487ad2f573645c01021540bffb746e0a3fa836a3cad0ddae5efad9808bb4
                                                                                  • Instruction ID: 62e5961e1e74c281f391e4de624bf75b65be01ff9724428c244b44922bf93f7d
                                                                                  • Opcode Fuzzy Hash: ded2487ad2f573645c01021540bffb746e0a3fa836a3cad0ddae5efad9808bb4
                                                                                  • Instruction Fuzzy Hash: 32F02433B04211AAD214926AAC02FDFB79CDBE5BE5F20412EFA45D7180FB56891182F2
                                                                                  Function 6B3FA827 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 39COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3FA82E
                                                                                  • GetVersion.KERNEL32(0000000C,6B3FA8FF), ref: 6B3FA83D
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3FA887
                                                                                  • JNU_CallStaticMethodByName.JAVA(00000000,00000000,sun/awt/Win32GraphicsEnvironment,dwmCompositionChanged,(Z)V,?,00010002), ref: 6B3FA8A2
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: CallEnv@8H_prolog3_catchMethodNameStaticVersion
                                                                                  • String ID: (Z)V$dwmCompositionChanged$sun/awt/Win32GraphicsEnvironment
                                                                                  • API String ID: 2959205352-2490318706
                                                                                  • Opcode ID: 51c906b38df1abe94dbed36fb693e411336a6b93d3eabf8006414b5b854b0ae0
                                                                                  • Instruction ID: 340a15531e3b48ecf6aaad539023f635b1118abfaed74395db2baa1a7405d078
                                                                                  • Opcode Fuzzy Hash: 51c906b38df1abe94dbed36fb693e411336a6b93d3eabf8006414b5b854b0ae0
                                                                                  • Instruction Fuzzy Hash: 73F0C8B0A401149FDB10FF788DC2F5D3B799B05319F60447CE101A6181DB7CD94656A5
                                                                                  Function 6ADD202D Relevance: 12.0, APIs: 8, Instructions: 48encryptionCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CertCloseStore.CRYPT32(?,00000000), ref: 6ADD2038
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,6ADD2022), ref: 6ADD205A
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,6ADD2022), ref: 6ADD2068
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,6ADD2022), ref: 6ADD2076
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,6ADD2022), ref: 6ADD2084
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,6ADD2022), ref: 6ADD2092
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,6ADD2022), ref: 6ADD20A0
                                                                                  • CertFreeCertificateContext.CRYPT32(?,6ADD2022), ref: 6ADD20AE
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371186328.000000006ADD1000.00000020.00000001.01000000.00000018.sdmp, Offset: 6ADD0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371148872.000000006ADD0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371227574.000000006ADD4000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371263832.000000006ADD7000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6add0000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ??3@$Cert$CertificateCloseContextFreeStore
                                                                                  • String ID:
                                                                                  • API String ID: 1473234313-0
                                                                                  • Opcode ID: d5b0c9e2d3184f0438d266b8128dc3577e0982dbf4068d16c7411c9d3c041bff
                                                                                  • Instruction ID: 8784574f5f4d2a654ffdb0e512edb72a2e52c9f9c1ccd2db8aeb985087c26bc7
                                                                                  • Opcode Fuzzy Hash: d5b0c9e2d3184f0438d266b8128dc3577e0982dbf4068d16c7411c9d3c041bff
                                                                                  • Instruction Fuzzy Hash: 0A119E31C10A18EFCF167BA5ED449EDBB76BF44B1AB6341A9E02434175AF328991DF20
                                                                                  Function 6B3BEFF3 Relevance: 10.8, APIs: 7, Instructions: 260COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: _control87$FreeGlobal$ExceptionThrowfree
                                                                                  • String ID:
                                                                                  • API String ID: 2013312868-0
                                                                                  • Opcode ID: c63bc1886abe42627f76c6fe28945fe8cda34c12894408e27edd9896895a495a
                                                                                  • Instruction ID: fdaded53e489d37412fa491da97a2200380f819dea8d6bdb4b2882d7f2cbf5b3
                                                                                  • Opcode Fuzzy Hash: c63bc1886abe42627f76c6fe28945fe8cda34c12894408e27edd9896895a495a
                                                                                  • Instruction Fuzzy Hash: E1A14F39A00208EFDB11CFA8C888EAE7BF5FF49700F204499F914AB165D73A9A51DF50
                                                                                  Function 6B3A0D10 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 244COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • floor.MSVCR100 ref: 6B3A0DDC
                                                                                  • floor.MSVCR100 ref: 6B3A0E1C
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,OGLTR_DrawGlyphList: glyph info is null,?,00000000,?,?,?,?,?,6B3A108D,?,?,?,?,00000000), ref: 6B3A0FD6
                                                                                  Strings
                                                                                  • OGLTR_DrawGlyphList: glyph info is null, xrefs: 6B3A0FCB
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: floor$ImplTrace
                                                                                  • String ID: OGLTR_DrawGlyphList: glyph info is null
                                                                                  • API String ID: 515582716-4135090480
                                                                                  • Opcode ID: f937c82f48cdf4ecac44ef11343e2d855c421b586f10891012ec2e675e0a278f
                                                                                  • Instruction ID: f24973f1102c5e06a2ed2fa33d42bae3f69aba6f9a452fd5ea772f84362902a4
                                                                                  • Opcode Fuzzy Hash: f937c82f48cdf4ecac44ef11343e2d855c421b586f10891012ec2e675e0a278f
                                                                                  • Instruction Fuzzy Hash: 5681C271B043019BD710AF28C884F9ABFF4FF86758F248A5CF89962254D7359964CBA2
                                                                                  Function 6B3C4B56 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 161timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3C4B6D
                                                                                  • _JNU_ClassString@4.JAVA(00000000), ref: 6B3C4BB3
                                                                                  • _JVM_CurrentTimeMillis@8.JVM(00000000,00000000,00010002), ref: 6B3C4CBC
                                                                                  Strings
                                                                                  • sun/awt/windows/WInputMethod, xrefs: 6B3C4C67
                                                                                  • (IJLjava/lang/String;[I[Ljava/lang/String;[I[BIII)V, xrefs: 6B3C4C9A
                                                                                  • sendInputMethodEvent, xrefs: 6B3C4C9F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ClassCurrentEnv@8Millis@8String@4Time
                                                                                  • String ID: (IJLjava/lang/String;[I[Ljava/lang/String;[I[BIII)V$sendInputMethodEvent$sun/awt/windows/WInputMethod
                                                                                  • API String ID: 2797162521-3029828681
                                                                                  • Opcode ID: 046fe01132abb1b30d7a099ae1e2a601f225a0f13563dbe9a5b83a1772c5d027
                                                                                  • Instruction ID: c72cf0e1129e74acba73ca8d3c425fb3ddb8d4e4a63d3d8d14812edbe94850b0
                                                                                  • Opcode Fuzzy Hash: 046fe01132abb1b30d7a099ae1e2a601f225a0f13563dbe9a5b83a1772c5d027
                                                                                  • Instruction Fuzzy Hash: C4516A34601608EFDB12EFA4CC88DAF7BB9FF89304B2045A9F95586211D73B8961DF61
                                                                                  Function 6B3BEB4C Relevance: 10.7, APIs: 7, Instructions: 155COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: _control87$??3@H_prolog3_catch
                                                                                  • String ID:
                                                                                  • API String ID: 417898319-0
                                                                                  • Opcode ID: 9f26fc9bb42a713e5ee0b53e72ab5a096ade16367103cc757fa9985cd90206d2
                                                                                  • Instruction ID: 1c4bd914110b6d68ec4f1ee1324c9f4cc19a2c515a63d866ddf72296ebdc8cbd
                                                                                  • Opcode Fuzzy Hash: 9f26fc9bb42a713e5ee0b53e72ab5a096ade16367103cc757fa9985cd90206d2
                                                                                  • Instruction Fuzzy Hash: E4515931A00219EFCB11CFA8D988CAEBBF5FF49310F2045A9F414A6290DB369951DF60
                                                                                  Function 6B37E830 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 150COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • TlsGetValue.KERNEL32(FFFFFFFF), ref: 6B37E83A
                                                                                  • memset.MSVCR100 ref: 6B37E855
                                                                                  • TlsSetValue.KERNEL32(FFFFFFFF,00000000), ref: 6B37E865
                                                                                  • _Disposer_AddRecord@20.AWT(?,00000000,Function_0002D930,00000000), ref: 6B37E899
                                                                                  • _GDIWindowSurfaceData_GetComp@8.AWT(?,?), ref: 6B37E8E5
                                                                                  Strings
                                                                                  • z4@kp4@kf4@k\4@kR4@kH4@k, xrefs: 6B37E924
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Value$Comp@8Data_Disposer_Record@20SurfaceWindowmemset
                                                                                  • String ID: z4@kp4@kf4@k\4@kR4@kH4@k
                                                                                  • API String ID: 2948221645-215020665
                                                                                  • Opcode ID: c23d4b888ac59da3177d64b9f488308344d45f12d211ee323d6aec6f2a81aac9
                                                                                  • Instruction ID: 7ccc7ff06366b43f47ea5c6e4e804c23db4cd1147278d259dae7e74b1f669de9
                                                                                  • Opcode Fuzzy Hash: c23d4b888ac59da3177d64b9f488308344d45f12d211ee323d6aec6f2a81aac9
                                                                                  • Instruction Fuzzy Hash: 21515CB1600715AFDB20FF64C980E6AB7ECFB89604B00856CFA9A87601C779F811CB64
                                                                                  Function 6B3F29E2 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 104COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3F29F6
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,00010002), ref: 6B3F2A55
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B3F2AE2
                                                                                    • Part of subcall function 6B3F2807: wcschr.MSVCR100 ref: 6B3F2835
                                                                                    • Part of subcall function 6B3F2452: wcschr.MSVCR100 ref: 6B3F2464
                                                                                    • Part of subcall function 6B3F2452: wcslen.MSVCR100 ref: 6B3F2471
                                                                                  • ??3@YAXPAX@Z.MSVCR100(00000000,?,00010002), ref: 6B3F2AC5
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ??3@wcschr$Env@8Exception@8NullPointerThrowwcslen
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 1963316395-751156914
                                                                                  • Opcode ID: fa9e9aa7953b56fd47b3bc82c703a541a3f223e52ebaa8bb7a0bebd50e8e2dcc
                                                                                  • Instruction ID: 69971f8e1de75553c413ff8d0d9c0592d7f8c19e9095c854581591f717bcb3f4
                                                                                  • Opcode Fuzzy Hash: fa9e9aa7953b56fd47b3bc82c703a541a3f223e52ebaa8bb7a0bebd50e8e2dcc
                                                                                  • Instruction Fuzzy Hash: 84318C35640144FFCB22EF68CD89E9E7BF9EF49310B1040A9F94597265DB39D942CBA0
                                                                                  Function 6B3C626F Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 100COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3C6282
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null font,?,00010002), ref: 6B3C62EB
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B3C6358
                                                                                    • Part of subcall function 6B3D827D: __EH_prolog3_catch.LIBCMT ref: 6B3D8284
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ??3@Env@8Exception@8H_prolog3_catchNullPointerThrow
                                                                                  • String ID: null font$null pData$peer
                                                                                  • API String ID: 3215036821-2400823808
                                                                                  • Opcode ID: 8fe6f4a9473d6ec196e94c48328ff98cee6f43ca71315117996989049ec42fe7
                                                                                  • Instruction ID: 2225b76f682a2c18018c6fe77396377838de6acede65644455031f5ad1091dff
                                                                                  • Opcode Fuzzy Hash: 8fe6f4a9473d6ec196e94c48328ff98cee6f43ca71315117996989049ec42fe7
                                                                                  • Instruction Fuzzy Hash: AA314B70601614BFD712AFA5CC88DAF7BBDEF4A31870000A9F94587221DB39DD41DBA6
                                                                                  Function 6B3660D0 Relevance: 10.6, APIs: 7, Instructions: 97COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ?Render@D3DVertexCacher@@QAEJH@Z.AWT(00000000,00000000,?,?,6B36623C,?,?,6B3629A5,00000008,00000100,00000100,?,?,00000001), ref: 6B3660F7
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Cacher@@Render@Vertex
                                                                                  • String ID:
                                                                                  • API String ID: 143351990-0
                                                                                  • Opcode ID: 988d3e30e5d908c08d1f5ecf05fee88a466ba20efe159443358104464a7f1589
                                                                                  • Instruction ID: a37d4bb0995239feac73cc8ca86f290edf67838ffa5e0802dad0442bef3a00a6
                                                                                  • Opcode Fuzzy Hash: 988d3e30e5d908c08d1f5ecf05fee88a466ba20efe159443358104464a7f1589
                                                                                  • Instruction Fuzzy Hash: 312179633865500BC52147792C227DEB7554BD2AE9F14007BE2C1CB2CBFB1AD80683B6
                                                                                  Function 6B366A20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91pipeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT ref: 6B366A3C
                                                                                  • ?GetAdapterOrdinalForScreen@D3DPipelineManager@@QAEIJ@Z.AWT(?), ref: 6B366A6F
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Manager@@Pipeline$AdapterInstance@OrdinalScreen@
                                                                                  • String ID: %x&%x %S (%d.%d.%d.%d)
                                                                                  • API String ID: 1472660137-4060426082
                                                                                  • Opcode ID: 3a5824dcaf5ba82f8ba16e240eae9c421e79712bc0d34c2e2928857cd9352d80
                                                                                  • Instruction ID: 8c23fd76d1eb162f01cbc8cb48c14f279ecac5f9f842d022e71e24a130ba3a91
                                                                                  • Opcode Fuzzy Hash: 3a5824dcaf5ba82f8ba16e240eae9c421e79712bc0d34c2e2928857cd9352d80
                                                                                  • Instruction Fuzzy Hash: EC21A2B17152506BD7249B38DC45FBBB3E89FD9340F00852EE98AC7245EA39E801C7E6
                                                                                  Function 6B3BCF30 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 89COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 6B3BCBF0: memset.MSVCR100 ref: 6B3BCC0C
                                                                                    • Part of subcall function 6B3BCBF0: GetModuleHandleW.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6B3BD037,?,?,6B3BD208,WGLGraphicsConfig_getWGLConfigInfo), ref: 6B3BCC16
                                                                                    • Part of subcall function 6B3BCBF0: J2dTraceImpl.AWT(00000001,00000001,WGLGC_CreateScratchWindow: error registering window class), ref: 6B3BCC47
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,WGLGC_CreateContext: could not create scratch window,00000000,?,?,?,?,?,?,?,6B3BD2B9,?,?), ref: 6B3BCF5B
                                                                                    • Part of subcall function 6B3AEA57: _J2dTraceInit@0.AWT(?,6B354EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B3AEA63
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEABA
                                                                                    • Part of subcall function 6B3AEA57: vfprintf.MSVCR100 ref: 6B3AEACB
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEAE5
                                                                                    • Part of subcall function 6B3AEA57: fflush.MSVCR100 ref: 6B3AEAEF
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,WGLGC_CreateContext: could not get dc for scratch window,?,?,?,?,?,?,?,6B3BD2B9,?,?,?,?,WGLGraphicsConfig_getWGLConfigInfo), ref: 6B3BCF8C
                                                                                  Strings
                                                                                  • WGLGC_CreateContext: could not get dc for scratch window, xrefs: 6B3BCF83
                                                                                  • WGLGC_CreateContext: error setting pixel format, xrefs: 6B3BCFC3
                                                                                  • WGLGC_CreateContext: could not create scratch window, xrefs: 6B3BCF52
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Trace$Impl$fprintf$HandleInit@0Modulefflushmemsetvfprintf
                                                                                  • String ID: WGLGC_CreateContext: could not create scratch window$WGLGC_CreateContext: could not get dc for scratch window$WGLGC_CreateContext: error setting pixel format
                                                                                  • API String ID: 4003939408-3120687758
                                                                                  • Opcode ID: 6a1e11c4df3d4aef5f4e8b69b52f410b92c1bc069e2902cb0333c4b6bd595fdf
                                                                                  • Instruction ID: cc1d63c0a9141c3f692679f621e6d4fcf90a9da929c7709898c4045cd16baefe
                                                                                  • Opcode Fuzzy Hash: 6a1e11c4df3d4aef5f4e8b69b52f410b92c1bc069e2902cb0333c4b6bd595fdf
                                                                                  • Instruction Fuzzy Hash: 9221CF31B182407FDB10BB748C8AFAF3BA8EF9D314F840429F54996644EBA9C55087E3
                                                                                  Function 6B3F0F35 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 85COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3F0F55
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B3F0F98
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B3F0FD8
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B3F1010
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Exception@8NullPointerThrow$??3@Env@8
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 3243432782-751156914
                                                                                  • Opcode ID: 7e05db909598d6ff5815220d379c733f306f00bb741f861d56fb866fbff53340
                                                                                  • Instruction ID: 0f5791399cc681bcf7e3e7a0ed8dbb761d720a561a23a40de10e99fdb9d18660
                                                                                  • Opcode Fuzzy Hash: 7e05db909598d6ff5815220d379c733f306f00bb741f861d56fb866fbff53340
                                                                                  • Instruction Fuzzy Hash: E2314A71604205EFCB15EFA8C889EAEBBB9EF4D714B100069F905A7250EB3AD952DF50
                                                                                  Function 6B3AA0F8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 85COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_ThrowInternalError@8.JAVA(?,Desktop shell folder missing), ref: 6B3AA10A
                                                                                  Strings
                                                                                  • Could not parse name, xrefs: 6B3AA195
                                                                                  • Desktop shell folder missing, xrefs: 6B3AA102
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Error@8InternalThrow
                                                                                  • String ID: Could not parse name$Desktop shell folder missing
                                                                                  • API String ID: 3981042242-2880294790
                                                                                  • Opcode ID: 7786f8ab5b8c51d8a528208dfe75de40aba812bb40e0a77a5daf564937112254
                                                                                  • Instruction ID: a07ed88dda91060bfdc163eafcfbf9138b9546551015eefebdf081623fc9b8c8
                                                                                  • Opcode Fuzzy Hash: 7786f8ab5b8c51d8a528208dfe75de40aba812bb40e0a77a5daf564937112254
                                                                                  • Instruction Fuzzy Hash: 09217C72604208BFDB10DF39CC49EAB7BB9EF89744F108469F80997251DB75D651CBA0
                                                                                  Function 6B3FCF8D Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 83COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3FCF9F
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B3FCFCA
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B3FD00A
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B3FD058
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Exception@8NullPointerThrow$??3@Env@8
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 3243432782-751156914
                                                                                  • Opcode ID: 4f0709b6fc7904f3218a464ec6c67fe55d7f664dfa58243f87aed30b170ba7b1
                                                                                  • Instruction ID: f9c488e5684d7723d7516d08cda23b2108328dedc11f901e692ff6e9c630607d
                                                                                  • Opcode Fuzzy Hash: 4f0709b6fc7904f3218a464ec6c67fe55d7f664dfa58243f87aed30b170ba7b1
                                                                                  • Instruction Fuzzy Hash: 62216835240205FFCB169F94C8C8DAE7BB9FF4A754B1000A9F94187220EB36D892EF61
                                                                                  Function 6B3CEFD8 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 81COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002,00000000,?), ref: 6B3CEFEB
                                                                                  • JNU_CallStaticMethodByName.JAVA(00000000,?,sun/awt/windows/WWindowPeer,getActiveWindowHandles,(Ljava/awt/Component;)[J,?,00010002,00000000,?), ref: 6B3CF009
                                                                                  • _CxxThrowException.MSVCR100(?,6B429388), ref: 6B3CF034
                                                                                    • Part of subcall function 6B3CEF6C: _JNU_GetEnv@8.JAVA(00010002,-00000001,00000000,?,6B3CF083,?,00000000,?,?,?,00010002,00000000,?), ref: 6B3CEF7A
                                                                                  Strings
                                                                                  • sun/awt/windows/WWindowPeer, xrefs: 6B3CEFFF
                                                                                  • getActiveWindowHandles, xrefs: 6B3CEFFA
                                                                                  • (Ljava/awt/Component;)[J, xrefs: 6B3CEFF5
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Env@8$CallExceptionMethodNameStaticThrow
                                                                                  • String ID: (Ljava/awt/Component;)[J$getActiveWindowHandles$sun/awt/windows/WWindowPeer
                                                                                  • API String ID: 521219783-1664248972
                                                                                  • Opcode ID: 4afbd2510f6cf111a7c11fd5efd3cc22c1b8fb0ecfa292365f439cc977714fa4
                                                                                  • Instruction ID: 807aa998e905b0462052f6ee82965a83aa5587a80d63f1df9e181f5a2b44c4f8
                                                                                  • Opcode Fuzzy Hash: 4afbd2510f6cf111a7c11fd5efd3cc22c1b8fb0ecfa292365f439cc977714fa4
                                                                                  • Instruction Fuzzy Hash: B2219835900615BFCB11DBE4CC45EEFBBB8EF89714F1044A5F950A7101DB3A9A458B61
                                                                                  Function 6B3DA0F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 80COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3DA110
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B3DA132
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B3DA172
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B3DA1AF
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Exception@8NullPointerThrow$??3@Env@8
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 3243432782-751156914
                                                                                  • Opcode ID: 8e3ddc6790b88de7b47cbac81735fa3c34ca517b4457adc2752035726bd2a493
                                                                                  • Instruction ID: 66220030c7a0716778179129bb25c917bb9937e2bd641698ec9db1ea9955c8f9
                                                                                  • Opcode Fuzzy Hash: 8e3ddc6790b88de7b47cbac81735fa3c34ca517b4457adc2752035726bd2a493
                                                                                  • Instruction Fuzzy Hash: 1B215C31604518EFCB06EFA4C988EEEBBB8EF09314B100069F94197250CB39D942CBA5
                                                                                  Function 6B3F2C51 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 75COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3F2C63
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B3F2C8E
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B3F2CCE
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B3F2D0F
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Exception@8NullPointerThrow$??3@Env@8
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 3243432782-751156914
                                                                                  • Opcode ID: 1d15fb3f8225c0ab1868b499d7b1bf420211f12aacdbcf6da08fda5dfd170092
                                                                                  • Instruction ID: c529aa78307d3624f4504bf539da5a4f53da683dff41c221258a0f9b8d6e3705
                                                                                  • Opcode Fuzzy Hash: 1d15fb3f8225c0ab1868b499d7b1bf420211f12aacdbcf6da08fda5dfd170092
                                                                                  • Instruction Fuzzy Hash: 13218B30200244FFDB16AF54CD88EAD7FB9EF09354F1040A9F9459B264DB35D992DB90
                                                                                  Function 6B3C6CE6 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 75COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3C6CF7
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B3C6D28
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B3C6D68
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B3C6D9E
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Exception@8NullPointerThrow$??3@Env@8
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 3243432782-751156914
                                                                                  • Opcode ID: c022aeccd9b45ff5409f2364cd64aa269d2a4694b089ccb9acb4738014f5f979
                                                                                  • Instruction ID: fc7a5979709108dd402d2c7d503aa9956f039211eb0807755d3df8da03108ed4
                                                                                  • Opcode Fuzzy Hash: c022aeccd9b45ff5409f2364cd64aa269d2a4694b089ccb9acb4738014f5f979
                                                                                  • Instruction Fuzzy Hash: C2218131240504FFDB11AFA0CC88EBE7BB9EF09354B104069F94587250DB76ED51EBA1
                                                                                  Function 6B3A8960 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 71COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,private data), ref: 6B3A8989
                                                                                  • _JNU_ThrowInternalError@8.JAVA(?,bad path delivery sequence), ref: 6B3A89A2
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Throw$Error@8Exception@8InternalNullPointer
                                                                                  • String ID: bad path delivery sequence$path segment data$private data
                                                                                  • API String ID: 1693744675-460574378
                                                                                  • Opcode ID: 7311952100b0d0819a5b39aa3c1f1808beb802cb1df7680f67da5997a7e39bd8
                                                                                  • Instruction ID: 0626027f54289d9c488593ae8388a3341bea4e6f4e92e87eee3578095e66ccf3
                                                                                  • Opcode Fuzzy Hash: 7311952100b0d0819a5b39aa3c1f1808beb802cb1df7680f67da5997a7e39bd8
                                                                                  • Instruction Fuzzy Hash: 7111E471208650DFC360AB29D688A6BFFF8FFD1714F41495DE1C512955C338E4668BA2
                                                                                  Function 6B3A88A0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 69COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,private data), ref: 6B3A88C9
                                                                                  • _JNU_ThrowInternalError@8.JAVA(?,bad path delivery sequence), ref: 6B3A88E2
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Throw$Error@8Exception@8InternalNullPointer
                                                                                  • String ID: bad path delivery sequence$path segment data$private data
                                                                                  • API String ID: 1693744675-460574378
                                                                                  • Opcode ID: 7881718f6e142b232b7713c3539459564a116e34abfd5d38f404f78cd4e1a00c
                                                                                  • Instruction ID: cc70ca597ebb873bd29238cbef634da179e0df31e7b556c54872a49e06df1089
                                                                                  • Opcode Fuzzy Hash: 7881718f6e142b232b7713c3539459564a116e34abfd5d38f404f78cd4e1a00c
                                                                                  • Instruction Fuzzy Hash: D0110032609650DFC360AB29E288EABFFB8FFD1714B41495DE1C522804C338F4768B62
                                                                                  Function 6B3F833C Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 69COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3F834E
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,00010002), ref: 6B3F83A8
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,00000000,?,00010002), ref: 6B3F83DF
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ??3@Env@8Exception@8NullPointerThrow
                                                                                  • String ID: l:@k):@kb:@kX:@kN:@kD:@k$null pData$peer
                                                                                  • API String ID: 2303478036-3918294012
                                                                                  • Opcode ID: 260733dcc64ab23ba0ba3df0ac285749c4fa72e157413d8a1742f8cca32cc386
                                                                                  • Instruction ID: 7ae7898d7d53559f2dbcf11a5070aee5b87c5e2b47c50abc478930b1029aa001
                                                                                  • Opcode Fuzzy Hash: 260733dcc64ab23ba0ba3df0ac285749c4fa72e157413d8a1742f8cca32cc386
                                                                                  • Instruction Fuzzy Hash: 2A11B139204184FFDB15AB65CC48E9E3FBCDF4A318F04409AF94097251C739DA42CB61
                                                                                  Function 6B3F2D19 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 68COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3F2D2A
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B3F2D4C
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,?,00010002), ref: 6B3F2D88
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B3F2DC0
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Exception@8NullPointerThrow$??3@Env@8
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 3243432782-751156914
                                                                                  • Opcode ID: d2583ba929f333b7fd8e6980ddceb416916b10ee48d08a42573324d313e3545b
                                                                                  • Instruction ID: fdcd35101668c7166de31d3221d3db2122d8d57a120937cf4f0a979b73a3feb9
                                                                                  • Opcode Fuzzy Hash: d2583ba929f333b7fd8e6980ddceb416916b10ee48d08a42573324d313e3545b
                                                                                  • Instruction Fuzzy Hash: EF11E731244584FFDB12AF64CD49EEE7FBCEF0A354B0400A5F94087266DB29C956DBA1
                                                                                  Function 6B3C292A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 67COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3C293B
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B3C295D
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,?,00010002), ref: 6B3C2999
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B3C29D2
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Exception@8NullPointerThrow$??3@Env@8
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 3243432782-751156914
                                                                                  • Opcode ID: 11bd81693d08beee0a27dc9dd18187c13a991dd9085dc1b3020eaa96a528cb18
                                                                                  • Instruction ID: 87103904390b91c8dd0b9899ab4e1be1d026f674018c32785ae78adfda659c8d
                                                                                  • Opcode Fuzzy Hash: 11bd81693d08beee0a27dc9dd18187c13a991dd9085dc1b3020eaa96a528cb18
                                                                                  • Instruction Fuzzy Hash: D411B231240104BFDB12AFA5CD89EAE7FBDEF0A358B010064F54497260CB39DD519BA6
                                                                                  Function 6B3FC88A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 67COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3FC89B
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B3FC8BD
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,?,00010002), ref: 6B3FC8F9
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B3FC92B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Exception@8NullPointerThrow$??3@Env@8
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 3243432782-751156914
                                                                                  • Opcode ID: d9cb8e6bb430a4e42e6bfb1d0831965f48015ec22fddbee4b9c909a9cd1f27f6
                                                                                  • Instruction ID: 5249a7d4d3257437f006a115782d5e9a00b4a904a392ae5cc5d25bb1fbf403f6
                                                                                  • Opcode Fuzzy Hash: d9cb8e6bb430a4e42e6bfb1d0831965f48015ec22fddbee4b9c909a9cd1f27f6
                                                                                  • Instruction Fuzzy Hash: 1411C431284144BFCB02AF64CC88EEF7FBCEF0A35470500A9F58587221DB29DD529BA5
                                                                                  Function 6B3D0CCC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 66memorystringwindowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • FormatMessageW.KERNEL32(00001300,00000000,?,00000400,?,00000000,00000000), ref: 6B3D0CEF
                                                                                  • lstrlenW.KERNEL32(00000000), ref: 6B3D0CFC
                                                                                  • LocalAlloc.KERNEL32(00000000,00000040), ref: 6B3D0D2F
                                                                                  • swprintf_s.MSVCR100 ref: 6B3D0D60
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: AllocFormatLocalMessagelstrlenswprintf_s
                                                                                  • String ID: IDispatch error #%d$Unknown error 0x%0lX
                                                                                  • API String ID: 3712830507-2934499512
                                                                                  • Opcode ID: a9a31b7b306cf10c323a544e29f1139ec40ff668cdab07ba8672f33d5d98f1ce
                                                                                  • Instruction ID: 72072cbc86ee7e8ad31c13ecc5e7d5d01fd93158f232f46b15ee14846981ad3f
                                                                                  • Opcode Fuzzy Hash: a9a31b7b306cf10c323a544e29f1139ec40ff668cdab07ba8672f33d5d98f1ce
                                                                                  • Instruction Fuzzy Hash: 1611E332700108ABC3206F69CC54DAAB7BCFF46B18B60044EF285D7151D7BAB44ACB60
                                                                                  Function 6B3E4D07 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 65COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3E4D18
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B3E4D3A
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,?,00010002), ref: 6B3E4D76
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B3E4DA8
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Exception@8NullPointerThrow$??3@Env@8
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 3243432782-751156914
                                                                                  • Opcode ID: 73cfd8b3e1bc85d105ceae6daab139b0918c1ccde5a77aeeea7871c1e093a342
                                                                                  • Instruction ID: 0940882a401f463ad802d0a6efe89f716184d76af56cde413469e1ec46488898
                                                                                  • Opcode Fuzzy Hash: 73cfd8b3e1bc85d105ceae6daab139b0918c1ccde5a77aeeea7871c1e093a342
                                                                                  • Instruction Fuzzy Hash: 3A11BF31240614BFEB12AF64CC88E9E7BB8EF0E358B000066F64497261CB69D9529BA0
                                                                                  Function 6B3D2F82 Relevance: 10.6, APIs: 7, Instructions: 62COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • SetLastError.KERNEL32(00000000,?), ref: 6B3D2FCE
                                                                                  • GlobalSize.KERNEL32(6B3F5CA6), ref: 6B3D2FD3
                                                                                  • GetLastError.KERNEL32 ref: 6B3D2FDE
                                                                                  • GlobalLock.KERNEL32(6B3F5CA6), ref: 6B3D2FF4
                                                                                  • memcmp.MSVCR100(00000000,00000000,00000004), ref: 6B3D3001
                                                                                  • GlobalUnlock.KERNEL32(6B3F5CA6), ref: 6B3D3013
                                                                                  • SetLastError.KERNEL32(00000000), ref: 6B3D301D
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ErrorGlobalLast$LockSizeUnlockmemcmp
                                                                                  • String ID:
                                                                                  • API String ID: 2919260238-0
                                                                                  • Opcode ID: 4be850600f8d76d9548719a1854cd9dd377cafce019aeb0ceb47d54c1e4e5906
                                                                                  • Instruction ID: a603e84a600548a99a1284a51ef93e85f84056717f940db8545eb251ff04000c
                                                                                  • Opcode Fuzzy Hash: 4be850600f8d76d9548719a1854cd9dd377cafce019aeb0ceb47d54c1e4e5906
                                                                                  • Instruction Fuzzy Hash: F8115972E00209ABDF10EFB9DD48ADEBBB8EF49301F108559E502E6150EB759A04DBA0
                                                                                  Function 6B3ECF40 Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 38COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3ECF47
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                    • Part of subcall function 6B3E94D6: __EH_prolog3_catch.LIBCMT ref: 6B3E94DD
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog3_catch$CreateCurrentEnv@8EventExceptionObjectSingleThreadThrowWait
                                                                                  • String ID: (J)V$Ljava/awt/print/PrinterJob;$pjob$setHWnd$sun/awt/windows/WPrintDialogPeer
                                                                                  • API String ID: 1199141719-1767194895
                                                                                  • Opcode ID: bbd7e567a5a5496f20dce4b578697510e20801b3060ead6542f9408600b9605a
                                                                                  • Instruction ID: 721241998a24725a30ed52d629a972bd02cffecd845a4fb09b06c44b9f57d5e2
                                                                                  • Opcode Fuzzy Hash: bbd7e567a5a5496f20dce4b578697510e20801b3060ead6542f9408600b9605a
                                                                                  • Instruction Fuzzy Hash: CBF0AF34684121ABEB10AF70C844F9E7BA8AF04258B0040AAF9949B240CF3ED602DBB1
                                                                                  Function 6B3A49C0 Relevance: 9.4, APIs: 6, Instructions: 377COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: mallocmemcpyrealloc
                                                                                  • String ID:
                                                                                  • API String ID: 2329886776-0
                                                                                  • Opcode ID: d4cca7bd5aa57a6828099fc0fcf5148d750f1595a9ab7b2d3dfba2466e43bd8f
                                                                                  • Instruction ID: b891aff5129e1d1e08a7d22946819af8e3ec6dfc54f44c99f5a4b3c05ef3cf36
                                                                                  • Opcode Fuzzy Hash: d4cca7bd5aa57a6828099fc0fcf5148d750f1595a9ab7b2d3dfba2466e43bd8f
                                                                                  • Instruction Fuzzy Hash: A8E16C70A083419FD320DF29C488A1ABBE5FF89744F618A2DF4D983351EB79D945CB92
                                                                                  Function 6B3D6125 Relevance: 9.3, APIs: 6, Instructions: 253COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3D6144
                                                                                  • _JNU_GetEnv@8.JAVA(00010002,00000014), ref: 6B3D6166
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  • wcslen.MSVCR100 ref: 6B3D62BA
                                                                                  • _CxxThrowException.MSVCR100(?,6B429388), ref: 6B3D62E8
                                                                                  • memset.MSVCR100 ref: 6B3D63A2
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B3D63BC
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Env@8ExceptionThrow$??3@CreateCurrentEventH_prolog3_catchObjectSingleThreadWaitmemsetwcslen
                                                                                  • String ID:
                                                                                  • API String ID: 228569318-0
                                                                                  • Opcode ID: 03f451fd169f13c04bdba9cd365e4a7eda80b7005fb824d47d415c95d016d2d4
                                                                                  • Instruction ID: c519fe3070380f182a98f629aa06b3d486e3f9f7de3fa0a56e6de5a57db3028d
                                                                                  • Opcode Fuzzy Hash: 03f451fd169f13c04bdba9cd365e4a7eda80b7005fb824d47d415c95d016d2d4
                                                                                  • Instruction Fuzzy Hash: 6781E4B2A40204AFDF21BFB4CC45FAE7BB9EF49304F000429F911A6291DB3DD5159BA0
                                                                                  Function 6B3D4860 Relevance: 9.2, APIs: 6, Instructions: 234COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3D4876
                                                                                  • qsort.MSVCR100 ref: 6B3D48DA
                                                                                  • memcpy.MSVCR100(?,?,00000014), ref: 6B3D4A0E
                                                                                  • _CxxThrowException.MSVCR100(?,6B429388), ref: 6B3D4A59
                                                                                  • _JNU_GetEnv@8.JAVA(00010002,?,?,00000001,?,6B429388), ref: 6B3D4A76
                                                                                  • free.MSVCR100 ref: 6B3D4A80
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Env@8$ExceptionThrowfreememcpyqsort
                                                                                  • String ID:
                                                                                  • API String ID: 872961485-0
                                                                                  • Opcode ID: 3757e4bfa1ab6acce57eebd43131986144ddb657835df7f0fad92c747fea0ede
                                                                                  • Instruction ID: f72484cdb478fe51f5a8b99a0dd1ad75c8841b9829274e26d347aa627adaee0e
                                                                                  • Opcode Fuzzy Hash: 3757e4bfa1ab6acce57eebd43131986144ddb657835df7f0fad92c747fea0ede
                                                                                  • Instruction Fuzzy Hash: 0B819F72A00205AFDB14DFA6C8C4EAAB7F9FF48314B10496EE44AD7651E73AE841CB50
                                                                                  Function 6B3EE37F Relevance: 9.1, APIs: 6, Instructions: 105COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3EE386
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  • GlobalLock.KERNEL32(00000000), ref: 6B3EE3CD
                                                                                  • _control87.MSVCR100 ref: 6B3EE3FB
                                                                                  • _control87.MSVCR100 ref: 6B3EE42B
                                                                                  • _control87.MSVCR100 ref: 6B3EE439
                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 6B3EE43E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: _control87$Global$CreateCurrentEnv@8EventExceptionH_prolog3_catchLockObjectSingleThreadThrowUnlockWait
                                                                                  • String ID:
                                                                                  • API String ID: 3921025165-0
                                                                                  • Opcode ID: 11f7ef375f99aeec73f4077ff96de9902378babbd51b70d73fea960a907ebc45
                                                                                  • Instruction ID: b94d3ab7d78d5f8d72d8b161b8c3b8d75b2e53289417f438f1ae25e6555bb2fd
                                                                                  • Opcode Fuzzy Hash: 11f7ef375f99aeec73f4077ff96de9902378babbd51b70d73fea960a907ebc45
                                                                                  • Instruction Fuzzy Hash: 9A31D031A40328ABEF10AF60DC82BAE37B4EF05720F104057FA546A181EB7AA5169F70
                                                                                  Function 6B3D6CBE Relevance: 9.0, APIs: 6, Instructions: 40COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: wcslen$iswspacewcscmp
                                                                                  • String ID:
                                                                                  • API String ID: 1878806433-0
                                                                                  • Opcode ID: 634db6bb23055fe9665f6e858b8c71e8db9becce98ca98fc11d0943cbab66374
                                                                                  • Instruction ID: 9ec96e5e1a3c4ea654239881848e61d825b93f0124d9d89d1bad2a2b47eb480e
                                                                                  • Opcode Fuzzy Hash: 634db6bb23055fe9665f6e858b8c71e8db9becce98ca98fc11d0943cbab66374
                                                                                  • Instruction Fuzzy Hash: 70F02B73A043225BDB102F7CAD0840F7FD9DF852A0711092AE964C3151FF3AC44896E1
                                                                                  Function 6B37CEA0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 157COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • free.MSVCR100 ref: 6B37D044
                                                                                  • _JNU_ThrowArrayIndexOutOfBoundsException@8.JAVA(?,coordinate array), ref: 6B37D055
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,coordinate array), ref: 6B37D062
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Exception@8Throw$ArrayBoundsIndexNullPointerfree
                                                                                  • String ID: coordinate array
                                                                                  • API String ID: 1155453800-4287150100
                                                                                  • Opcode ID: ab2d1a6b3480d3725c8361d051af88a67f578156604426d8302416f76b7989ad
                                                                                  • Instruction ID: f44a50d8d30959fb78ce63216fc3db48af07e3242db1bba2f7ae2257c1a64e92
                                                                                  • Opcode Fuzzy Hash: ab2d1a6b3480d3725c8361d051af88a67f578156604426d8302416f76b7989ad
                                                                                  • Instruction Fuzzy Hash: 995131B1208745AFD324EF58C884E6BB7E9EFCD704F10452CF59997201DB39A901CBAA
                                                                                  Function 6B37C890 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • free.MSVCR100 ref: 6B37CA3C
                                                                                  • _JNU_ThrowArrayIndexOutOfBoundsException@8.JAVA(?,coordinate array), ref: 6B37CA4D
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,coordinate array), ref: 6B37CA5A
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Exception@8Throw$ArrayBoundsIndexNullPointerfree
                                                                                  • String ID: coordinate array
                                                                                  • API String ID: 1155453800-4287150100
                                                                                  • Opcode ID: e2f41aae2b590f477e240f38ea8b5226d403fac6b830aa6448c39388946fb561
                                                                                  • Instruction ID: cc3337337592093edfcb1b4782a4be70aa7cff5fadef9657f35707491724caba
                                                                                  • Opcode Fuzzy Hash: e2f41aae2b590f477e240f38ea8b5226d403fac6b830aa6448c39388946fb561
                                                                                  • Instruction Fuzzy Hash: 2F516E71208341AFC221EF58DC84EABB7E9AFCD204F10452CF59893201DB39E905CBA6
                                                                                  Function 6B3C4917 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 134COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002,00000001,?,00000000), ref: 6B3C4940
                                                                                  • memset.MSVCR100 ref: 6B3C495E
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Env@8memset
                                                                                  • String ID: (I)I$getExtendedKeyCodeForChar$sun/awt/ExtendedKeyCodes
                                                                                  • API String ID: 129995948-2418500830
                                                                                  • Opcode ID: 9c3c248ec61d2a4dee04f2a51476cb32c0f4a3053ee33d131a804be000782c95
                                                                                  • Instruction ID: fc6fe3a430b9b6a8458a68c475944951087ec122a803944f178688239ac8abd4
                                                                                  • Opcode Fuzzy Hash: 9c3c248ec61d2a4dee04f2a51476cb32c0f4a3053ee33d131a804be000782c95
                                                                                  • Instruction Fuzzy Hash: DC41C476A442449FDB21AFE5CC80F9EB7B8FF06304F10446EE58887240EB798D94DB56
                                                                                  Function 6B3D6D1A Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 134COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: wcscpy$_logfwcschrwcsstr
                                                                                  • String ID: p4@kf4@k\4@kR4@kH4@k
                                                                                  • API String ID: 2040597972-4174628267
                                                                                  • Opcode ID: e6cef1e55649f2ed096ceba61a24c772622c371aa08da4dcb1cae24aeb28cb70
                                                                                  • Instruction ID: 6587b9bddab7b1e2f49bb6cc9db2c15a3494b864c68bee0480621ea6cf8b0555
                                                                                  • Opcode Fuzzy Hash: e6cef1e55649f2ed096ceba61a24c772622c371aa08da4dcb1cae24aeb28cb70
                                                                                  • Instruction Fuzzy Hash: 12416F72A04258DFDF20AFB8CD45BDD7BB8EF09344F00459AE568E3241D73889549FA5
                                                                                  Function 6B3BEE89 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 133COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: _control87
                                                                                  • String ID: WINSPOOL$f4@k\4@kR4@kH4@k
                                                                                  • API String ID: 2184363488-2559286835
                                                                                  • Opcode ID: 752abdd63ef3f6b087f13b714f8bc9d7accdeb5106ba0a9f8e5961347ce3638b
                                                                                  • Instruction ID: 53ff7f39e227e6540e1c736a11d389bdfb484b78d4473fe55209b5d7a4428719
                                                                                  • Opcode Fuzzy Hash: 752abdd63ef3f6b087f13b714f8bc9d7accdeb5106ba0a9f8e5961347ce3638b
                                                                                  • Instruction Fuzzy Hash: E5414D71A00219EFEF019F98CD88EAE7BB8EF08351F1104A9F914A2164D7359E60EF61
                                                                                  Function 6B37EAF0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 115COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 6B3AB3AE: malloc.MSVCR100 ref: 6B3AB3B6
                                                                                    • Part of subcall function 6B3AB3AE: _SurfaceData_SetOps@12.AWT(?,?,00000000,?,6B354C2A,?,?,0000004C), ref: 6B3AB3C7
                                                                                    • Part of subcall function 6B3AB3AE: memset.MSVCR100 ref: 6B3AB3D6
                                                                                  • _JNU_ThrowOutOfMemoryError@8.JAVA(?,Initialization of SurfaceData failed.), ref: 6B37EB18
                                                                                  • InterlockedIncrement.KERNEL32(6B44BE78), ref: 6B37EB28
                                                                                  Strings
                                                                                  • Initialization of SurfaceData failed., xrefs: 6B37EB12
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Data_Error@8IncrementInterlockedMemoryOps@12SurfaceThrowmallocmemset
                                                                                  • String ID: Initialization of SurfaceData failed.
                                                                                  • API String ID: 3793303029-1683995780
                                                                                  • Opcode ID: b612f28020acf303f84fea6e43e86f86146af8de1c6c96d4d71d5aedb4b3c69c
                                                                                  • Instruction ID: a9c7632353fb689b4e7749e78deecb40818bdeb6146d9fda22840885c3d4741c
                                                                                  • Opcode Fuzzy Hash: b612f28020acf303f84fea6e43e86f86146af8de1c6c96d4d71d5aedb4b3c69c
                                                                                  • Instruction Fuzzy Hash: 13419CB96147518FD330EF29C581AABBBE8FF89708F00492DE1CA87600DB7DA404CB95
                                                                                  Function 6B3BE0F9 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 111COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3BE100
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  • _CxxThrowException.MSVCR100(?,6B429388), ref: 6B3BE19E
                                                                                  • wcslen.MSVCR100 ref: 6B3BE1B9
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,00000006,00000000,00000004,00000000,?,?,?,00000006,00000000,00000004,00000000,00000000,?,?), ref: 6B3BE20B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ExceptionThrow$??3@CreateCurrentEnv@8EventH_prolog3_catchObjectSingleThreadWaitwcslen
                                                                                  • String ID: java/lang/String
                                                                                  • API String ID: 877327205-1252039224
                                                                                  • Opcode ID: 89925e90409c15342f10ea04437dbb4cfe044379097786ca7e845c98dba877c6
                                                                                  • Instruction ID: 0781321f9cf3694eb9842c8a6f91dda7991f221d94dfe9eacf31b56e28d08df3
                                                                                  • Opcode Fuzzy Hash: 89925e90409c15342f10ea04437dbb4cfe044379097786ca7e845c98dba877c6
                                                                                  • Instruction Fuzzy Hash: 5B418A75D00219AFCB11DFA4C885DEFBBB8EF18350F1044AAE914BB240DB399A45DBA0
                                                                                  Function 6B3E8D1D Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 107COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3E8D2F
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,00010002), ref: 6B3E8E0C
                                                                                  • _CxxThrowException.MSVCR100(?,6B429388), ref: 6B3E8E2F
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ??3@Env@8ExceptionThrow
                                                                                  • String ID: isTrayIconPopup$java/awt/PopupMenu
                                                                                  • API String ID: 3284872361-3353372021
                                                                                  • Opcode ID: 795306b5fbb2cf43c7f3e09f94db98bb3273069ba54476eca6d7686f371451ee
                                                                                  • Instruction ID: 333950336e2a3d9f8f00962e446d79fad16a9f6b7b1d70e0f2bfa4e55ad9b8d6
                                                                                  • Opcode Fuzzy Hash: 795306b5fbb2cf43c7f3e09f94db98bb3273069ba54476eca6d7686f371451ee
                                                                                  • Instruction Fuzzy Hash: D2318D71610164AFCB16EFA4C884DAE7BF9FF4921431044AFFA4597200CB399996EFB0
                                                                                  Function 6B3AAF22 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 103COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_ThrowArrayIndexOutOfBoundsException@8.JAVA(?,band array), ref: 6B3AAF41
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ArrayBoundsException@8IndexThrow
                                                                                  • String ID: alpha tile array$band array
                                                                                  • API String ID: 540364022-1923403480
                                                                                  • Opcode ID: 2f261ba0ccfb884a649d422566dafd125cb442c7f22e3d4c2ca2d0e9e22bd3fd
                                                                                  • Instruction ID: 35bcd497d1227c95af103c42fd583a2b4c4a2d2c5aff5c368af07e104b61877f
                                                                                  • Opcode Fuzzy Hash: 2f261ba0ccfb884a649d422566dafd125cb442c7f22e3d4c2ca2d0e9e22bd3fd
                                                                                  • Instruction Fuzzy Hash: 0B314D72200109FFDB128FA4CC89EDE3BB9EF09304F244155FA98AA150D739E9519FA5
                                                                                  Function 6B3C6883 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 98COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3C68A3
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B3C68BE
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B3C6901
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Exception@8NullPointerThrow$Env@8
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 2682551001-751156914
                                                                                  • Opcode ID: 7d7547a0bccaf9af609477859f367b457fca4164678bf377b7e8380738902cda
                                                                                  • Instruction ID: dacba1a162f5c47997e3f5e777c30a6e69bf4b86d8e3654b31dec33bb4696363
                                                                                  • Opcode Fuzzy Hash: 7d7547a0bccaf9af609477859f367b457fca4164678bf377b7e8380738902cda
                                                                                  • Instruction Fuzzy Hash: 45313C30A04148EFDB01EBA4C989EFEBBB8EF09744F104094F581A7244DB79ED41DB66
                                                                                  Function 6B3E6B2C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 94COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3E6B33
                                                                                  • _JNU_GetEnv@8.JAVA(00010002,00000018), ref: 6B3E6B43
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData), ref: 6B3E6B7A
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Env@8Exception@8H_prolog3_catchNullPointerThrow
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 1176200671-751156914
                                                                                  • Opcode ID: 1b4237cdc1ad0bcffd68b4cec29397282f1df4a01a2906bb4cca2efeb3f27eaf
                                                                                  • Instruction ID: 58fc6bca95740ddc7c720c227d4de7ebba69624f89b0a9cd5b3c2ac6645ff7ff
                                                                                  • Opcode Fuzzy Hash: 1b4237cdc1ad0bcffd68b4cec29397282f1df4a01a2906bb4cca2efeb3f27eaf
                                                                                  • Instruction Fuzzy Hash: A3318330A41215EFCF01EFA5C889DDD7BB5FF09304F1044AAF64597250CB3A8A52DB65
                                                                                  Function 6B3C600F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3C6023
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData), ref: 6B3C6091
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B3C60EA
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ??3@Env@8Exception@8NullPointerThrow
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 2303478036-751156914
                                                                                  • Opcode ID: 716e923ca5b3b6f6b577012fb52d87c09578b98fdbd29a58e4984237e3202429
                                                                                  • Instruction ID: 8c781fde97b68b817fe2fdb7f91b6836a1597cc0561abf63a6b2feee492efa3b
                                                                                  • Opcode Fuzzy Hash: 716e923ca5b3b6f6b577012fb52d87c09578b98fdbd29a58e4984237e3202429
                                                                                  • Instruction Fuzzy Hash: 01319A30A04214AFCB05EFA8C884EBE7BB9EF09304B104069F946A7250EB35ED51DB61
                                                                                  Function 6B3F81D5 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 82COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3F81E8
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,00010002), ref: 6B3F823F
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B3F8296
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ??3@Env@8Exception@8NullPointerThrow
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 2303478036-751156914
                                                                                  • Opcode ID: fb37a39bdf292fb944e1531133c4059622bac177c67f2dc04d7807ace24a82e7
                                                                                  • Instruction ID: fc0fddcb1c49d24850734519683fb1a4e35eb8534721d3d9ba5cdb320f1fbfc4
                                                                                  • Opcode Fuzzy Hash: fb37a39bdf292fb944e1531133c4059622bac177c67f2dc04d7807ace24a82e7
                                                                                  • Instruction Fuzzy Hash: 7021B030200504FFDB1AAF95CD88E9E7BFDEF4A354B1400A9F94597221DB39AD42CBA1
                                                                                  Function 6B3E8ABE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3E8AC5
                                                                                  • _JNU_GetEnv@8.JAVA(00010002,00000010), ref: 6B3E8AD5
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null target), ref: 6B3E8B23
                                                                                  • SetLastError.KERNEL32(00000000), ref: 6B3E8B52
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Env@8ErrorException@8H_prolog3_catchLastNullPointerThrow
                                                                                  • String ID: null target
                                                                                  • API String ID: 3644746280-2084975241
                                                                                  • Opcode ID: 1fae15d5b4b932aa33ff5a632097a3b8c0528c7bd9b0b65d9e5c00df04752cde
                                                                                  • Instruction ID: 879e91fd33328fa3e228e03214298bf5108a4f3f1f3d1c0eaad694742c2f327b
                                                                                  • Opcode Fuzzy Hash: 1fae15d5b4b932aa33ff5a632097a3b8c0528c7bd9b0b65d9e5c00df04752cde
                                                                                  • Instruction Fuzzy Hash: 3E319E70E01215EFCB11AFB8C885E9EBFB4AF09300F10446BF945E7250DB798A429BA1
                                                                                  Function 6B3C63EE Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 74COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3C63FA
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B3C6414
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B3C6459
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Exception@8NullPointerThrow$Env@8
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 2682551001-751156914
                                                                                  • Opcode ID: d38b24130b790fa87a3cd5c83eaa0abbb9d978d88583c58d099f8796861d84d7
                                                                                  • Instruction ID: 91d9545c058422cf7627d4346ef37b16219307cec891d7355ba4d86060985a58
                                                                                  • Opcode Fuzzy Hash: d38b24130b790fa87a3cd5c83eaa0abbb9d978d88583c58d099f8796861d84d7
                                                                                  • Instruction Fuzzy Hash: 09217F31244900BFCB12AFA4CC48FAE7FB9FF4A315F104458F58493565CB3AD8619B96
                                                                                  Function 6B3C61B2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 73COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3C61C4
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,00010002), ref: 6B3C6219
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B3C6264
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ??3@Env@8Exception@8NullPointerThrow
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 2303478036-751156914
                                                                                  • Opcode ID: e41c8b1bd683b24088d342824579934672a92ecca00610e45ee953cfc9f09363
                                                                                  • Instruction ID: 7667b30c6ffbaa6a868aa8598152033dc89dfcbe02d4123f144233676344a595
                                                                                  • Opcode Fuzzy Hash: e41c8b1bd683b24088d342824579934672a92ecca00610e45ee953cfc9f09363
                                                                                  • Instruction Fuzzy Hash: 5621AF30240110AFDB16EF95CC99DAF3BB9EF8A35670040A9F94287261CB39ED41DBA1
                                                                                  Function 6B3C60F5 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 73COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3C6107
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,00010002), ref: 6B3C615C
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B3C61A7
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ??3@Env@8Exception@8NullPointerThrow
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 2303478036-751156914
                                                                                  • Opcode ID: 0df8b17c4762a3b7ca7a1023c15de8085a35b5cd159b1ea232ae7ee74bcdb180
                                                                                  • Instruction ID: fdba0da83094bb81dc6289719fbc94caddaa7069936fee3c01e8880a708c279c
                                                                                  • Opcode Fuzzy Hash: 0df8b17c4762a3b7ca7a1023c15de8085a35b5cd159b1ea232ae7ee74bcdb180
                                                                                  • Instruction Fuzzy Hash: FF21A234600110AFD715DF95CC98DAF3BF9EF8A34270440A9F54287261CB39ED41DBA1
                                                                                  Function 6B3F0A57 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 70COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3F0A6B
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,00010002), ref: 6B3F0AD5
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B3F0B05
                                                                                    • Part of subcall function 6B3F07C3: _JNU_GetEnv@8.JAVA(00010002,?,00010002), ref: 6B3F07D8
                                                                                    • Part of subcall function 6B3F07C3: GetSystemMetrics.USER32(0000002D), ref: 6B3F07F9
                                                                                    • Part of subcall function 6B3F07C3: GetSystemMetrics.USER32(0000002E), ref: 6B3F0805
                                                                                    • Part of subcall function 6B3F07C3: GetSystemMetrics.USER32(00000003), ref: 6B3F0890
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: MetricsSystem$Env@8$??3@Exception@8NullPointerThrow
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 860580581-751156914
                                                                                  • Opcode ID: 14e2544f4a7975c157c504aef5a211898fd85a2a8f2630e387e6042889741f8c
                                                                                  • Instruction ID: e288c25d50e19312da570cd087a6e9e48124f39b07b97d982edf956007518e0f
                                                                                  • Opcode Fuzzy Hash: 14e2544f4a7975c157c504aef5a211898fd85a2a8f2630e387e6042889741f8c
                                                                                  • Instruction Fuzzy Hash: 0F216D35600205FFCB02EFA8C884EAE7BB9EF09754B0040A9F955A3210EB35D952DF50
                                                                                  Function 6B3F0128 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 68COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3F013B
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,00010002), ref: 6B3F0197
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B3F01C7
                                                                                    • Part of subcall function 6B3F00D5: memset.MSVCR100 ref: 6B3F00F0
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ??3@Env@8Exception@8NullPointerThrowmemset
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 1994468149-751156914
                                                                                  • Opcode ID: c0083cee17a547d397c6904041a6e3e190484f3d486d7a593b85881a8fd9c29d
                                                                                  • Instruction ID: fc48655cd4ee119ffd6f20ad606fb02d069e09bd3f38bed94e914f6bd1f31d13
                                                                                  • Opcode Fuzzy Hash: c0083cee17a547d397c6904041a6e3e190484f3d486d7a593b85881a8fd9c29d
                                                                                  • Instruction Fuzzy Hash: 9A117974600204BFDB01AF68CC88EAE7BBDEF09355B1040A9F94597210DB39D982DBA0
                                                                                  Function 6B3F2B9F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3F2BB0
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B3F2BCE
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B3F2C0A
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Exception@8NullPointerThrow$Env@8
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 2682551001-751156914
                                                                                  • Opcode ID: c11e7916e0619f463dc1505b0f47759c2be4522b9d82494911fd933dbf2f276b
                                                                                  • Instruction ID: ff01322d6a093de824502f0a5a490399cb562cf71320338d86ec4ba7ca7e1d39
                                                                                  • Opcode Fuzzy Hash: c11e7916e0619f463dc1505b0f47759c2be4522b9d82494911fd933dbf2f276b
                                                                                  • Instruction Fuzzy Hash: 1A116731240144FFDB12AF54CD89EAE7BBCEF09355F1000A5F94197260DB3ADA529BA5
                                                                                  Function 6B3F2AED Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3F2AFE
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B3F2B1C
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B3F2B58
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Exception@8NullPointerThrow$Env@8
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 2682551001-751156914
                                                                                  • Opcode ID: 527a138cf3a4b6f7ab3add9fbe88121cafbc1a1f8a2a3b327fe24b235430d0d9
                                                                                  • Instruction ID: 299c6f117525a604eb4dbda118a9b0989cccc0afd9b1fd7b82b4862ff9a65942
                                                                                  • Opcode Fuzzy Hash: 527a138cf3a4b6f7ab3add9fbe88121cafbc1a1f8a2a3b327fe24b235430d0d9
                                                                                  • Instruction Fuzzy Hash: 6D115931240244FFDB02AF55CD89FAA7BBCEF09394B0000A9F94497250CB39DD529BA5
                                                                                  Function 6B3C2A78 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3C2A85
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B3C2AA0
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B3C2ADC
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Exception@8NullPointerThrow$Env@8
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 2682551001-751156914
                                                                                  • Opcode ID: 5dff0bbbbaf154a5591e21d1b307497719ec566bf667891976facfa145d0d0a0
                                                                                  • Instruction ID: 8b54c7d4a14f0ff676569b5463f06fc3a0161a11dac9dc32415558872db36f47
                                                                                  • Opcode Fuzzy Hash: 5dff0bbbbaf154a5591e21d1b307497719ec566bf667891976facfa145d0d0a0
                                                                                  • Instruction Fuzzy Hash: 25119130340640BFD712AF95CD89F9B7BB8EF09754F000068FA4597691CB2ADC519B66
                                                                                  Function 6B3E498D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 60COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3E499C
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,00010002), ref: 6B3E49F0
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B3E4A20
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ??3@Env@8Exception@8NullPointerThrow
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 2303478036-751156914
                                                                                  • Opcode ID: 283db4888f13beef7df29aad1bd12e17f66978533a61dd93babf3f0c75fa7556
                                                                                  • Instruction ID: 15b2f3b66b773306b97bac4e3b7de820c161f430704f6e968964ee23e4c1f01e
                                                                                  • Opcode Fuzzy Hash: 283db4888f13beef7df29aad1bd12e17f66978533a61dd93babf3f0c75fa7556
                                                                                  • Instruction Fuzzy Hash: 5811A031280060BFC611AB218C48DAF3BB8EF8B71170100AAF980A7251CB2AC852CBB5
                                                                                  Function 6B3C698F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 59COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3C699D
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B3C69BA
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B3C69F6
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Exception@8NullPointerThrow$Env@8
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 2682551001-751156914
                                                                                  • Opcode ID: e0f80a95c93a6fdf7e3b36e74b3379aa64487c9354f7b8a1c834c9d00c39ead0
                                                                                  • Instruction ID: dec9a8ee1587510b137ebbd47dd27acba5f6aa0ce40a81aa921991efd5bd706f
                                                                                  • Opcode Fuzzy Hash: e0f80a95c93a6fdf7e3b36e74b3379aa64487c9354f7b8a1c834c9d00c39ead0
                                                                                  • Instruction Fuzzy Hash: 1011A135281114EFC712AFA5CC48EEB7BBCEF0A259B0640A9F54497211CB2AD851DBA6
                                                                                  Function 6B3C0FDA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 59COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3C0FEC
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,00010002), ref: 6B3C1047
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B3C1068
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ??3@Env@8Exception@8NullPointerThrow
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 2303478036-751156914
                                                                                  • Opcode ID: 6b4bc17d35050df4bd68f9a3cc3d19b83ce4e3943b33135809ad8fbd075c7415
                                                                                  • Instruction ID: 1b49b8f03dfd02b6b5b3b8036e3c929fdd76831eea1b9e90926c18e3a466386b
                                                                                  • Opcode Fuzzy Hash: 6b4bc17d35050df4bd68f9a3cc3d19b83ce4e3943b33135809ad8fbd075c7415
                                                                                  • Instruction Fuzzy Hash: D911A3312495A4BFC7129FA48889EEB7FB8DF0A254B1440A5F98447212D729D941DBB2
                                                                                  Function 6B3C6E3B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 59COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3C6E49
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,00010002), ref: 6B3C6EB4
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B3C6ECD
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ??3@Env@8Exception@8NullPointerThrow
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 2303478036-751156914
                                                                                  • Opcode ID: 5ffccb0c110a07abd9a6b6e9bee46fdd70b414d87f158d228cb3c8692886805c
                                                                                  • Instruction ID: c5ff914bb900deaf6aa0dfd802ca639dbf6520fc052b0985e73fee683ef8d962
                                                                                  • Opcode Fuzzy Hash: 5ffccb0c110a07abd9a6b6e9bee46fdd70b414d87f158d228cb3c8692886805c
                                                                                  • Instruction Fuzzy Hash: 5D113D31200200AFD7129B68C9C9F7B7BF8EF49715F014499F5058B251DB3AEC51DBA1
                                                                                  Function 6B3C29DC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 57COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3C29E9
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B3C2A04
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B3C2A40
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Exception@8NullPointerThrow$Env@8
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 2682551001-751156914
                                                                                  • Opcode ID: 29563e7e5d57c3bbb59e13e8fcf5581ee630edcd81a1e6033a08f0f32074b2fe
                                                                                  • Instruction ID: 819b2e8d2ac0564d41f8c8d0112e2c1942add4614e540d93f334e6bdc0e7eabf
                                                                                  • Opcode Fuzzy Hash: 29563e7e5d57c3bbb59e13e8fcf5581ee630edcd81a1e6033a08f0f32074b2fe
                                                                                  • Instruction Fuzzy Hash: 0D11D235240500BFD722ABA5CE89FAF7BB9EF0A754F010065F94497260CF29CD519B62
                                                                                  Function 6B3F68A0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56synchronizationCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • WaitForSingleObject.KERNEL32(0000066C,000000FF,?,?,?,6B366A0A), ref: 6B3F6919
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ObjectSingleWait
                                                                                  • String ID: `Dk$`Dk$`Dk$`Dk
                                                                                  • API String ID: 24740636-3293794234
                                                                                  • Opcode ID: 5570ca787abcec01268bb728f872946fbd2f678267fb9eaa1aee65849be79785
                                                                                  • Instruction ID: 5039fa59caefeba0ecb6b0b7a9f03c74b4579b026dde3b0046866f269f9f7a63
                                                                                  • Opcode Fuzzy Hash: 5570ca787abcec01268bb728f872946fbd2f678267fb9eaa1aee65849be79785
                                                                                  • Instruction Fuzzy Hash: 411121353A0609DFCB18FF6DC8D0D5637A6FB8B360B518564E8498B358CA35E852DB90
                                                                                  Function 6B3E48FE Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 55COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3E490C
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B3E4929
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B3E4965
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Exception@8NullPointerThrow$Env@8
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 2682551001-751156914
                                                                                  • Opcode ID: bd7f9d544ca78003f24343982f4a3884a281f9731ce0b84aacbad32d10f11a8b
                                                                                  • Instruction ID: 16e251ef225ec9d30abebdebfdd5239cd330efde46364ddb5ee00985a68a1536
                                                                                  • Opcode Fuzzy Hash: bd7f9d544ca78003f24343982f4a3884a281f9731ce0b84aacbad32d10f11a8b
                                                                                  • Instruction Fuzzy Hash: 9F018031245524BFD712AF64CC88EAE7BBDEF0E355B0100A6F980A3215DB29D8529BB5
                                                                                  Function 6B3E4135 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 55COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3E4142
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B3E415F
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,?,00010002), ref: 6B3E419B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Exception@8NullPointerThrow$Env@8
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 2682551001-751156914
                                                                                  • Opcode ID: dc2c0500e61ba1d9ca761d9ac5751ad8e644d2036b68c16240316e2a5a90450f
                                                                                  • Instruction ID: 13724287ea10efd59cec264158bf6adb24d3dff5cbf63b76df2d49753400d03e
                                                                                  • Opcode Fuzzy Hash: dc2c0500e61ba1d9ca761d9ac5751ad8e644d2036b68c16240316e2a5a90450f
                                                                                  • Instruction Fuzzy Hash: 99116D31240520FFDB12AB55CC89E9E7BB9EF1E758B01006AF94097261DB29C8529BA5
                                                                                  Function 6B3F82B8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 53COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3F82C7
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,00010002), ref: 6B3F831A
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,?,00010002), ref: 6B3F8331
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ??3@Env@8Exception@8NullPointerThrow
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 2303478036-751156914
                                                                                  • Opcode ID: e7e79bae75121c13018e6974887df82c9514d8ab1fcb2633b106b427a5f59afa
                                                                                  • Instruction ID: 87ba089a6bcaecb2571ca43db8319751e441cea964b279d69e6ad2e061a5aefe
                                                                                  • Opcode Fuzzy Hash: e7e79bae75121c13018e6974887df82c9514d8ab1fcb2633b106b427a5f59afa
                                                                                  • Instruction Fuzzy Hash: E701D835240510FFC715AF66CC88D9F7BBCEF8A71570000AAF94097211CB29D842CBB5
                                                                                  Function 6B3F01D5 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 53COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3F01E2
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B3F01FD
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B3F0239
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Exception@8NullPointerThrow$Env@8
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 2682551001-751156914
                                                                                  • Opcode ID: 85330e26f512ddfbf061a41c324e4260005850b22c46e91c28e4f445da3a45ba
                                                                                  • Instruction ID: ea98a83f1714b647472a26aca372fd54123399437a954a0ab2b6a5ccc0bcf284
                                                                                  • Opcode Fuzzy Hash: 85330e26f512ddfbf061a41c324e4260005850b22c46e91c28e4f445da3a45ba
                                                                                  • Instruction Fuzzy Hash: 0D01B130240520BFDB13AFA8CC88EBE7BBDEF4A3587050065F94483211CB29C8429BB5
                                                                                  Function 6B3C6746 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 53COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3C6753
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B3C676E
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B3C67AA
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Exception@8NullPointerThrow$Env@8
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 2682551001-751156914
                                                                                  • Opcode ID: 374ea5adf1d3f1ec0c30ba977bcac4b71e8548d3306f98364dbf596305f23f35
                                                                                  • Instruction ID: 5b725d375db6a2d26be4234c9ef1b5b269164d8ff52b72dade82ea70d959045f
                                                                                  • Opcode Fuzzy Hash: 374ea5adf1d3f1ec0c30ba977bcac4b71e8548d3306f98364dbf596305f23f35
                                                                                  • Instruction Fuzzy Hash: DE019E38241410BFDB12ABA4CCC8EEF7FBDEF4A75572504A9F94183214CB29CC519BA2
                                                                                  Function 6B3E41CB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 52COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3E41D8
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B3E41F3
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B3E422F
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Exception@8NullPointerThrow$Env@8
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 2682551001-751156914
                                                                                  • Opcode ID: 699e8a12fded98d913404e53de8de6bd3a4f9ae22f46bcfc6bd307e463dfc7ab
                                                                                  • Instruction ID: 52047cb384300b0b2ff902a4dcd72f2bb79196660227c903a2a2f34e4dc5d76c
                                                                                  • Opcode Fuzzy Hash: 699e8a12fded98d913404e53de8de6bd3a4f9ae22f46bcfc6bd307e463dfc7ab
                                                                                  • Instruction Fuzzy Hash: 60019E31240420AFC722AF64CC88EAE7BBDEF4E25970500A7F94183611CB29C8429B71
                                                                                  Function 6B3DA066 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 51COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3DA073
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B3DA08E
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B3DA0CA
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Exception@8NullPointerThrow$Env@8
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 2682551001-751156914
                                                                                  • Opcode ID: 078f1cda190548960fbc4923059b009cec6d6bd901003014fac8227fbe7816cd
                                                                                  • Instruction ID: 9e70ef7a819cbe242f9440b213a915ddfa38b06e5c382727b54b19ee98bad2b1
                                                                                  • Opcode Fuzzy Hash: 078f1cda190548960fbc4923059b009cec6d6bd901003014fac8227fbe7816cd
                                                                                  • Instruction Fuzzy Hash: 0001D432244510BFD722AF64CD8CFDA7BBCEF0A359B054865FA4483110CB39D951DBA1
                                                                                  Function 6B3FE16B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3FE179
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,00010002), ref: 6B3FE1C9
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,00000000,?,00010002), ref: 6B3FE1E0
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ??3@Env@8Exception@8NullPointerThrow
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 2303478036-751156914
                                                                                  • Opcode ID: 6fb358abaed2c99f5c86a51a96f6b19cf277cc346ae1f10e92b438a43900659e
                                                                                  • Instruction ID: 009e6bc6a1b71b52a71e4ac6b50958de2ae2f27983818f5fa25ac089c40b53c6
                                                                                  • Opcode Fuzzy Hash: 6fb358abaed2c99f5c86a51a96f6b19cf277cc346ae1f10e92b438a43900659e
                                                                                  • Instruction Fuzzy Hash: B501A731255260BFC722AB65CC88EDF3FBDEF8A7157000469F54197211CB29D442CBA1
                                                                                  Function 6B3CEB56 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002,?,6B3CEC15), ref: 6B3CEB64
                                                                                    • Part of subcall function 6B3CD8BC: _JNU_GetEnv@8.JAVA(00010002,?,00000000,?,?,6B3CEB84,win.properties.version,00000003,?,?,6B3CEC15), ref: 6B3CD8D0
                                                                                    • Part of subcall function 6B3CD8BC: wcslen.MSVCR100 ref: 6B3CD8DA
                                                                                    • Part of subcall function 6B3CD8BC: _CxxThrowException.MSVCR100(?,6B429388), ref: 6B3CD907
                                                                                    • Part of subcall function 6B3CD8BC: _JNU_GetEnv@8.JAVA(00010002,?,?,6B3CEB84,win.properties.version,00000003,?,?,6B3CEC15), ref: 6B3CD913
                                                                                    • Part of subcall function 6B3CD8BC: _JNU_GetEnv@8.JAVA(00010002), ref: 6B3CD934
                                                                                    • Part of subcall function 6B3CE212: GetVersion.KERNEL32(00000000), ref: 6B3CE22A
                                                                                    • Part of subcall function 6B3CE628: __EH_prolog3_catch.LIBCMT ref: 6B3CE62F
                                                                                    • Part of subcall function 6B3CE628: GetVersion.KERNEL32(win.text.fontSmoothingOn,00000000,win.frame.fullWindowDragsOn,00000000,00000030,6B3CEBA7,win.properties.version,00000003,?,?,6B3CEC15), ref: 6B3CE669
                                                                                    • Part of subcall function 6B3CE628: GetVersion.KERNEL32(?,?,6B3CEC15), ref: 6B3CE66F
                                                                                    • Part of subcall function 6B3CE628: GetVersion.KERNEL32(?,?,6B3CEC15), ref: 6B3CE678
                                                                                    • Part of subcall function 6B3CE628: GetSystemMetrics.USER32(00000044), ref: 6B3CE6C8
                                                                                    • Part of subcall function 6B3CE628: GetSystemMetrics.USER32(00000045), ref: 6B3CE6CE
                                                                                    • Part of subcall function 6B3CE628: GetDoubleClickTime.USER32(awt.mouse.numButtons,00000000,DnD.gestureMotionThreshold,?,win.drag.height,?,win.drag.width,00000000,?,?,6B3CEC15), ref: 6B3CE71C
                                                                                    • Part of subcall function 6B3CE628: GetSystemMetrics.USER32(0000004B), ref: 6B3CE746
                                                                                    • Part of subcall function 6B3CE06C: __EH_prolog3_catch.LIBCMT ref: 6B3CE073
                                                                                  • GetVersion.KERNEL32(win.properties.version,00000003,?,?,6B3CEC15), ref: 6B3CEBBB
                                                                                  • GetVersion.KERNEL32(?,?,6B3CEC15), ref: 6B3CEBC1
                                                                                  • GetVersion.KERNEL32(?,?,6B3CEC15), ref: 6B3CEBCA
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Version$Env@8$MetricsSystem$H_prolog3_catch$ClickDoubleExceptionThrowTimewcslen
                                                                                  • String ID: win.properties.version
                                                                                  • API String ID: 297521648-1571471729
                                                                                  • Opcode ID: 9c8540426b034947c6dc4378e50f03edfe7fc02fbd7763c47228c8463449efb8
                                                                                  • Instruction ID: 1d22d901883e9f57d990a86aeaf1c3781522011f80ad369dac004b23f926d635
                                                                                  • Opcode Fuzzy Hash: 9c8540426b034947c6dc4378e50f03edfe7fc02fbd7763c47228c8463449efb8
                                                                                  • Instruction Fuzzy Hash: 2DF08C203A473056881633F8AC27A6E22175FC1A18B000429E1835A284CF5EAE4393DB
                                                                                  Function 6B354B9F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 46COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,Attempt to lock missing colormap), ref: 6B354BBE
                                                                                  • _SurfaceData_IntersectBounds@8.AWT(?,?), ref: 6B354BE6
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,Could not initialize inverse tables), ref: 6B354C0D
                                                                                  Strings
                                                                                  • Could not initialize inverse tables, xrefs: 6B354C07
                                                                                  • Attempt to lock missing colormap, xrefs: 6B354BB6
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Exception@8NullPointerThrow$Bounds@8Data_IntersectSurface
                                                                                  • String ID: Attempt to lock missing colormap$Could not initialize inverse tables
                                                                                  • API String ID: 2795543317-2757055519
                                                                                  • Opcode ID: ed76a5ed2f26d7f311d2f5c0978ccdcd0a23267600ac71340ab869a902d7babc
                                                                                  • Instruction ID: 69e025e6ad3f93ffe70d320ab6a096f840096d3e99776a0127c58656ff38aa06
                                                                                  • Opcode Fuzzy Hash: ed76a5ed2f26d7f311d2f5c0978ccdcd0a23267600ac71340ab869a902d7babc
                                                                                  • Instruction Fuzzy Hash: 1201D8725056099BCB189F29D984F4A3FA8BF0133EF004255FD9496186DB7ED4308BA1
                                                                                  Function 6B3E2BEF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 46registryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RegOpenKeyExW.ADVAPI32(80000001,Keyboard Layout\Preload,00000000,00020019,?,00000001), ref: 6B3E2C1D
                                                                                  • RegQueryValueExW.ADVAPI32(?,6B4241C4,00000000,00000000,?,00000010), ref: 6B3E2C39
                                                                                  • wcstoul.MSVCR100 ref: 6B3E2C4D
                                                                                  • RegCloseKey.ADVAPI32(?), ref: 6B3E2C5B
                                                                                  Strings
                                                                                  • Keyboard Layout\Preload, xrefs: 6B3E2C0C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: CloseOpenQueryValuewcstoul
                                                                                  • String ID: Keyboard Layout\Preload
                                                                                  • API String ID: 4145366269-3340346415
                                                                                  • Opcode ID: f58eef11e84c917b01e2ac9f259bc3ff4b6cee08a2e6f935d4fcb9a583adb0d7
                                                                                  • Instruction ID: 953fb34764c0b183af44010f94c34555a92b91615f60323969a6db90cae76e72
                                                                                  • Opcode Fuzzy Hash: f58eef11e84c917b01e2ac9f259bc3ff4b6cee08a2e6f935d4fcb9a583adb0d7
                                                                                  • Instruction Fuzzy Hash: BA012171A0014DABDB10EFA5DD49EFF7BBCEB85709F000129EA01E2140EA75D956EB61
                                                                                  Function 6B3BCEA0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 41COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • memset.MSVCR100 ref: 6B3BCEB7
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,WGLGC_SetBasicPixelFormatForDC: error setting pixel format), ref: 6B3BCEF8
                                                                                    • Part of subcall function 6B3AEA57: _J2dTraceInit@0.AWT(?,6B354EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B3AEA63
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEABA
                                                                                    • Part of subcall function 6B3AEA57: vfprintf.MSVCR100 ref: 6B3AEACB
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEAE5
                                                                                    • Part of subcall function 6B3AEA57: fflush.MSVCR100 ref: 6B3AEAEF
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Tracefprintf$ImplInit@0fflushmemsetvfprintf
                                                                                  • String ID: %$($WGLGC_SetBasicPixelFormatForDC: error setting pixel format
                                                                                  • API String ID: 3389570045-699601861
                                                                                  • Opcode ID: 17be4e57a9f8934e8f3c089943d4d9d1a759d5c5581347cc50e284442ad2bed0
                                                                                  • Instruction ID: 4f693c98cc6a39e922b5788865665573b70a93238c095b3515453df79e7f9306
                                                                                  • Opcode Fuzzy Hash: 17be4e57a9f8934e8f3c089943d4d9d1a759d5c5581347cc50e284442ad2bed0
                                                                                  • Instruction Fuzzy Hash: 820136706583007BDA14EF34CC8AF6E7BE4AF5D708F84491CF58996180EBB996588BD3
                                                                                  Function 6B3F036C Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 35COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3F0373
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: CreateCurrentEnv@8EventExceptionH_prolog3_catchObjectSingleThreadThrowWait
                                                                                  • String ID: Ljava/awt/ScrollPaneAdjustable;$hAdjustable$scrollbarDisplayPolicy$vAdjustable
                                                                                  • API String ID: 2376344244-3635679437
                                                                                  • Opcode ID: 28192523d7cb6dee34f92cffd14db3938af9cdc3aa88ce4ab50c540bbbe4521d
                                                                                  • Instruction ID: 46258d27d4a7e923788661eefd81a94d78b28f9203636201c108f5b66dfb9823
                                                                                  • Opcode Fuzzy Hash: 28192523d7cb6dee34f92cffd14db3938af9cdc3aa88ce4ab50c540bbbe4521d
                                                                                  • Instruction Fuzzy Hash: B1F04F78641264EFDF11AF748849F8E7BB9AF09319F0084A5BA98AB205CB39D501DF61
                                                                                  Function 6B36C720 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 35COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,00000000,6B369D5A,?,00000000,00000000,6B368ECD,00000000,00000000,00000000,00000000,00000000,?,6B366C78,00000000), ref: 6B36C72C
                                                                                  • JNU_CallMethodByName.JAVA(00000000,00000000,00000000,setSurfaceLost,(Z)V,00000001), ref: 6B36C75E
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: CallEnv@8MethodName
                                                                                  • String ID: (Z)V$XZ>l$setSurfaceLost
                                                                                  • API String ID: 3842419413-3224340464
                                                                                  • Opcode ID: 33d5ef57307a4b756ffb6fe31393b49c4a9d6dc1c42501b3ba8864bdf2c7100d
                                                                                  • Instruction ID: 2c4ccbb75a5895bbce45e1d7f44e0cd23d1339fc1969cf85befa346ac342e27e
                                                                                  • Opcode Fuzzy Hash: 33d5ef57307a4b756ffb6fe31393b49c4a9d6dc1c42501b3ba8864bdf2c7100d
                                                                                  • Instruction Fuzzy Hash: 74F0A0353406607FD625EB29CC85F5B3BA9DFDA754F114058F500A7245EB2ADC41C6F1
                                                                                  Function 6B3E2B7C Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3E2B83
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  • JNU_CallStaticMethodByName.JAVA(?,00000000,java/util/Locale,forLanguageTag,(Ljava/lang/String;)Ljava/util/Locale;,00000000), ref: 6B3E2BBE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: CallCreateCurrentEnv@8EventExceptionH_prolog3_catchMethodNameObjectSingleStaticThreadThrowWait
                                                                                  • String ID: (Ljava/lang/String;)Ljava/util/Locale;$forLanguageTag$java/util/Locale
                                                                                  • API String ID: 3925435092-3289162403
                                                                                  • Opcode ID: 358e20b9b1b182cc18c5b43c78e389a5f313db9b93be2efd70ab9b06077c7745
                                                                                  • Instruction ID: d0cd0e01b67183cefe3e749afd6fa25422c0fa0bfe1c9c2e523f546121315ea2
                                                                                  • Opcode Fuzzy Hash: 358e20b9b1b182cc18c5b43c78e389a5f313db9b93be2efd70ab9b06077c7745
                                                                                  • Instruction Fuzzy Hash: CCF02734B41201ABC710AFB88D0AF6E7BB89F59259F1040AAFD44B7200DF3CD90186B1
                                                                                  Function 6B3FA8B2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • JDK_LoadSystemLibrary.JAVA(user32.dll), ref: 6B3FA8D4
                                                                                  • GetProcAddress.KERNEL32(00000000,SetProcessDPIAware), ref: 6B3FA8E6
                                                                                  • FreeLibrary.KERNEL32(00000000), ref: 6B3FA8F3
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Library$AddressFreeLoadProcSystem
                                                                                  • String ID: SetProcessDPIAware$user32.dll
                                                                                  • API String ID: 3631531432-1137607222
                                                                                  • Opcode ID: 01b229eab5b7b45382a56856006f923073e25fa06d4b5af4c510e6664feaceac
                                                                                  • Instruction ID: 900f2f9f34cf0f9834a8db8433d9520c9a5457d7f25c89ac5168584a9e71162a
                                                                                  • Opcode Fuzzy Hash: 01b229eab5b7b45382a56856006f923073e25fa06d4b5af4c510e6664feaceac
                                                                                  • Instruction Fuzzy Hash: 31E09231511622EAEF05B731C808F9D3FB8FF07329F104069E44251040CBBD9497E6A1
                                                                                  Function 6B3DA341 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 25COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3DA348
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: CreateCurrentEnv@8EventExceptionH_prolog3_catchObjectSingleThreadThrowWait
                                                                                  • String ID: ()I$(I)V$getExtendedState$setExtendedState
                                                                                  • API String ID: 2376344244-1152548237
                                                                                  • Opcode ID: da3a060e9914ab31e3e940581ad2ac35b4d5219f293fc3570d18fb85d0db4f88
                                                                                  • Instruction ID: 5884341fe47f26c7cec987c7ca109f37802a61578c6b3e267fd6643f67249faf
                                                                                  • Opcode Fuzzy Hash: da3a060e9914ab31e3e940581ad2ac35b4d5219f293fc3570d18fb85d0db4f88
                                                                                  • Instruction Fuzzy Hash: 90F08C74A40150ABCB10EFB4C904F5D3BB4AF09208F0080A4BA94AA140CB3881109B60
                                                                                  Function 6B3E6071 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 25COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3E6078
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: CreateCurrentEnv@8EventExceptionH_prolog3_catchObjectSingleThreadThrowWait
                                                                                  • String ID: ()I$(I)Ljava/awt/MenuItem;$countItemsImpl$getItemImpl
                                                                                  • API String ID: 2376344244-3269604386
                                                                                  • Opcode ID: 6ad75c93537b396adbb296b76dc93fc41b43ea62cf0a5b5c3aada41c7b30d68c
                                                                                  • Instruction ID: b4287af25e3037388adf88cdbdbddebd9b71c2a2768d6bc5ed2fc97e1fde050d
                                                                                  • Opcode Fuzzy Hash: 6ad75c93537b396adbb296b76dc93fc41b43ea62cf0a5b5c3aada41c7b30d68c
                                                                                  • Instruction Fuzzy Hash: 52F0A938A81100ABCB00EFB0C844F5D3BB4FF19349F0080A9FAE4AB240DF389501AFA1
                                                                                  Function 6B3FA873 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 17COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3FA887
                                                                                  • JNU_CallStaticMethodByName.JAVA(00000000,00000000,sun/awt/Win32GraphicsEnvironment,dwmCompositionChanged,(Z)V,?,00010002), ref: 6B3FA8A2
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: CallEnv@8MethodNameStatic
                                                                                  • String ID: (Z)V$dwmCompositionChanged$sun/awt/Win32GraphicsEnvironment
                                                                                  • API String ID: 1967811119-2490318706
                                                                                  • Opcode ID: 3de64b174ed1beb0f3a00f36b93572d78c9da4e648cf136ebfce89618c9829c3
                                                                                  • Instruction ID: d39bbdc2a60bd2ea862c6be2ee7b24ad33ee63ec33c14364c1e1ffd9cb233d95
                                                                                  • Opcode Fuzzy Hash: 3de64b174ed1beb0f3a00f36b93572d78c9da4e648cf136ebfce89618c9829c3
                                                                                  • Instruction Fuzzy Hash: 1ED0A7B0980250BADE15BB348D83F593A389B1920DF80046C720136283DA7D8554A2F5
                                                                                  Function 6B362D20 Relevance: 7.8, APIs: 5, Instructions: 294COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _SurfaceData_IntersectBoundsXYXY@20.AWT(?,00000000,00000000,?,?), ref: 6B362E02
                                                                                  • ?IsTextureFilteringSupported@D3DContext@@QAEHW4_D3DTEXTUREFILTERTYPE@@@Z.AWT(00000001,?,00000000,00000000,?,?), ref: 6B362EDF
                                                                                  • ?GetClipType@D3DContext@@QAE?AW4ClipType@@XZ.AWT ref: 6B362F83
                                                                                  • ?IsStretchRectFilteringSupported@D3DContext@@QAEHW4_D3DTEXTUREFILTERTYPE@@@Z.AWT(00000001), ref: 6B362F97
                                                                                  • ?D3DBlitToSurfaceViaTexture@@YAJPAVD3DContext@@PAUSurfaceDataRasInfo@@HPAU_D3DSDOps@@EJJJJJNNNN@Z.AWT(?,?,00000001,?,00000000,00000002,?,?,?,?), ref: 6B36303C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Context@@$Surface$ClipE@@@FilteringSupported@$BlitBoundsDataData_Info@@IntersectOps@@RectStretchTextureTexture@@Type@Type@@Y@20
                                                                                  • String ID:
                                                                                  • API String ID: 1981780800-0
                                                                                  • Opcode ID: da6d94948cd8e8308f4ccbf0711830af9c77ad7b9a5e6f94d7b392a51e95d995
                                                                                  • Instruction ID: 709a6a7e5dd6c278418c6789118d6b9a1b8081c7b12f7a2d1e485742cabbf5e9
                                                                                  • Opcode Fuzzy Hash: da6d94948cd8e8308f4ccbf0711830af9c77ad7b9a5e6f94d7b392a51e95d995
                                                                                  • Instruction Fuzzy Hash: E2B19D71608349EFCB04DF68D984AAEBBE5FFC8340F41895CF99982244DB35D864CB92
                                                                                  Function 6B372140 Relevance: 7.8, APIs: 5, Instructions: 292COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _GrPrim_Sg2dGetPixel@8.AWT(?,?), ref: 6B37217A
                                                                                  • _GetNativePrim@8.AWT(?,?,?,?), ref: 6B372185
                                                                                    • Part of subcall function 6B37F1F0: _JNU_ThrowInternalError@8.JAVA(?,Non-native Primitive invoked natively,?,?,6B354157,?,?), ref: 6B37F219
                                                                                  • _GrPrim_Sg2dGetCompInfo@16.AWT(?,?,00000000,?,?,?,?,?), ref: 6B3721AA
                                                                                  • _SurfaceData_GetOps@8.AWT(?,?,?,?,?,?), ref: 6B3721B1
                                                                                  • _GrPrim_Sg2dGetClip@12.AWT(?,?,?,?,?,?,?,?,?), ref: 6B3721C9
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Prim_Sg2d$Clip@12CompData_Error@8Info@16InternalNativeOps@8Pixel@8Prim@8SurfaceThrow
                                                                                  • String ID:
                                                                                  • API String ID: 731971863-0
                                                                                  • Opcode ID: c0323f191cb58f063ed9b7873b68653154523a181baa6252ffe2bce504c009db
                                                                                  • Instruction ID: 5d17b1179a31932038ae61cffab594d4c789b19aeab7bf63a9b6dbb840d64d10
                                                                                  • Opcode Fuzzy Hash: c0323f191cb58f063ed9b7873b68653154523a181baa6252ffe2bce504c009db
                                                                                  • Instruction Fuzzy Hash: A0A15E713483419FD328EE59CD80E6FB3F9ABCA700F50892DF69587250E639E845CB66
                                                                                  Function 6B3AEF00 Relevance: 7.7, APIs: 5, Instructions: 233COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _Region_StartIteration@8.AWT(?,?,?,?), ref: 6B3AEF87
                                                                                  • _Region_NextIteration@8.AWT(?,?,?,?,?,?), ref: 6B3AEF92
                                                                                  • _Transform_transform@12.AWT(?,?,?,?,?,?,?,?,?), ref: 6B3AF025
                                                                                  • _Region_NextIteration@8.AWT(?,?,?,?,?,?,?,?), ref: 6B3AF1A5
                                                                                  • _Region_EndIteration@8.AWT(?,?,?,?,?,?,?,?), ref: 6B3AF1B8
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Iteration@8Region_$Next$StartTransform_transform@12
                                                                                  • String ID:
                                                                                  • API String ID: 3152154792-0
                                                                                  • Opcode ID: 400dac294cf90a4c79eaa9efac124a38a9ca653c0da7cd7b4256e811103951cf
                                                                                  • Instruction ID: 9b91a1cd3fd28de183d87c8059cd2189f388ca38c55c210d1a43703054ccfd06
                                                                                  • Opcode Fuzzy Hash: 400dac294cf90a4c79eaa9efac124a38a9ca653c0da7cd7b4256e811103951cf
                                                                                  • Instruction Fuzzy Hash: 2E9137B1608701AFC314CF24C984A5ABBF5FBC9744F218A1DF99997390D775E8418F92
                                                                                  Function 6B3E4F6E Relevance: 7.7, APIs: 5, Instructions: 152COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B3E4F7D
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B3E4F8C
                                                                                  • _CxxThrowException.MSVCR100(00000000,00000000), ref: 6B3E4F94
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ??3@$ExceptionThrow
                                                                                  • String ID:
                                                                                  • API String ID: 2803161813-0
                                                                                  • Opcode ID: 029a4cd3e7fc15c1d967a91c96f12aa55d7524e8d88cbfbc8ccd1d47a5ceeb4f
                                                                                  • Instruction ID: ce9baaee6c226ca6cc2479afda5889710f71ebe2cbe0a4f7cac4ac9acaab8b4a
                                                                                  • Opcode Fuzzy Hash: 029a4cd3e7fc15c1d967a91c96f12aa55d7524e8d88cbfbc8ccd1d47a5ceeb4f
                                                                                  • Instruction Fuzzy Hash: C2514F71A00618AFDF11AFB4CC85E9EBBB8FF0C720F10011AF155A61A0CB75AD52DB60
                                                                                  Function 6B366BB0 Relevance: 7.6, APIs: 5, Instructions: 117pipeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT ref: 6B366BCC
                                                                                  • ?GetAdapterOrdinalForScreen@D3DPipelineManager@@QAEIJ@Z.AWT(?), ref: 6B366BF5
                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(00000000,?,?), ref: 6B366C04
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Manager@@Pipeline$AdapterContext@Context@@@Instance@OrdinalScreen@
                                                                                  • String ID:
                                                                                  • API String ID: 2689482991-0
                                                                                  • Opcode ID: b5ba8c232d4dbc2ec741a7a9e38b80f6e4c5ba302b386377c51d6ecf612f91fe
                                                                                  • Instruction ID: 794352937ae403d759d7cc5e132684c32f3985d1699246152004cbc91e9d02b6
                                                                                  • Opcode Fuzzy Hash: b5ba8c232d4dbc2ec741a7a9e38b80f6e4c5ba302b386377c51d6ecf612f91fe
                                                                                  • Instruction Fuzzy Hash: CD314CB1A043859BC704DF69C88196FB7E9AFD8784F00492EF98987215EB78D905CB92
                                                                                  Function 6B3EAC51 Relevance: 7.6, APIs: 5, Instructions: 85COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3EAC58
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  • GlobalLock.KERNEL32(?), ref: 6B3EACA9
                                                                                  • GlobalLock.KERNEL32(00000000), ref: 6B3EACAE
                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 6B3EAD55
                                                                                  • GlobalUnlock.KERNEL32(?), ref: 6B3EAD5A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Global$LockUnlock$CreateCurrentEnv@8EventExceptionH_prolog3_catchObjectSingleThreadThrowWait
                                                                                  • String ID:
                                                                                  • API String ID: 96308209-0
                                                                                  • Opcode ID: 1611bda6180cfcb3f569d53c14482c8012f18757d676808fb784604e73eaa28a
                                                                                  • Instruction ID: 9380cb4eebfb46c81b2eb0cb7fafec55d36321f33065938eddea291c511ca74f
                                                                                  • Opcode Fuzzy Hash: 1611bda6180cfcb3f569d53c14482c8012f18757d676808fb784604e73eaa28a
                                                                                  • Instruction Fuzzy Hash: 8C317239904359EACF209FA4CC41BEE7BB5FF08714F00405AFD9497660DB759882DBA5
                                                                                  Function 6B3ECE86 Relevance: 7.6, APIs: 5, Instructions: 82COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: _control87$Global$LockUnlock
                                                                                  • String ID:
                                                                                  • API String ID: 635779606-0
                                                                                  • Opcode ID: 8c1d5f79ee077725e68c76f05ffd89962cf7a06b2640c44661a2369427db314c
                                                                                  • Instruction ID: 14530e09788448e838affc0e78a44748443caba2ea61ae189fde608bd3247925
                                                                                  • Opcode Fuzzy Hash: 8c1d5f79ee077725e68c76f05ffd89962cf7a06b2640c44661a2369427db314c
                                                                                  • Instruction Fuzzy Hash: C9217A71E04219BADF006FB5CD4AB9EBFB8FB04352F204496E505B21C0EB7196609B90
                                                                                  Function 6B366D00 Relevance: 7.6, APIs: 5, Instructions: 77pipeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT ref: 6B366D05
                                                                                  • ?GetAdapterOrdinalForScreen@D3DPipelineManager@@QAEIJ@Z.AWT(?), ref: 6B366D24
                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(00000000,?,?), ref: 6B366D35
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Manager@@Pipeline$AdapterContext@Context@@@Instance@OrdinalScreen@
                                                                                  • String ID:
                                                                                  • API String ID: 2689482991-0
                                                                                  • Opcode ID: 295b4311cac17e1edf356f20eb11c57c79fb42548055ee324c05f7f35f35e011
                                                                                  • Instruction ID: b49b8a2ed0352ff6b4c2f3dbf060f7162a468d0dccad274adf518802a9fe3285
                                                                                  • Opcode Fuzzy Hash: 295b4311cac17e1edf356f20eb11c57c79fb42548055ee324c05f7f35f35e011
                                                                                  • Instruction Fuzzy Hash: 2221C9B1A043045FC600DF689841A9FF7D4EB89394F40092EFD8853205EB7AA90987A6
                                                                                  Function 6B3F4330 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 74COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: memset$wcscatwcscpy
                                                                                  • String ID: SECURITY_WARNING_
                                                                                  • API String ID: 4220308061-3675562604
                                                                                  • Opcode ID: bee71841d31e0019c65a4a55be157cd3edf7f4eaed50537610714fc99a9272f0
                                                                                  • Instruction ID: 9bafdd855695a97e67166a5172009f52af0f535b9592256a960b629fab9743f7
                                                                                  • Opcode Fuzzy Hash: bee71841d31e0019c65a4a55be157cd3edf7f4eaed50537610714fc99a9272f0
                                                                                  • Instruction Fuzzy Hash: 88216972654300ABE700EF28C980F5EB7E8EB8AB00F84491DF68597244DB75E915CB92
                                                                                  Function 6B404E2D Relevance: 7.6, APIs: 5, Instructions: 58memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000001,00000000,00000000), ref: 6B404E5B
                                                                                  • free.MSVCR100 ref: 6B404E6E
                                                                                  • GetLastError.KERNEL32 ref: 6B404E76
                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 6B404E91
                                                                                  • free.MSVCR100 ref: 6B404EA2
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: free$AllocByteCharErrorLastMultiStringWide
                                                                                  • String ID:
                                                                                  • API String ID: 2461177162-0
                                                                                  • Opcode ID: d9344e70f6c85e931a911edca6cb1bc31047621fdef5cd35ea51ca8ed852c6fe
                                                                                  • Instruction ID: 0236d4bd72251568beef7aa8d4a05716c88ba844e42df8beca76271b8bd8bf5b
                                                                                  • Opcode Fuzzy Hash: d9344e70f6c85e931a911edca6cb1bc31047621fdef5cd35ea51ca8ed852c6fe
                                                                                  • Instruction Fuzzy Hash: 53119476D40204BAD7109BB59C42F9F77B9EB783A4F10013DE915B3280DF7D995086D1
                                                                                  Function 6B3D00BA Relevance: 7.6, APIs: 5, Instructions: 56COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4a43f5c43c5928c85bb542e6ec15f1c73f75da803585913e7b3b3a615d8e821c
                                                                                  • Instruction ID: 025e0a5d5f23dace558334c24427004f9536db9e21c7cfb51ba6e0d810f19edf
                                                                                  • Opcode Fuzzy Hash: 4a43f5c43c5928c85bb542e6ec15f1c73f75da803585913e7b3b3a615d8e821c
                                                                                  • Instruction Fuzzy Hash: 9411E376640304EFCB01EF68CC58F8E37B8AB06B14F008599F914AB291C77EDA54CBA4
                                                                                  Function 6ADD21FF Relevance: 7.5, APIs: 5, Instructions: 40encryptionCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CertCloseStore.CRYPT32(?,00000000), ref: 6ADD2208
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,6ADD21F2), ref: 6ADD223E
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,6ADD21F2), ref: 6ADD224C
                                                                                  • CertFreeCertificateContext.CRYPT32(?,6ADD21F2), ref: 6ADD225A
                                                                                  • CertFreeCertificateContext.CRYPT32(?,6ADD21F2), ref: 6ADD226D
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371186328.000000006ADD1000.00000020.00000001.01000000.00000018.sdmp, Offset: 6ADD0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371148872.000000006ADD0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371227574.000000006ADD4000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371263832.000000006ADD7000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6add0000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Cert$??3@CertificateContextFree$CloseStore
                                                                                  • String ID:
                                                                                  • API String ID: 3032901959-0
                                                                                  • Opcode ID: 7937f372a54047c5013a16d729531d55f393d12c170af0f7a0b3711e8e65c34b
                                                                                  • Instruction ID: e56bfcdf7f7e99933def0d2792dd4efcd96c17b76227dd77f632030325a33b02
                                                                                  • Opcode Fuzzy Hash: 7937f372a54047c5013a16d729531d55f393d12c170af0f7a0b3711e8e65c34b
                                                                                  • Instruction Fuzzy Hash: 64019331C11918EFCF02AF94D9089EDBBB6BF89716FA242A9F06171034DB328991DF14
                                                                                  Function 6B39CFF0 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 414COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,OGLRenderQueue_flushBuffer: cannot get direct buffer address), ref: 6B39D014
                                                                                    • Part of subcall function 6B3AEA57: _J2dTraceInit@0.AWT(?,6B354EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B3AEA63
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEABA
                                                                                    • Part of subcall function 6B3AEA57: vfprintf.MSVCR100 ref: 6B3AEACB
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEAE5
                                                                                    • Part of subcall function 6B3AEA57: fflush.MSVCR100 ref: 6B3AEAEF
                                                                                  Strings
                                                                                  • OGLRenderQueue_flushBuffer: invalid opcode=%d, xrefs: 6B39DC26
                                                                                  • OGLRenderQueue_flushBuffer: cannot get direct buffer address, xrefs: 6B39D00B
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Tracefprintf$ImplInit@0fflushvfprintf
                                                                                  • String ID: OGLRenderQueue_flushBuffer: cannot get direct buffer address$OGLRenderQueue_flushBuffer: invalid opcode=%d
                                                                                  • API String ID: 3442746353-2602904628
                                                                                  • Opcode ID: 56c37afe38e1701d9d0f196f48a0976173e9de220bee1b859adfa816d62aa7d2
                                                                                  • Instruction ID: 385fc1e1fe3d5971dc92c2de5c0a7ad4223e3ffbf077c1ac2db32ab55e2a7210
                                                                                  • Opcode Fuzzy Hash: 56c37afe38e1701d9d0f196f48a0976173e9de220bee1b859adfa816d62aa7d2
                                                                                  • Instruction Fuzzy Hash: F8E13471608200DFD320AF59E98982BFBF4FBC9700F91894CE5D953249E375A874CBA6
                                                                                  Function 6B3AAB67 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 329COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_ThrowArrayIndexOutOfBoundsException@8.JAVA(?,band array), ref: 6B3AAB88
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ArrayBoundsException@8IndexThrow
                                                                                  • String ID: alpha tile array$band array
                                                                                  • API String ID: 540364022-1923403480
                                                                                  • Opcode ID: fffd0143177c699e1ab31802e1ca1ced22ebbdd8a972c09bd3252aed63127a50
                                                                                  • Instruction ID: 2a73259cf979acc7f38019ab3836c1153fa0a114e3cd639ca22d3448b0454d07
                                                                                  • Opcode Fuzzy Hash: fffd0143177c699e1ab31802e1ca1ced22ebbdd8a972c09bd3252aed63127a50
                                                                                  • Instruction Fuzzy Hash: 31E1E671A00619EFCB05CFA8C984E9DBBB6FF49300F2480A9F944AB255D735A951CF90
                                                                                  Function 6B3A0FF0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 258COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • floor.MSVCR100 ref: 6B3A1132
                                                                                  • floor.MSVCR100 ref: 6B3A1172
                                                                                    • Part of subcall function 6B3A0D10: floor.MSVCR100 ref: 6B3A0DDC
                                                                                    • Part of subcall function 6B3A0D10: floor.MSVCR100 ref: 6B3A0E1C
                                                                                  Strings
                                                                                  • OGLTR_DrawGlyphList: glyph info is null, xrefs: 6B3A1299
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: floor
                                                                                  • String ID: OGLTR_DrawGlyphList: glyph info is null
                                                                                  • API String ID: 3192247854-4135090480
                                                                                  • Opcode ID: b8b3b351f515b53c540885d8da4bf45d4811396126457e803bc0efdbc303f01b
                                                                                  • Instruction ID: a52a94cc30b2d87dc390351454262a74ac7b02862edfcc3aa01f2b00369b898c
                                                                                  • Opcode Fuzzy Hash: b8b3b351f515b53c540885d8da4bf45d4811396126457e803bc0efdbc303f01b
                                                                                  • Instruction Fuzzy Hash: 0D91B171A04711AFD710DF64C884A6B7BF8FF8A744F20495CF89993244D739D961CBA2
                                                                                  Function 6B3C41D3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 135COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ??3@memset
                                                                                  • String ID: (IIII)V$handleExpose
                                                                                  • API String ID: 4044531854-1818056601
                                                                                  • Opcode ID: 842fb652b3b099e9adc4ae305e2b628b5d57d87b294cfb3648cf2666d09dacdb
                                                                                  • Instruction ID: a861b067eae962d2316e0ef75ec38c1f19bb31e9c62870278a283f003a44924f
                                                                                  • Opcode Fuzzy Hash: 842fb652b3b099e9adc4ae305e2b628b5d57d87b294cfb3648cf2666d09dacdb
                                                                                  • Instruction Fuzzy Hash: 99418F71A00209FFDB10AFA9C885CAEBBB9FF49350B108569F919A7610C735ED60DB91
                                                                                  Function 6B3E8BC1 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 128COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,peer), ref: 6B3E8C1B
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,null pData), ref: 6B3E8C62
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Exception@8NullPointerThrow
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 473278687-751156914
                                                                                  • Opcode ID: 0422d41e33285d8cfbfcb46abeabb3abdf271df6d23b979415f7e9e79ae5e2f9
                                                                                  • Instruction ID: 641f6bb71978a236e5049b3643cb6d5a3c9952f84db5dede58d3d50cd977995c
                                                                                  • Opcode Fuzzy Hash: 0422d41e33285d8cfbfcb46abeabb3abdf271df6d23b979415f7e9e79ae5e2f9
                                                                                  • Instruction Fuzzy Hash: E8412C31A01519EFDB01AFA8C888DEEBBF9FF0E314B10046AF945A7250CB359952DF65
                                                                                  Function 6B3C2FCF Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 83COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3C300C
                                                                                    • Part of subcall function 6B3E81E0: _JNU_GetEnv@8.JAVA(00010002,00000010,6B3C07BE,?,handlePaint,(IIII)V,?,00000010,?,00000010), ref: 6B3E81EC
                                                                                    • Part of subcall function 6B3E81E0: _JNU_CallMethodByNameV@24.JAVA(00000000,00000000,?,?,?,?,00010002,00000010,6B3C07BE,?,handlePaint,(IIII)V,?,00000010,?,00000010), ref: 6B3E8215
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Env@8$CallMethodNameV@24
                                                                                  • String ID: (I)V$4$handleAction
                                                                                  • API String ID: 3494409289-2125931825
                                                                                  • Opcode ID: b0408bda2010c05741835d291a4d3b902430c2ac09dfa64df80b72129db16fe1
                                                                                  • Instruction ID: 1e3aa03c3440442eb5ceb49392f63b4002c3fbb3928508a1c2a2659172e364d5
                                                                                  • Opcode Fuzzy Hash: b0408bda2010c05741835d291a4d3b902430c2ac09dfa64df80b72129db16fe1
                                                                                  • Instruction Fuzzy Hash: AD21F271A00710AFDB10FFB5C845F5B7BB8FB06329F100419F446A3291DBB98855CB52
                                                                                  Function 6B3BED03 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 79COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: memset
                                                                                  • String ID: POSTSCRIPT
                                                                                  • API String ID: 2221118986-171833974
                                                                                  • Opcode ID: 04fad1742adfb3467a9f889a679e7743f4f0d5a7997a51e1270b1d39544c4146
                                                                                  • Instruction ID: 15f4600a66888736c18f4e30af6289c2b0c005bd87d82dc879c29a68470b0bf2
                                                                                  • Opcode Fuzzy Hash: 04fad1742adfb3467a9f889a679e7743f4f0d5a7997a51e1270b1d39544c4146
                                                                                  • Instruction Fuzzy Hash: C0216271A5021DAEFB309BB9CC85FEF7ABCEB19748F00046DA515D7181EAB599084F70
                                                                                  Function 6B3FCBD1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3FCBD8
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,iconRaster data), ref: 6B3FCC16
                                                                                  • memset.MSVCR100 ref: 6B3FCC69
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Exception@8H_prolog3_catchNullPointerThrowmemset
                                                                                  • String ID: iconRaster data
                                                                                  • API String ID: 1709764402-3591564486
                                                                                  • Opcode ID: c52ead737b6983f5eb0463e5880c13aa5f4f57ae4b094e0a8873bc767106acbe
                                                                                  • Instruction ID: 2a128b7cbab18613046dbc0f00a1e0c3f1565e7d98a96c945ef7fc0bcfa7ef2e
                                                                                  • Opcode Fuzzy Hash: c52ead737b6983f5eb0463e5880c13aa5f4f57ae4b094e0a8873bc767106acbe
                                                                                  • Instruction Fuzzy Hash: F4215E75E00219EFCF11DFA4CD85E9E7BB8BF08714F10416AF914A7250DB398A019B91
                                                                                  Function 6B37E160 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 68COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • TlsGetValue.KERNEL32(FFFFFFFF), ref: 6B37E168
                                                                                  • _JNU_ThrowInternalError@8.JAVA(?,Unmatched unlock on Win32 SurfaceData), ref: 6B37E19A
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Error@8InternalThrowValue
                                                                                  • String ID: H4@k$Unmatched unlock on Win32 SurfaceData
                                                                                  • API String ID: 375967300-1942068246
                                                                                  • Opcode ID: 5ae4289d0649b9203b7e8aefd5183551fef9f1dd9a136961943f513c404f8065
                                                                                  • Instruction ID: 89c28c602bbeddb429ba0a5fb6de75f6e92f3a209dcb37586192a84d9ffe06a6
                                                                                  • Opcode Fuzzy Hash: 5ae4289d0649b9203b7e8aefd5183551fef9f1dd9a136961943f513c404f8065
                                                                                  • Instruction Fuzzy Hash: AF217431724710ABE320AB25C945F9BB7A8FF8A700F00886CE99A87240C738F805CB64
                                                                                  Function 6B3F4FD0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  • _JNU_ThrowByName@12.JAVA(?,java/lang/UnsupportedOperationException,Keyboard doesn't have requested key,300AB9ED), ref: 6B3F5045
                                                                                  • memcpy.MSVCR100(?,6B44E510,00000100), ref: 6B3F5089
                                                                                  Strings
                                                                                  • Keyboard doesn't have requested key, xrefs: 6B3F503A
                                                                                  • java/lang/UnsupportedOperationException, xrefs: 6B3F503F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Throw$CreateCurrentEnv@8EventExceptionName@12ObjectSingleThreadWaitmemcpy
                                                                                  • String ID: Keyboard doesn't have requested key$java/lang/UnsupportedOperationException
                                                                                  • API String ID: 3751197491-391182723
                                                                                  • Opcode ID: fa8cfef2dc0208a747846ae72b0916cb67a1cc97f4b2534355d0aa5b1d834bf7
                                                                                  • Instruction ID: e4542239e8dd4695fb4fcdba976b8a1457fd6ccfa12721bcd42fce111c2bc3aa
                                                                                  • Opcode Fuzzy Hash: fa8cfef2dc0208a747846ae72b0916cb67a1cc97f4b2534355d0aa5b1d834bf7
                                                                                  • Instruction Fuzzy Hash: 2A21C671A04158AFCB14DF64CC82FEEB778FB49314F004669E51557280DB396E10CBE1
                                                                                  Function 6B3C09E3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3C09EA
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,null pData), ref: 6B3C0A13
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Throw$CreateCurrentEnv@8EventExceptionException@8H_prolog3_catchNullObjectPointerSingleThreadWait
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 608574450-751156914
                                                                                  • Opcode ID: 2b3ee6a34df5e41c7c49cbddd752e7f5666e9932c14222d3d5d188aeaa5ca609
                                                                                  • Instruction ID: d746077f7165d34156e204215b3230c9e5615ebe234114e6986d5de11f7b6d6b
                                                                                  • Opcode Fuzzy Hash: 2b3ee6a34df5e41c7c49cbddd752e7f5666e9932c14222d3d5d188aeaa5ca609
                                                                                  • Instruction Fuzzy Hash: 0A119E78640254EFD711EFB4C888E9E7BB8FF09309B004469F9849B240DB3DD951CBA6
                                                                                  Function 6B3FC3D9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3FC3EB
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B3FC414
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B3FC463
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ??3@Env@8Exception@8NullPointerThrow
                                                                                  • String ID: peer
                                                                                  • API String ID: 2303478036-2733046201
                                                                                  • Opcode ID: c7480fbcd9221378daa76c165dd53eedb026a3f938ed06d81ac8e56148f760e2
                                                                                  • Instruction ID: 80fa9535101727e33ff208ca0be5446c45ca1cb02c9da96e69753dd5b9efc630
                                                                                  • Opcode Fuzzy Hash: c7480fbcd9221378daa76c165dd53eedb026a3f938ed06d81ac8e56148f760e2
                                                                                  • Instruction Fuzzy Hash: 4811A331184194BFDB02AB65CC45FEE7FBCDF0A254F144095F99497206DB35D942CBA1
                                                                                  Function 6B3EAE16 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,00000002,00000000,00000000,?,00000000,?,?,00000000,?,?,?,FILE:,6B3EAF1E), ref: 6B3EAE46
                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6B3EAE83
                                                                                  • _wcsdup.MSVCR100 ref: 6B3EAE90
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Global$AllocFree_wcsdup
                                                                                  • String ID: FILE:
                                                                                  • API String ID: 1255444286-3306117909
                                                                                  • Opcode ID: 3cc52b13a1c92ed3f24c94752d2963de199f2a82de88f3560880a9092c7027f6
                                                                                  • Instruction ID: 0ec92ff39098980adee525eda0cb7e0f92570fb549c71daba253cb35b043a99a
                                                                                  • Opcode Fuzzy Hash: 3cc52b13a1c92ed3f24c94752d2963de199f2a82de88f3560880a9092c7027f6
                                                                                  • Instruction Fuzzy Hash: 6B018076A04118BFDF116BA8DC86EDE7FBDEB89744F004476FA01A2051DB368E01A6A0
                                                                                  Function 6B3FAD8D Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3FAD99
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData), ref: 6B3FADFE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Env@8Exception@8NullPointerThrow
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 3854714648-751156914
                                                                                  • Opcode ID: 6f0a337b93f69535123c7ca525f4304d0ec1d9c287661e565369562d2f6539f2
                                                                                  • Instruction ID: 94c971cc8fa9c52aa303353da02eb69d92741fab1c07c3eca6667b38dcc744ac
                                                                                  • Opcode Fuzzy Hash: 6f0a337b93f69535123c7ca525f4304d0ec1d9c287661e565369562d2f6539f2
                                                                                  • Instruction Fuzzy Hash: 2B116130244550AFC712AF69CC48FDF7BBEEF8A711B0140A9F54587221D739C882CBA1
                                                                                  Function 6B3BEDCE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3BEDD5
                                                                                    • Part of subcall function 6B3E928B: __EH_prolog3_catch.LIBCMT ref: 6B3E9292
                                                                                    • Part of subcall function 6B3E928B: _JNU_GetEnv@8.JAVA(00010002,0000001C,6B3BEE06,00000000,00000000,?,00000000,00000000,00000014), ref: 6B3E92A2
                                                                                    • Part of subcall function 6B3E928B: free.MSVCR100 ref: 6B3E9335
                                                                                    • Part of subcall function 6B3E928B: _wcsicmp.MSVCR100 ref: 6B3E9365
                                                                                    • Part of subcall function 6B3E928B: wcstok.MSVCR100 ref: 6B3E93F2
                                                                                  • wcslen.MSVCR100 ref: 6B3BEE3C
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B3BEE58
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog3_catch$??3@Env@8_wcsicmpfreewcslenwcstok
                                                                                  • String ID: LPT1
                                                                                  • API String ID: 3086192869-322145859
                                                                                  • Opcode ID: 7954f1b1935dd353032dbb9da5aa499d235c083a425ebc29966527999a65880b
                                                                                  • Instruction ID: 183f14f97237c4d0957282a4e1f5a498210548f2a4ee559b7395c62cd258f770
                                                                                  • Opcode Fuzzy Hash: 7954f1b1935dd353032dbb9da5aa499d235c083a425ebc29966527999a65880b
                                                                                  • Instruction Fuzzy Hash: D21119B1D00219EBCF15DFA9C805CEFFBB8EF68310F10466EE511A6550DB7A4A01DBA1
                                                                                  Function 6B3FAD01 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 55COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3FAD0D
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData), ref: 6B3FAD72
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Env@8Exception@8NullPointerThrow
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 3854714648-751156914
                                                                                  • Opcode ID: 3ed9f20c1d498778450d5cf476caf9f5a741114d2721939be593b9cf2ccb67b6
                                                                                  • Instruction ID: 5811544fe4c3d68ee12c785a7a818f9f3a82133958b562c45f8a60697fbc0206
                                                                                  • Opcode Fuzzy Hash: 3ed9f20c1d498778450d5cf476caf9f5a741114d2721939be593b9cf2ccb67b6
                                                                                  • Instruction Fuzzy Hash: 09018035244550BFC716AF65CC48ECE7BBEEF8A712B0500A9F94587221C739C882CBE1
                                                                                  Function 6B3C6363 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3C6374
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B3C6399
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B3C63E4
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ??3@Env@8Exception@8NullPointerThrow
                                                                                  • String ID: peer
                                                                                  • API String ID: 2303478036-2733046201
                                                                                  • Opcode ID: 5c2698b0af4413ee5fcf31a21eb95e5e57a23fd848e3f215c5ee062e5f028838
                                                                                  • Instruction ID: 1017b36d8eb6ca067e4f4da0102ad59c89c3aee5a4c10842dbcea0166914ce5f
                                                                                  • Opcode Fuzzy Hash: 5c2698b0af4413ee5fcf31a21eb95e5e57a23fd848e3f215c5ee062e5f028838
                                                                                  • Instruction Fuzzy Hash: 1401C031200150BFCB12AFA5CC45EAE3FB8EF0A354B1040A9F945CB256DB75DD51DBA1
                                                                                  Function 6B3C0AA4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3C0AAB
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,null pData), ref: 6B3C0AD4
                                                                                    • Part of subcall function 6B3F3EC0: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,?,?), ref: 6B3F3ED2
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Env@8Throw$CreateCurrentEventExceptionException@8H_prolog3_catchNullObjectPointerSingleThreadWait
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 2776560734-751156914
                                                                                  • Opcode ID: c77c75c1cd6a77d8927520bb9d4d33dbaa294e07c301eb34c7dd19546b27c944
                                                                                  • Instruction ID: 48d1d086ebe40813a606b37a1d6aa2c8a70934a2be4cb2844c9206a369192386
                                                                                  • Opcode Fuzzy Hash: c77c75c1cd6a77d8927520bb9d4d33dbaa294e07c301eb34c7dd19546b27c944
                                                                                  • Instruction Fuzzy Hash: 85118279640244EFCB22EFA4C848F9F3BB5EF45708F104095F95467210CB39CA11CB66
                                                                                  Function 6B3E4AE1 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3E4AE8
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,null pData), ref: 6B3E4B11
                                                                                    • Part of subcall function 6B3F3EC0: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,?,?), ref: 6B3F3ED2
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Env@8Throw$CreateCurrentEventExceptionException@8H_prolog3_catchNullObjectPointerSingleThreadWait
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 2776560734-751156914
                                                                                  • Opcode ID: 58ae5f505088013a14e1e4a4061faf5f8b7c9226f5f58864d843253dc6222fba
                                                                                  • Instruction ID: 3e7f4023d3016c41995079f466b6d19815ba0cb0371309bcb82fc2b52ddfc613
                                                                                  • Opcode Fuzzy Hash: 58ae5f505088013a14e1e4a4061faf5f8b7c9226f5f58864d843253dc6222fba
                                                                                  • Instruction Fuzzy Hash: 7E11A534640111FBDB22AF64C808F9E3BB9EF49708F144096F99557351CB398652CB71
                                                                                  Function 6B3C2D73 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3C2D7A
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,null pData), ref: 6B3C2DA3
                                                                                    • Part of subcall function 6B3F3EC0: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,?,?), ref: 6B3F3ED2
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Env@8Throw$CreateCurrentEventExceptionException@8H_prolog3_catchNullObjectPointerSingleThreadWait
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 2776560734-751156914
                                                                                  • Opcode ID: f424c9717a102a2a340f64e263455305ece8580f750bb45289e34897d5220347
                                                                                  • Instruction ID: 3719c6a7649aeeae57bf8c05d9afa517abb25aaa096c02e616d0d21f8ecde0fa
                                                                                  • Opcode Fuzzy Hash: f424c9717a102a2a340f64e263455305ece8580f750bb45289e34897d5220347
                                                                                  • Instruction Fuzzy Hash: C9117C34650100EBCB22AFA8CD48F9E3BB5EF56309F1140A8F95466210CB3A8A46CB62
                                                                                  Function 6B3E4393 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3E439A
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,null pData), ref: 6B3E43C3
                                                                                    • Part of subcall function 6B3F3EC0: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,?,?), ref: 6B3F3ED2
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Env@8Throw$CreateCurrentEventExceptionException@8H_prolog3_catchNullObjectPointerSingleThreadWait
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 2776560734-751156914
                                                                                  • Opcode ID: 0e97f13adc74e9c39409c416be9585a57686105b9b58805646a061322978d9c8
                                                                                  • Instruction ID: 4f3580961c1ac8685473e566d20a7df43ae758371e5ade26715ae53209ccd4ac
                                                                                  • Opcode Fuzzy Hash: 0e97f13adc74e9c39409c416be9585a57686105b9b58805646a061322978d9c8
                                                                                  • Instruction Fuzzy Hash: 1511A534A40114FBDB22AF64C808F9E3BB5EF49709F158096F94467250CB398652DB71
                                                                                  Function 6B3E6215 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3E621C
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,null pData), ref: 6B3E6244
                                                                                    • Part of subcall function 6B3F3EC0: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,?,?), ref: 6B3F3ED2
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Env@8Throw$CreateCurrentEventExceptionException@8H_prolog3_catchNullObjectPointerSingleThreadWait
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 2776560734-751156914
                                                                                  • Opcode ID: 7182a73fe8fa7313302b49af8289af4c056d4fa2c9e177b3311fb83c495d372b
                                                                                  • Instruction ID: 1374bf3da4f43857f34ecd6331e3c67f2efa29b896083dfb94db6b27dfff849a
                                                                                  • Opcode Fuzzy Hash: 7182a73fe8fa7313302b49af8289af4c056d4fa2c9e177b3311fb83c495d372b
                                                                                  • Instruction Fuzzy Hash: 87118E34A40114EFCB22AFA4CC48DAE7BB6FF55304B1444ABFA5466210CB3AC612DB72
                                                                                  Function 6B3E2A14 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 50COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3E2A1B
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,null pData), ref: 6B3E2A44
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Throw$CreateCurrentEnv@8EventExceptionException@8H_prolog3_catchNullObjectPointerSingleThreadWait
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 608574450-751156914
                                                                                  • Opcode ID: b06ba6a3dd5b92194fc7bce78f61f4545515a2f0495981d8ac95a633c43d7d60
                                                                                  • Instruction ID: 66d348b00cc4557a597a989649858d1f9c5b5a8d55c537d8ccef676c0c66f485
                                                                                  • Opcode Fuzzy Hash: b06ba6a3dd5b92194fc7bce78f61f4545515a2f0495981d8ac95a633c43d7d60
                                                                                  • Instruction Fuzzy Hash: 2D01C034640161ABDB359FA48D09EBE3BB9EF86704F00005AF9415B250DF3CC552C7B2
                                                                                  Function 6B37E9E0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48pipeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _SurfaceData_ThrowInvalidPipeException@8.AWT(?,bounds changed), ref: 6B37E9FE
                                                                                  • TlsGetValue.KERNEL32(FFFFFFFF), ref: 6B37EA0F
                                                                                  • _GDIWinSD_InitDC@32.AWT(?,?,00000000,?,?,?,?,?), ref: 6B37EA37
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: C@32Data_Exception@8InitInvalidPipeSurfaceThrowValue
                                                                                  • String ID: bounds changed
                                                                                  • API String ID: 682632226-4245400890
                                                                                  • Opcode ID: c19b8a308f2984125aaa46a216879d9a8d970cc13b4ca47461e99060ddc56288
                                                                                  • Instruction ID: a94f9bcb04492d727367e5949b4abd9ee6be8086928a3c0ddbac6fc93b053ca1
                                                                                  • Opcode Fuzzy Hash: c19b8a308f2984125aaa46a216879d9a8d970cc13b4ca47461e99060ddc56288
                                                                                  • Instruction Fuzzy Hash: AE018F72619210AF8750EB68E844C9B77FCEFCD214B0449ADF59493200D33AEC468BA5
                                                                                  Function 6B3C6DA8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 48COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3C6DB9
                                                                                  • JNU_NewObjectByName.JAVA(00000000,sun/awt/UngrabEvent,(Ljava/awt/Component;)V,00000000,00000000,00010002), ref: 6B3C6DD6
                                                                                    • Part of subcall function 6B3FF4F1: _JNU_IsInstanceOfByName@12.JAVA(?,00000000,java/lang/OutOfMemoryError,?,00000000,?,6B3DB43B,00000000,6C3E5A58,00010002,00000000,6B3E8959,00000004,6B3E8A0F,?,?), ref: 6B3FF512
                                                                                    • Part of subcall function 6B3FF4F1: _CxxThrowException.MSVCR100(?,6B429388), ref: 6B3FF537
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Env@8ExceptionInstanceNameName@12ObjectThrow
                                                                                  • String ID: (Ljava/awt/Component;)V$sun/awt/UngrabEvent
                                                                                  • API String ID: 4045150742-3140849881
                                                                                  • Opcode ID: 7be452d319b3d08fb4ed91fc30c436deefd64e387131f70e485a9c826af13dae
                                                                                  • Instruction ID: 8ccee7718684c59a215f93b217ec4fe00824bc43423956508e7301d4efe5498b
                                                                                  • Opcode Fuzzy Hash: 7be452d319b3d08fb4ed91fc30c436deefd64e387131f70e485a9c826af13dae
                                                                                  • Instruction Fuzzy Hash: 25F044317015647FC711ABB98C45EBF7BADDF8A155311046AFD4187203EB2EDC418AB1
                                                                                  Function 6B3C4D08 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 47COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3C4D18
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Env@8
                                                                                  • String ID: ()V$inquireCandidatePosition$sun/awt/windows/WInputMethod
                                                                                  • API String ID: 97469293-1914844607
                                                                                  • Opcode ID: 68e86cf9ef2a699e530da0eb7f2bbd13a79c5694463f711dcb97d3ac19279223
                                                                                  • Instruction ID: 4282f7ec9ea810d7a6eb22d9f09b85f5cbf59f9047b8f7461b5da1668eb0ebd4
                                                                                  • Opcode Fuzzy Hash: 68e86cf9ef2a699e530da0eb7f2bbd13a79c5694463f711dcb97d3ac19279223
                                                                                  • Instruction Fuzzy Hash: AC018F36601540AFDB22BFA5CC49E5BBBB8EF8A6497000065FD40C7215E779CC54DFA2
                                                                                  Function 6B3E617B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3E6182
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,null pData), ref: 6B3E61AC
                                                                                    • Part of subcall function 6B3E8288: _JNU_GetEnv@8.JAVA(00010002,?), ref: 6B3E82A7
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Env@8Throw$CreateCurrentEventExceptionException@8H_prolog3_catchNullObjectPointerSingleThreadWait
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 2776560734-751156914
                                                                                  • Opcode ID: e0d79603efe84646f7f351bb71ef837d2f20e94783231fdc7c4a99c648e0c9c6
                                                                                  • Instruction ID: 3e90e7cafb1e2b86f7ec15b24d46cd1d559ca1524729aff2b462ee12d885f17e
                                                                                  • Opcode Fuzzy Hash: e0d79603efe84646f7f351bb71ef837d2f20e94783231fdc7c4a99c648e0c9c6
                                                                                  • Instruction Fuzzy Hash: 9C018475A40154FFD712AF648C85EAE7B79AF45308B05046AFA4057201CB3989428BB1
                                                                                  Function 6B3E60E3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3E60EA
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,null pData), ref: 6B3E6114
                                                                                    • Part of subcall function 6B3E8288: _JNU_GetEnv@8.JAVA(00010002,?), ref: 6B3E82A7
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Env@8Throw$CreateCurrentEventExceptionException@8H_prolog3_catchNullObjectPointerSingleThreadWait
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 2776560734-751156914
                                                                                  • Opcode ID: 407181a2c3abdfdcf8c980e78fbb8b9f1fed85cd240486fcbf936d85b79c648f
                                                                                  • Instruction ID: bee63112c67931306ab221b57cb456b413b95a1125ccff423966fd8738a04ff4
                                                                                  • Opcode Fuzzy Hash: 407181a2c3abdfdcf8c980e78fbb8b9f1fed85cd240486fcbf936d85b79c648f
                                                                                  • Instruction Fuzzy Hash: 4301A774A40114BFD722AF648C85EAE7B78EF4530CF04046BF64057241CB3D9A428771
                                                                                  Function 6B3E67A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3E67A7
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,null pData), ref: 6B3E67D1
                                                                                    • Part of subcall function 6B3E8288: _JNU_GetEnv@8.JAVA(00010002,?), ref: 6B3E82A7
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Env@8Throw$CreateCurrentEventExceptionException@8H_prolog3_catchNullObjectPointerSingleThreadWait
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 2776560734-751156914
                                                                                  • Opcode ID: 7494a990e26ede5492e30337e5c513f86839de66fae0694b475ea6928057a4e9
                                                                                  • Instruction ID: 4239a2015e433f908e9b0ab28a4740f0e806ac0064668dd4413e28533d13052c
                                                                                  • Opcode Fuzzy Hash: 7494a990e26ede5492e30337e5c513f86839de66fae0694b475ea6928057a4e9
                                                                                  • Instruction Fuzzy Hash: E501F738A44124FFD711AF608D84EAE3B79FF06308F0404ABFA4067201CB3D89028BB1
                                                                                  Function 6B3BCB30 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,WGLGC_DestroyOGLContext: context is null,6B3BD51F), ref: 6B3BCB3D
                                                                                    • Part of subcall function 6B3AEA57: _J2dTraceInit@0.AWT(?,6B354EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B3AEA63
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEABA
                                                                                    • Part of subcall function 6B3AEA57: vfprintf.MSVCR100 ref: 6B3AEACB
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEAE5
                                                                                    • Part of subcall function 6B3AEA57: fflush.MSVCR100 ref: 6B3AEAEF
                                                                                  • free.MSVCR100 ref: 6B3BCB95
                                                                                  • free.MSVCR100 ref: 6B3BCB9B
                                                                                  Strings
                                                                                  • WGLGC_DestroyOGLContext: context is null, xrefs: 6B3BCB34
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Tracefprintffree$ImplInit@0fflushvfprintf
                                                                                  • String ID: WGLGC_DestroyOGLContext: context is null
                                                                                  • API String ID: 3805858621-1708994239
                                                                                  • Opcode ID: 381f169303ddc5ee8f88bcde705a7d49245f15f0bae53265a0fac47a316d3127
                                                                                  • Instruction ID: 7e7dc9cd638d68c5d05e72cf0d72720c78ad7889e3aed4048a7915392af3ef53
                                                                                  • Opcode Fuzzy Hash: 381f169303ddc5ee8f88bcde705a7d49245f15f0bae53265a0fac47a316d3127
                                                                                  • Instruction Fuzzy Hash: 1CF02874B412006BEA30FB309C85F6B73A8EF41B15F000058FD1A93644DB3EE450DA72
                                                                                  Function 6B3FA14E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3FA155
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,null pData), ref: 6B3FA17D
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Throw$CreateCurrentEnv@8EventExceptionException@8H_prolog3_catchNullObjectPointerSingleThreadWait
                                                                                  • String ID: null pData$peer
                                                                                  • API String ID: 608574450-751156914
                                                                                  • Opcode ID: 9995fe62dcc63edb7956c256642a43993cd786522fc1bdd46dc5efa2c69c7730
                                                                                  • Instruction ID: 709ebdcfc2702d5c48c81b59bd853593126924596debafd7e4529672f99afb57
                                                                                  • Opcode Fuzzy Hash: 9995fe62dcc63edb7956c256642a43993cd786522fc1bdd46dc5efa2c69c7730
                                                                                  • Instruction Fuzzy Hash: 3E017134645154FBCB12AF648E48D9E3F79FF8A718B110154F59067190CB398A12DB62
                                                                                  Function 6B36AFC0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ?BeginScene@D3DContext@@QAEJC@Z.AWT(00000001), ref: 6B36AFDF
                                                                                  • ?DrawPoly@D3DVertexCacher@@QAEJJEJJPAJ0@Z.AWT(?,?,?,?,?,?,00000001), ref: 6B36AFFD
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRenderer_DrawPoly: d3dc, xPoints or yPoints is NULL), ref: 6B36B00F
                                                                                  Strings
                                                                                  • D3DRenderer_DrawPoly: d3dc, xPoints or yPoints is NULL, xrefs: 6B36B006
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: BeginCacher@@Context@@DrawImplPoly@Scene@TraceVertex
                                                                                  • String ID: D3DRenderer_DrawPoly: d3dc, xPoints or yPoints is NULL
                                                                                  • API String ID: 556309797-2745615370
                                                                                  • Opcode ID: 84f83b27b41706a81c28fad15e4379adda70320d45da48e23a4af00bc32606c6
                                                                                  • Instruction ID: 4cb8b8a8fca3b379c28c91f91e116ad2f4d584208f1f04a0666ec09a0c1c3a17
                                                                                  • Opcode Fuzzy Hash: 84f83b27b41706a81c28fad15e4379adda70320d45da48e23a4af00bc32606c6
                                                                                  • Instruction Fuzzy Hash: 23F096737043106BD210C94898C1F5B73EDAFC8B94F00051DF6986B244E77ADC454BA1
                                                                                  Function 6B3E6E21 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 37COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3E6E2F
                                                                                    • Part of subcall function 6B3E81E0: _JNU_GetEnv@8.JAVA(00010002,00000010,6B3C07BE,?,handlePaint,(IIII)V,?,00000010,?,00000010), ref: 6B3E81EC
                                                                                    • Part of subcall function 6B3E81E0: _JNU_CallMethodByNameV@24.JAVA(00000000,00000000,?,?,?,?,00010002,00000010,6B3C07BE,?,handlePaint,(IIII)V,?,00000010,?,00000010), ref: 6B3E8215
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Env@8$CallMethodNameV@24
                                                                                  • String ID: (JI)V$(Z)V$handleAction
                                                                                  • API String ID: 3494409289-1820172317
                                                                                  • Opcode ID: 7f973f48b585dba71d6a9f188c7924a079f6cf9b663e533eb1252ef9aa7e8b63
                                                                                  • Instruction ID: 8665a2a42ff522916053d77667d5d1de0ec02e81cec07c1b992b1f3cae7ed85e
                                                                                  • Opcode Fuzzy Hash: 7f973f48b585dba71d6a9f188c7924a079f6cf9b663e533eb1252ef9aa7e8b63
                                                                                  • Instruction Fuzzy Hash: 72F08279A55A207AD521B774AC46FB7365CEF44218F00044AF851A2246DB2E989286B2
                                                                                  Function 6B3A6210 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,private data), ref: 6B3A6236
                                                                                  • _JNU_ThrowInternalError@8.JAVA(?,bad path delivery sequence), ref: 6B3A624E
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Throw$Error@8Exception@8InternalNullPointer
                                                                                  • String ID: bad path delivery sequence$private data
                                                                                  • API String ID: 1693744675-3477165930
                                                                                  • Opcode ID: fd672b93d88ce776024c058c89507ab5520a325af9ee470df4dbc892ca156bb1
                                                                                  • Instruction ID: 7a36f1da9f016c2fb63064ae691374ffa366fe54004e262c4567c855420f54b8
                                                                                  • Opcode Fuzzy Hash: fd672b93d88ce776024c058c89507ab5520a325af9ee470df4dbc892ca156bb1
                                                                                  • Instruction Fuzzy Hash: 94F08CB56182119FC304DF18D560E9B7BE0AFD9314F11859EF4845B322C738D986CBE1
                                                                                  Function 6B3F817A Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • lstrlenW.KERNEL32(?,?,00000000,6B3F8278,?,?,00010002), ref: 6B3F818F
                                                                                  • wcsncpy.MSVCR100 ref: 6B3F81A4
                                                                                  Strings
                                                                                  • l:@k):@kb:@kX:@kN:@kD:@k, xrefs: 6B3F81CA
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: lstrlenwcsncpy
                                                                                  • String ID: l:@k):@kb:@kX:@kN:@kD:@k
                                                                                  • API String ID: 1739782341-3294335257
                                                                                  • Opcode ID: 0fceca1c4eb56e4e352f529d9d06fa554c9e29ddd3aa2e078115b9d207e836e7
                                                                                  • Instruction ID: d9026c6ce3dd07a12228559789c940acf9f78c331133a94e3352cda7e6c0241b
                                                                                  • Opcode Fuzzy Hash: 0fceca1c4eb56e4e352f529d9d06fa554c9e29ddd3aa2e078115b9d207e836e7
                                                                                  • Instruction Fuzzy Hash: DBF08275654210FBC7A467398C0D99777FCEF87711F00092EF94AD2241E63995158371
                                                                                  Function 6B3A6360 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,private data), ref: 6B3A6386
                                                                                  • _JNU_ThrowInternalError@8.JAVA(?,bad path delivery sequence), ref: 6B3A63A3
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Throw$Error@8Exception@8InternalNullPointer
                                                                                  • String ID: bad path delivery sequence$private data
                                                                                  • API String ID: 1693744675-3477165930
                                                                                  • Opcode ID: f99080dc7ee476b2d84fdbe8b45d7068fd39969c2374be45b7682e97a4addc26
                                                                                  • Instruction ID: 151c970eff28436890053586be22febbb2c50a5b75a3226847a707742c38dd7c
                                                                                  • Opcode Fuzzy Hash: f99080dc7ee476b2d84fdbe8b45d7068fd39969c2374be45b7682e97a4addc26
                                                                                  • Instruction Fuzzy Hash: 66F0A0377281102BA340FB689811EE777A6DFD5314F05C46AF18093164CB28E94286B1
                                                                                  Function 6B3A6280 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,private data), ref: 6B3A62A6
                                                                                  • _JNU_ThrowInternalError@8.JAVA(?,bad path delivery sequence), ref: 6B3A62BF
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Throw$Error@8Exception@8InternalNullPointer
                                                                                  • String ID: bad path delivery sequence$private data
                                                                                  • API String ID: 1693744675-3477165930
                                                                                  • Opcode ID: 19b3b4cd17b7c04ae29ec16cab0f565c6de13670041ce77bd052e2d1b6d9d903
                                                                                  • Instruction ID: 6c4cf3914016ad8a6e1756d6405d878079b9d40b4e19aa2f0220d5e9ee1b872c
                                                                                  • Opcode Fuzzy Hash: 19b3b4cd17b7c04ae29ec16cab0f565c6de13670041ce77bd052e2d1b6d9d903
                                                                                  • Instruction Fuzzy Hash: 36F0EC322882A0AFC300DB28C821FDB3BA49FA6308F05448EF18047222C37DC981C7E2
                                                                                  Function 6B3E823A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002,?,00000000,6B3C580E,00000000), ref: 6B3E8249
                                                                                  • JNU_CallMethodByName.JAVA(00000000,00000000,?,postEvent,(Ljava/awt/AWTEvent;)V,00000000,00010002,?,00000000,6B3C580E,00000000), ref: 6B3E8264
                                                                                    • Part of subcall function 6B3FF4F1: _JNU_IsInstanceOfByName@12.JAVA(?,00000000,java/lang/OutOfMemoryError,?,00000000,?,6B3DB43B,00000000,6C3E5A58,00010002,00000000,6B3E8959,00000004,6B3E8A0F,?,?), ref: 6B3FF512
                                                                                    • Part of subcall function 6B3FF4F1: _CxxThrowException.MSVCR100(?,6B429388), ref: 6B3FF537
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: CallEnv@8ExceptionInstanceMethodNameName@12Throw
                                                                                  • String ID: (Ljava/awt/AWTEvent;)V$postEvent
                                                                                  • API String ID: 2443027089-4114778031
                                                                                  • Opcode ID: bfa48089dd815e3b8caefb4b62fee0a193a3106a307c3e0c2ed6938abfdcf667
                                                                                  • Instruction ID: f31c98cfcd6623c57e94b49a24cee1ae95c4effcdaf0722d8e84cc621115d04e
                                                                                  • Opcode Fuzzy Hash: bfa48089dd815e3b8caefb4b62fee0a193a3106a307c3e0c2ed6938abfdcf667
                                                                                  • Instruction Fuzzy Hash: 79E09231601520BFD7216B20CC05F9FBF69EF89218F10445AFD4052251DB3D8812DAF5
                                                                                  Function 6B3E4255 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 25COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3E425C
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: CreateCurrentEnv@8EventExceptionH_prolog3_catchObjectSingleThreadThrowWait
                                                                                  • String ID: Ljava/lang/String;$alignment$text
                                                                                  • API String ID: 2376344244-2957038647
                                                                                  • Opcode ID: d34a6f8695388a81371cdede0ed5747b79ce77d07169c53d56e54e082170c22c
                                                                                  • Instruction ID: 3641a213e98271b9390d4fc6a4a2a5b961680a62003252484c9496274248f4fc
                                                                                  • Opcode Fuzzy Hash: d34a6f8695388a81371cdede0ed5747b79ce77d07169c53d56e54e082170c22c
                                                                                  • Instruction Fuzzy Hash: 4CF03079A84610EBDF10AFB08848E9D37B4EF08359F0081A5F9895B240DF3D8541DB62
                                                                                  Function 6B3C0983 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 22COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3C098A
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: CreateCurrentEnv@8EventExceptionH_prolog3_catchObjectSingleThreadThrowWait
                                                                                  • String ID: Ljava/lang/String;$java/awt/Button$label
                                                                                  • API String ID: 2376344244-3340982351
                                                                                  • Opcode ID: 0d5e241b52e55f8d6fff17414024a77ceb18f170eb718e20b6311533b1f3a086
                                                                                  • Instruction ID: f0e645ec5cc4cc866f6ea0a539aeef26c38e7f5f197d9577eeeb889380ad2450
                                                                                  • Opcode Fuzzy Hash: 0d5e241b52e55f8d6fff17414024a77ceb18f170eb718e20b6311533b1f3a086
                                                                                  • Instruction Fuzzy Hash: A3E04874E451509BD710EF70C845F5D3774AF1534AF144458E8856B140CF3D9942CBB6
                                                                                  Function 6B36C780 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 15COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • JNU_CallStaticMethodByName.JAVA(?,00000000,sun/java2d/d3d/D3DSurfaceData,dispose,(J)V,?), ref: 6B36C7A1
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: CallMethodNameStatic
                                                                                  • String ID: (J)V$dispose$sun/java2d/d3d/D3DSurfaceData
                                                                                  • API String ID: 284522041-151686029
                                                                                  • Opcode ID: 53ee5a224f260e03942971152a6e2c09ed4ff0945ef44aeb36a4d0eb965da0aa
                                                                                  • Instruction ID: 398cde9e1b48eef87d89f1a96a0e4f257e4c9abd1722f42bab01dc3e2c3bd5af
                                                                                  • Opcode Fuzzy Hash: 53ee5a224f260e03942971152a6e2c09ed4ff0945ef44aeb36a4d0eb965da0aa
                                                                                  • Instruction Fuzzy Hash: C6D012B9A086503EE50096688C45F26239C9FC456CF80C4587154F2040D62EE4048139
                                                                                  Function 6B39EE30 Relevance: 6.4, APIs: 4, Instructions: 429COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2d74a4fb8b60fcea880aa2b4eb92b3fcfee058f09f3c5e9c59057da9886952fb
                                                                                  • Instruction ID: 5071707f49408e978c9ee557476ec7c7d6ad760e37a7712151f766fc0d4a860d
                                                                                  • Opcode Fuzzy Hash: 2d74a4fb8b60fcea880aa2b4eb92b3fcfee058f09f3c5e9c59057da9886952fb
                                                                                  • Instruction Fuzzy Hash: 2002F772A19340EBD7917E50D24929ABFB4FF81790FA15C48F4C9610ADFB3288749F86
                                                                                  Function 6B39EA60 Relevance: 6.3, APIs: 4, Instructions: 284COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ceilfloor
                                                                                  • String ID:
                                                                                  • API String ID: 43245620-0
                                                                                  • Opcode ID: 6332f62b0fe81db8030f70165632ebd3dc6845e332ebf0dcef89077ad4980494
                                                                                  • Instruction ID: 552021544c848d4891e4ebc64bdd27ae697156f93da9a542ac27d5c0424c1cf3
                                                                                  • Opcode Fuzzy Hash: 6332f62b0fe81db8030f70165632ebd3dc6845e332ebf0dcef89077ad4980494
                                                                                  • Instruction Fuzzy Hash: 7AB1F372A1A300EBD7417F64D24919ABFB0FF81790FA14D48F4D5611ADEB3288749F86
                                                                                  Function 6B3E4EBB Relevance: 6.2, APIs: 4, Instructions: 213COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch_GS.LIBCMT ref: 6B3E4EC2
                                                                                  • _JNU_GetEnv@8.JAVA(00010002,00000040,6B3F7074,?), ref: 6B3E4EE3
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Env@8H_prolog3_catch_
                                                                                  • String ID:
                                                                                  • API String ID: 768342862-0
                                                                                  • Opcode ID: f825ed68403d815c82f9451f842add531be0b3ce09cf3c314846a455a65b3af4
                                                                                  • Instruction ID: db15fcd5c11e928db415510f6c5c739da28bc61b3ffe4c7506abfa08ebf3944a
                                                                                  • Opcode Fuzzy Hash: f825ed68403d815c82f9451f842add531be0b3ce09cf3c314846a455a65b3af4
                                                                                  • Instruction Fuzzy Hash: A5713371A00218AFDF15DFB8CC85EAEBBB9FF0C724F10451AF155A62A0DB759952CB20
                                                                                  Function 6B3EEA3D Relevance: 6.2, APIs: 4, Instructions: 202COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GlobalLock.KERNEL32(?), ref: 6B3EEA92
                                                                                  • GlobalUnlock.KERNEL32(?), ref: 6B3EEAAF
                                                                                  • GlobalLock.KERNEL32(00000000), ref: 6B3EEB82
                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 6B3EEBDC
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Global$LockUnlock
                                                                                  • String ID:
                                                                                  • API String ID: 2502338518-0
                                                                                  • Opcode ID: 48911a0328b97734a39842881c676e0b8e8401741ea203b0c123b68a5eb16f0a
                                                                                  • Instruction ID: 39490a6a91ed79d11356e294b1d46c47b34f7f8602831fd1cbd7b9fd82284e6c
                                                                                  • Opcode Fuzzy Hash: 48911a0328b97734a39842881c676e0b8e8401741ea203b0c123b68a5eb16f0a
                                                                                  • Instruction Fuzzy Hash: 4471A170A04A19EBCB14AF78D8856AEBFB4FF08304F1184AFE4C492210DB369925CB61
                                                                                  Function 6B362210 Relevance: 6.2, APIs: 4, Instructions: 201COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ?UpdateState@D3DContext@@QAEJC@Z.AWT(00000020,?,00000001,?,?), ref: 6B36226F
                                                                                  • _SurfaceData_IntersectBoundsXYXY@20.AWT(?,00000000,00000000,00000000,00000002,00000020,?,00000001,?,?), ref: 6B3622FC
                                                                                  • ?GetClipType@D3DContext@@QAE?AW4ClipType@@XZ.AWT(?,00000000,00000000,00000000,00000002,00000020,?,00000001,?,?), ref: 6B362303
                                                                                  • _SurfaceData_IntersectBoundsXYXY@20.AWT(?,?,?,?,?,?,00000001,?,?), ref: 6B36233A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: BoundsClipContext@@Data_IntersectSurfaceY@20$State@Type@Type@@Update
                                                                                  • String ID:
                                                                                  • API String ID: 1317578984-0
                                                                                  • Opcode ID: ac143cb5737a7b8b771cdc67f7ffad2c95e61d0966d7c51bcd7f92361bf364da
                                                                                  • Instruction ID: b14299c99f1b4825f5c1e579b7afd205c4bd382ea4eac2e90a98c0d62c09cf95
                                                                                  • Opcode Fuzzy Hash: ac143cb5737a7b8b771cdc67f7ffad2c95e61d0966d7c51bcd7f92361bf364da
                                                                                  • Instruction Fuzzy Hash: 898100B5A083419FC324DF29C990A5EBBE5BFC8744F518A2DF19987314EB35E844CB92
                                                                                  Function 6B3E2ABF Relevance: 6.1, APIs: 4, Instructions: 66COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3E2AC6
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  • wcslen.MSVCR100 ref: 6B3E2B22
                                                                                  • free.MSVCR100 ref: 6B3E2B3B
                                                                                  • _CxxThrowException.MSVCR100(?,6B429388), ref: 6B3E2B5C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ExceptionThrow$CreateCurrentEnv@8EventH_prolog3_catchObjectSingleThreadWaitfreewcslen
                                                                                  • String ID:
                                                                                  • API String ID: 3923742239-0
                                                                                  • Opcode ID: fd17ef3fa99e10278e9729acb2fd7684c3a3902fe08d0be9b269c85fdd00628e
                                                                                  • Instruction ID: ee95d4ed8744458647d138dd6a1f5d382b1f1e5047b7b538de6b8aa2560c6f6a
                                                                                  • Opcode Fuzzy Hash: fd17ef3fa99e10278e9729acb2fd7684c3a3902fe08d0be9b269c85fdd00628e
                                                                                  • Instruction Fuzzy Hash: 1611E235A05226AB8B20EFB48C89DAF7B79EF89354B10456EE5149B201DF398603D7F0
                                                                                  Function 6B3AA726 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Version$LibraryLoadSystem
                                                                                  • String ID:
                                                                                  • API String ID: 58072918-0
                                                                                  • Opcode ID: 2db2b8b64c84347eb8954a9e3f112246de8c5341ffc357930751b65058181e80
                                                                                  • Instruction ID: 0994aea1a244ccb7b1a22439a45dc411662443c13d52e8144f9320d5d96cb708
                                                                                  • Opcode Fuzzy Hash: 2db2b8b64c84347eb8954a9e3f112246de8c5341ffc357930751b65058181e80
                                                                                  • Instruction Fuzzy Hash: 5901D8362441189FDB419FA88C04FFB37BAEF8A711F110066F98497100CB2AE85397A5
                                                                                  Function 6B3CC3A8 Relevance: 6.0, APIs: 4, Instructions: 45stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • getEncodingFromLangID.JAVA(?,00000000,?,00000000,?,6B3C381F,?,00000000), ref: 6B3CC3B1
                                                                                  • strlen.MSVCR100 ref: 6B3CC3B9
                                                                                  • _CxxThrowException.MSVCR100(?,6B429388), ref: 6B3CC3E9
                                                                                  • free.MSVCR100 ref: 6B3CC3FF
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: EncodingExceptionFromLangThrowfreestrlen
                                                                                  • String ID:
                                                                                  • API String ID: 4163818016-0
                                                                                  • Opcode ID: 3f876a26336e1cd55c169bc6a5083921f0a8d58960f21f8ce17e09d96796bf2b
                                                                                  • Instruction ID: 656ed46f7ebbb873f886e85e4c346b7dcd090c8e7fffef31ab574bfa702318fb
                                                                                  • Opcode Fuzzy Hash: 3f876a26336e1cd55c169bc6a5083921f0a8d58960f21f8ce17e09d96796bf2b
                                                                                  • Instruction Fuzzy Hash: C9F08636109248BFDB115FA59C89DEF3BBCEF8A264F10402DF9088B141DB35D9019B60
                                                                                  Function 6B3EAF9C Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3EAFA3
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  • _control87.MSVCR100 ref: 6B3EAFD3
                                                                                  • _control87.MSVCR100 ref: 6B3EAFE4
                                                                                  • _control87.MSVCR100 ref: 6B3EAFEF
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: _control87$CreateCurrentEnv@8EventExceptionH_prolog3_catchObjectSingleThreadThrowWait
                                                                                  • String ID:
                                                                                  • API String ID: 295899318-0
                                                                                  • Opcode ID: 6b24b3394ec2debc59b6e28f0314be05f646317aedf24bb7adbd9e3b289c19f2
                                                                                  • Instruction ID: 9739becce0c82fe0a6da6d7579a867a5044f2428fa4867307f78ba2b7ea94901
                                                                                  • Opcode Fuzzy Hash: 6b24b3394ec2debc59b6e28f0314be05f646317aedf24bb7adbd9e3b289c19f2
                                                                                  • Instruction Fuzzy Hash: 35F0E936B082146ADF146BB46C45D5D7BB4DB85230720812FF6209A1C0DF3E91429B61
                                                                                  Function 6B3ECE06 Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3ECE0D
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  • GlobalLock.KERNEL32(00000000), ref: 6B3ECE35
                                                                                  • wcslen.MSVCR100 ref: 6B3ECE45
                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 6B3ECE61
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Global$CreateCurrentEnv@8EventExceptionH_prolog3_catchLockObjectSingleThreadThrowUnlockWaitwcslen
                                                                                  • String ID:
                                                                                  • API String ID: 1282198705-0
                                                                                  • Opcode ID: b9bf49fb6138eda142e86f4697448e3d653a154f797796eead30ef814930b335
                                                                                  • Instruction ID: 624e134160655d062dad15b5f17647875492d74d7d79eb4150fb3fb9b99f49fb
                                                                                  • Opcode Fuzzy Hash: b9bf49fb6138eda142e86f4697448e3d653a154f797796eead30ef814930b335
                                                                                  • Instruction Fuzzy Hash: 93F0A43A600311DBDB249BB8C889A6EB7ECAF49355B50852EF982A7140DF399501D7B0
                                                                                  Function 6B3C8A0D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 187COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3.LIBCMT ref: 6B3C8A2C
                                                                                    • Part of subcall function 6B37F846: __EH_prolog3.LIBCMT ref: 6B37F84D
                                                                                    • Part of subcall function 6B404232: __onexit.MSVCRT ref: 6B40423A
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog3$__onexit
                                                                                  • String ID: Dead Key Flags$VKEY translations
                                                                                  • API String ID: 896046064-1120667548
                                                                                  • Opcode ID: 9b4ec012a5137780822f63a4bb8c535d148d6cbd19d9f6b624a0875c04a164e1
                                                                                  • Instruction ID: d8fce85f286e78f9c55738c451b80afdc4cfb0bae4d2642376f51fc6c47365af
                                                                                  • Opcode Fuzzy Hash: 9b4ec012a5137780822f63a4bb8c535d148d6cbd19d9f6b624a0875c04a164e1
                                                                                  • Instruction Fuzzy Hash: 5951F475B442469BEB249FA48C52BFF7B65EF46314F000169E491AA1C0CFBC9E049766
                                                                                  Function 6B354C17 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 87COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 6B3AB3AE: malloc.MSVCR100 ref: 6B3AB3B6
                                                                                    • Part of subcall function 6B3AB3AE: _SurfaceData_SetOps@12.AWT(?,?,00000000,?,6B354C2A,?,?,0000004C), ref: 6B3AB3C7
                                                                                    • Part of subcall function 6B3AB3AE: memset.MSVCR100 ref: 6B3AB3D6
                                                                                  • _JNU_ThrowOutOfMemoryError@8.JAVA(?,Initialization of SurfaceData failed.), ref: 6B354C39
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Data_Error@8MemoryOps@12SurfaceThrowmallocmemset
                                                                                  • String ID: %I5k$Initialization of SurfaceData failed.
                                                                                  • API String ID: 1070255670-2396334545
                                                                                  • Opcode ID: 60726980dae30d7e8acee5a6854c33cea993ed50050ec7738cce3073b6c96500
                                                                                  • Instruction ID: 6e82c4e03ae04feb1179bc8f4271f115ad2372e10e303e51d05f6e69949bd071
                                                                                  • Opcode Fuzzy Hash: 60726980dae30d7e8acee5a6854c33cea993ed50050ec7738cce3073b6c96500
                                                                                  • Instruction Fuzzy Hash: 923127B5600705AFC761DF29D9C4EAABBF8FF49710B10446EF88AC7604E739A4618F60
                                                                                  Function 6B3D0D70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  • Error:%08x in CoCreateInstance( CLSID_DragDropHelper, NULL, CLSCTX_ALL, IID_IDragSourceHelper, (LPVOID*)&pHelper), xrefs: 6B3D0DAD
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog3_catch_com_raise_error
                                                                                  • String ID: Error:%08x in CoCreateInstance( CLSID_DragDropHelper, NULL, CLSCTX_ALL, IID_IDragSourceHelper, (LPVOID*)&pHelper)
                                                                                  • API String ID: 126908072-3748714036
                                                                                  • Opcode ID: 4dcbbe81c658b5f66d6a78c9ccd6545e350d7eee03da1082fb16da304d91b9bd
                                                                                  • Instruction ID: 3e9e61881b98331759db63039d4427494641f6d9ab4146f0c396e04b8d8bb41d
                                                                                  • Opcode Fuzzy Hash: 4dcbbe81c658b5f66d6a78c9ccd6545e350d7eee03da1082fb16da304d91b9bd
                                                                                  • Instruction Fuzzy Hash: B0311675A01249AFCF01EFB4C849EDEBBB4EF49314F108059F854AB250DB389A02DF65
                                                                                  Function 6B3FA08C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch_GS.LIBCMT ref: 6B3FA093
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                    • Part of subcall function 6B3F9D2C: __EH_prolog3.LIBCMT ref: 6B3F9D33
                                                                                  • _Java_sun_awt_Win32GraphicsDevice_isPixFmtSupported@16.AWT(?,?,00000000,?), ref: 6B3FA125
                                                                                    • Part of subcall function 6B3F9FFD: __EH_prolog3_catch_GS.LIBCMT ref: 6B3FA004
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog3_catch_$CreateCurrentDevice_isEnv@8EventExceptionGraphicsH_prolog3Java_sun_awt_ObjectSingleSupported@16ThreadThrowWaitWin32
                                                                                  • String ID: f4@k\4@kR4@kH4@k
                                                                                  • API String ID: 1305225777-1949515203
                                                                                  • Opcode ID: 5f34e7ddb9c24446fb153945b7744791d9530f63dedffb1db2598dfb43a1123b
                                                                                  • Instruction ID: 2b0222b7a99c3e1065ac4f0c8b6aa375c85eeefce0bee9dcc8135f55a4ebec85
                                                                                  • Opcode Fuzzy Hash: 5f34e7ddb9c24446fb153945b7744791d9530f63dedffb1db2598dfb43a1123b
                                                                                  • Instruction Fuzzy Hash: 0B111971E00218ABDF10AFB9D885A9EBBB9FF0D344F51506EF514E7210CB794942DB60
                                                                                  Function 6B3F4060 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56threadCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,300AB9ED,?,?,6B44E4B8,00000000,6B407CB8,000000FF,6B3C74D0,6B3C5E40,00000000), ref: 6B3F4090
                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6B3F4095
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: CurrentEnv@8Thread
                                                                                  • String ID: XZ>l
                                                                                  • API String ID: 1424411177-1259824441
                                                                                  • Opcode ID: 637fb62457a7326ffd8050e7e3063013231e1352f72628bb10dbeff6803e74a1
                                                                                  • Instruction ID: 299d1c3e9429bdf8643bb8907a97d8d2dfdbf2b822e52c811c8a7c484065b035
                                                                                  • Opcode Fuzzy Hash: 637fb62457a7326ffd8050e7e3063013231e1352f72628bb10dbeff6803e74a1
                                                                                  • Instruction Fuzzy Hash: DA115B726087509FD344DF1DC841B5AB7E8FB88724F004A2EF4A983380DB35E904CBA2
                                                                                  Function 6B36AE70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • memset.MSVCR100 ref: 6B36AE7C
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRenderQueue_flushBuffer: cannot get direct buffer address), ref: 6B36AE98
                                                                                    • Part of subcall function 6B3AEA57: _J2dTraceInit@0.AWT(?,6B354EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B3AEA63
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEABA
                                                                                    • Part of subcall function 6B3AEA57: vfprintf.MSVCR100 ref: 6B3AEACB
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEAE5
                                                                                    • Part of subcall function 6B3AEA57: fflush.MSVCR100 ref: 6B3AEAEF
                                                                                  Strings
                                                                                  • D3DRenderQueue_flushBuffer: cannot get direct buffer address, xrefs: 6B36AE8F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Tracefprintf$ImplInit@0fflushmemsetvfprintf
                                                                                  • String ID: D3DRenderQueue_flushBuffer: cannot get direct buffer address
                                                                                  • API String ID: 3389570045-1475403500
                                                                                  • Opcode ID: 8fc7a4ed5d97135c15e109d9ff5bf23707b087275e136c8a383b24371f5322be
                                                                                  • Instruction ID: 431015869c6200c8a645f60be101379b50c2b798f7c57167b608bb9c287e829d
                                                                                  • Opcode Fuzzy Hash: 8fc7a4ed5d97135c15e109d9ff5bf23707b087275e136c8a383b24371f5322be
                                                                                  • Instruction Fuzzy Hash: 14118E75608211AFD300EB69DD81F5B73E8AF89744F00896CF58497244F779DA18CBA2
                                                                                  Function 6B3D8172 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3D8179
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                    • Part of subcall function 6B404232: __onexit.MSVCRT ref: 6B40423A
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: CreateCurrentEnv@8EventExceptionH_prolog3_catchObjectSingleThreadThrowWait__onexit
                                                                                  • String ID: Dk$Dk
                                                                                  • API String ID: 2536595423-2118728901
                                                                                  • Opcode ID: a7384787cabc66c5be4ec36fe882f2065a6183acb69278b77c18ca2df94c141a
                                                                                  • Instruction ID: 2c1737223c20e7342cf0501b60443e4988361ff5a32cca31977ecfda60d6cb92
                                                                                  • Opcode Fuzzy Hash: a7384787cabc66c5be4ec36fe882f2065a6183acb69278b77c18ca2df94c141a
                                                                                  • Instruction Fuzzy Hash: E111A035740601EBDB15EF78C849FAD3BB5AF4A348F1440A8F8459B291CF39DA41DB62
                                                                                  Function 6B3F4120 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51threadCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,300AB9ED,?,6B44E4B8,00000000,6B407D28,000000FF,6B3C0A8C,6B3C0872,00000000), ref: 6B3F414F
                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6B3F4154
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: CurrentEnv@8Thread
                                                                                  • String ID: XZ>l
                                                                                  • API String ID: 1424411177-1259824441
                                                                                  • Opcode ID: 386751af10d86b36f966c7b0a5090585bd2c762264e816845d61fc2deb38b03f
                                                                                  • Instruction ID: edb8b4aeb8618944154e6d05379df711e21db718851f0ccd103f46a478d78201
                                                                                  • Opcode Fuzzy Hash: 386751af10d86b36f966c7b0a5090585bd2c762264e816845d61fc2deb38b03f
                                                                                  • Instruction Fuzzy Hash: D5114C715186509FD344EF18C881B5AB7E4FF8C714F008A2EF49A83380DB39E914CB92
                                                                                  Function 6B3F41D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50threadCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,300AB9ED,?,?,6B44E4B8,00000000,6B407CB8,000000FF,6B3E3A7E,?,?,6B3E3B16,6B3C8F7F,00000004), ref: 6B3F4200
                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6B3F4205
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: CurrentEnv@8Thread
                                                                                  • String ID: XZ>l
                                                                                  • API String ID: 1424411177-1259824441
                                                                                  • Opcode ID: 4ddfc1088c0551c0d01c7b133960464b0828235c49d374a4d405192e1d8aa242
                                                                                  • Instruction ID: f2204d7b5e26566af0dd6a154873e9dd61e7930a4ac89995984d7af0b1e0bf2f
                                                                                  • Opcode Fuzzy Hash: 4ddfc1088c0551c0d01c7b133960464b0828235c49d374a4d405192e1d8aa242
                                                                                  • Instruction Fuzzy Hash: 9A1130766087519FD354DF1CC845B5AB7E4FB89720F104A2EF4A9C3380DB399904CBA2
                                                                                  Function 6ADD1033 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringwindowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • FormatMessageA.KERNEL32(00001000,00000000,?,00000000,?,00000400,00000000,00000000,?), ref: 6ADD106F
                                                                                  • strcpy.MSVCR100(00000000,Unknown error), ref: 6ADD1085
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371186328.000000006ADD1000.00000020.00000001.01000000.00000018.sdmp, Offset: 6ADD0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371148872.000000006ADD0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371227574.000000006ADD4000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371263832.000000006ADD7000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6add0000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: FormatMessagestrcpy
                                                                                  • String ID: Unknown error
                                                                                  • API String ID: 3877526160-83687255
                                                                                  • Opcode ID: 71ac4949de9d7198bbeb0f40fe770e31c07f140a6b3c4e20fbd55462b2b441e3
                                                                                  • Instruction ID: fe5ffe8dee3feebc4fa5acc2b77c57030732e8e865a0df0058717d8958208014
                                                                                  • Opcode Fuzzy Hash: 71ac4949de9d7198bbeb0f40fe770e31c07f140a6b3c4e20fbd55462b2b441e3
                                                                                  • Instruction Fuzzy Hash: 8E0171B5640208AFEB10EF64DC05FAA77BCEF85714F114099F705E7191DB70AA458B68
                                                                                  Function 6B3D0E81 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3D0ECA
                                                                                  • CloseHandle.KERNEL32(?,00010002), ref: 6B3D0EFC
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: CloseEnv@8Handle
                                                                                  • String ID: X$Bk
                                                                                  • API String ID: 4281811826-144081722
                                                                                  • Opcode ID: c8d25d61388392040a046d27f81463b9b76561ef69211ad09ba5e353effcabdf
                                                                                  • Instruction ID: 51cbe5825680f89c3b872dddec1d1a83c5d2cca5e39aa46934a0876c83989d3e
                                                                                  • Opcode Fuzzy Hash: c8d25d61388392040a046d27f81463b9b76561ef69211ad09ba5e353effcabdf
                                                                                  • Instruction Fuzzy Hash: 2F11C235201A01DFC725DF98CA88D5ABBF5FF49B00341849DE8968B722DB75E890DF00
                                                                                  Function 6B3FCD00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3FCD07
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,raster data), ref: 6B3FCD41
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Exception@8H_prolog3_catchNullPointerThrow
                                                                                  • String ID: raster data
                                                                                  • API String ID: 3197484656-3234502937
                                                                                  • Opcode ID: 87f88452bed19ca126d22e03e4b4a348c7206c6d586f08085b58313b914e198a
                                                                                  • Instruction ID: 4419418dcf5f2ba607762d30452118695a734420f846da322e0ea0977071f7f9
                                                                                  • Opcode Fuzzy Hash: 87f88452bed19ca126d22e03e4b4a348c7206c6d586f08085b58313b914e198a
                                                                                  • Instruction Fuzzy Hash: BC0152B0A00109EFDB11DFB8C885DAE7BB8EF09314F50456DF9159B250DB359E418FA0
                                                                                  Function 6B3683D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ??3@YAXPAX@Z.MSVCR100(00000000), ref: 6B368407
                                                                                  • GetModuleHandleW.KERNEL32(00000000), ref: 6B368427
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ??3@HandleModule
                                                                                  • String ID: D3DFocusWindow
                                                                                  • API String ID: 3964191634-2134717817
                                                                                  • Opcode ID: 060b0e4dc84546352a42845cb2b98770322a3b27a07f62f54ab9300d5f7e916f
                                                                                  • Instruction ID: 09e9bfe75ca5efb429555f0e2b671bff757f2da6ee7ad1bae2bcf83d11882538
                                                                                  • Opcode Fuzzy Hash: 060b0e4dc84546352a42845cb2b98770322a3b27a07f62f54ab9300d5f7e916f
                                                                                  • Instruction Fuzzy Hash: 7C01D4712007008FE730AF79C884B57B3B8EF56314F104A2DD49283694D779E485CBA0
                                                                                  Function 6B3FC223 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3FC246
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Env@8
                                                                                  • String ID: ()V$draggedToNewScreen
                                                                                  • API String ID: 97469293-3485263820
                                                                                  • Opcode ID: 394380e5a4ce9b2957a697016627bf29778adeed9ebada93fa33597c673e752e
                                                                                  • Instruction ID: bf5589d43ade6972a143d4ce23324feed2919a743ce135a2b54739a23c82127d
                                                                                  • Opcode Fuzzy Hash: 394380e5a4ce9b2957a697016627bf29778adeed9ebada93fa33597c673e752e
                                                                                  • Instruction Fuzzy Hash: 49016971240515BFDB01ABA9CC88EAAF7ECFF49249B100166F95897211DB3AAC118AA0
                                                                                  Function 6B37EA60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • DeleteCriticalSection.KERNEL32(?), ref: 6B37EADF
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B37EAE6
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ??3@CriticalDeleteSection
                                                                                  • String ID: p4@kf4@k\4@kR4@kH4@k
                                                                                  • API String ID: 1993430471-4174628267
                                                                                  • Opcode ID: b5e8a34da0464227ef6e0de8e9bb28787b63ceb829dfd561e56f6a7fe9d663d8
                                                                                  • Instruction ID: 539ec71a91c31db5ae35fc0891a4fc9e22215c0d03cbce82b0b1edcf2646b9a7
                                                                                  • Opcode Fuzzy Hash: b5e8a34da0464227ef6e0de8e9bb28787b63ceb829dfd561e56f6a7fe9d663d8
                                                                                  • Instruction Fuzzy Hash: FE01AE75611B109FDB64EF64C948BABB7E8BF89600F04886CE4DA87650CB39E844CB91
                                                                                  Function 6B3662D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • J2dTraceImpl.AWT(00000003,00000001,D3DContext::ResetContext), ref: 6B3662E5
                                                                                    • Part of subcall function 6B3AEA57: _J2dTraceInit@0.AWT(?,6B354EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B3AEA63
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEABA
                                                                                    • Part of subcall function 6B3AEA57: vfprintf.MSVCR100 ref: 6B3AEACB
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEAE5
                                                                                    • Part of subcall function 6B3AEA57: fflush.MSVCR100 ref: 6B3AEAEF
                                                                                  • ?ConfigureContext@D3DContext@@QAEJPAU_D3DPRESENT_PARAMETERS_@@@Z.AWT(?), ref: 6B366324
                                                                                  Strings
                                                                                  • D3DContext::ResetContext, xrefs: 6B3662D5
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Tracefprintf$ConfigureContext@Context@@ImplInit@0S_@@@fflushvfprintf
                                                                                  • String ID: D3DContext::ResetContext
                                                                                  • API String ID: 2579119972-1876289660
                                                                                  • Opcode ID: 468735dc9a118745eb86ef78258d4bd20315e462c0f4d87e331fd893b613399c
                                                                                  • Instruction ID: 19914f58d2374c20a4b45378a5241add9bac6de845bdde5870c24c256b845b00
                                                                                  • Opcode Fuzzy Hash: 468735dc9a118745eb86ef78258d4bd20315e462c0f4d87e331fd893b613399c
                                                                                  • Instruction Fuzzy Hash: 13F0C271B04300AACB00DE249C806CA7BD4E7842A0F50043EFE5CE7250E3798544CBA2
                                                                                  Function 6B3D8D26 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3D8D2D
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,str argument,0000000C), ref: 6B3D8D4E
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Throw$CreateCurrentEnv@8EventExceptionException@8H_prolog3_catchNullObjectPointerSingleThreadWait
                                                                                  • String ID: str argument
                                                                                  • API String ID: 608574450-2122614655
                                                                                  • Opcode ID: 9bab5f16f2b8f210e08a2cf6bb9893156748bfbd7f5a0cc65dcbd5a00a8788cb
                                                                                  • Instruction ID: a8d64d47e9ef9e0ae2ca4d94746a14cb0833f193fc1d5a272d780b2d85a21cf2
                                                                                  • Opcode Fuzzy Hash: 9bab5f16f2b8f210e08a2cf6bb9893156748bfbd7f5a0cc65dcbd5a00a8788cb
                                                                                  • Instruction Fuzzy Hash: F6F06235B01240BFCF21AFB48D05E9E3B79EF4A744B004479F90496250DB39C911E7A1
                                                                                  Function 6B3C23AA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,preferredSize,()Ljava/awt/Dimension;), ref: 6B3C23C7
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: CallMethodName
                                                                                  • String ID: ()Ljava/awt/Dimension;$preferredSize
                                                                                  • API String ID: 4012259957-3790510051
                                                                                  • Opcode ID: 1cab4028c220dcb3b36a6699c97b2bf2eefd76e58667f82f50138ea5db722992
                                                                                  • Instruction ID: 118e0a1491c9038e196c18e3dae19f64778bbb2e9443880e4fc352442ed93f66
                                                                                  • Opcode Fuzzy Hash: 1cab4028c220dcb3b36a6699c97b2bf2eefd76e58667f82f50138ea5db722992
                                                                                  • Instruction Fuzzy Hash: 16F0E5B27115417FEB006BC8DC45EFB7B9DDF86218B00007AF60097200DBBAAD0297B1
                                                                                  Function 6B3F42D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetSystemMetrics.USER32(00000031), ref: 6B3F42DD
                                                                                  • GetSystemMetrics.USER32(00000032), ref: 6B3F42E3
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: MetricsSystem
                                                                                  • String ID: AWT_ICON
                                                                                  • API String ID: 4116985748-964608939
                                                                                  • Opcode ID: 663fbbf018337004aeb265112372ef1ecc2f079e2859d928172eb564504c5304
                                                                                  • Instruction ID: f1414abddbccd2c491c5efbf209031d9b168a04c86c6f18004b5df9bf8d7d39a
                                                                                  • Opcode Fuzzy Hash: 663fbbf018337004aeb265112372ef1ecc2f079e2859d928172eb564504c5304
                                                                                  • Instruction Fuzzy Hash: 3DF0BE72790210ABDE20FB6ED984B4A3BACE786760F4000A7E604D729CC2B5D421EB60
                                                                                  Function 6B3E80DA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3E80E1
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3E8110
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Env@8$H_prolog3_catch
                                                                                  • String ID: 8Dk
                                                                                  • API String ID: 2100887230-898463027
                                                                                  • Opcode ID: ccb328a0e512bd8ae9ca5ffcfb7e93bffd615aaffff3096a2cbc3651a250702f
                                                                                  • Instruction ID: cda2780d43eeae68994b7b1c34194d2d75e56188c46c9eee8e737449ae6cdd50
                                                                                  • Opcode Fuzzy Hash: ccb328a0e512bd8ae9ca5ffcfb7e93bffd615aaffff3096a2cbc3651a250702f
                                                                                  • Instruction Fuzzy Hash: 30F04F30A91210EFDF04FF64C985E4C7B75EB0A344F4044A8F845AB295CF798D56EB51
                                                                                  Function 6B3D4E2D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B3D4E5C
                                                                                  • CloseHandle.KERNEL32(?,00010002), ref: 6B3D4E7C
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: CloseEnv@8Handle
                                                                                  • String ID: P*Bk
                                                                                  • API String ID: 4281811826-3351021279
                                                                                  • Opcode ID: 49c59f33d9f843022d337ec5785a43c21488bc60de14a0e672edbd4275d6cceb
                                                                                  • Instruction ID: f26e5fc539d9db63070b50e9430e48289aa13f81f0d8530139a1eaa51d4b10c0
                                                                                  • Opcode Fuzzy Hash: 49c59f33d9f843022d337ec5785a43c21488bc60de14a0e672edbd4275d6cceb
                                                                                  • Instruction Fuzzy Hash: 38F03276200A00DFC7259F98CA89D5ABBF5FF48B00301449CE4968B622DB75EC90DB40
                                                                                  Function 6B3D8CB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3D8CB7
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,fontMetrics' font), ref: 6B3D8CE9
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Throw$CreateCurrentEnv@8EventExceptionException@8H_prolog3_catchNullObjectPointerSingleThreadWait
                                                                                  • String ID: fontMetrics' font
                                                                                  • API String ID: 608574450-1502647170
                                                                                  • Opcode ID: 6d3076afcdbe01ed1390ba25f286dbc7bf64f9dfb38266e4e3b6f93a58f39f07
                                                                                  • Instruction ID: f8928422fc55d157871e98ff63253d7e9963da8bc6ed21bf56e00c2d1bb35bdd
                                                                                  • Opcode Fuzzy Hash: 6d3076afcdbe01ed1390ba25f286dbc7bf64f9dfb38266e4e3b6f93a58f39f07
                                                                                  • Instruction Fuzzy Hash: 6BF08236646010EFDB21AF708805F8D7779FF09319F0080A9FE446A140DF3D66119B65
                                                                                  Function 6B3F03FA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3F0401
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: CreateCurrentEnv@8EventExceptionH_prolog3_catchObjectSingleThreadThrowWait
                                                                                  • String ID: blockIncrement$unitIncrement
                                                                                  • API String ID: 2376344244-3253556574
                                                                                  • Opcode ID: e6d80cf80f63d88155a1a0af5488aa82dbe4a9df6406c079c0d3e5116c885741
                                                                                  • Instruction ID: 2f8210e1cdaa3a3756f7d726c4047d266502f0aa8931ade6c1406a26e721a8cc
                                                                                  • Opcode Fuzzy Hash: e6d80cf80f63d88155a1a0af5488aa82dbe4a9df6406c079c0d3e5116c885741
                                                                                  • Instruction Fuzzy Hash: 96F03079A44154EBDF20AF74C849F8E7BB9BF59329F008468BA889B205CF3DC541DB61
                                                                                  Function 6B3BCBB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • J2dTraceImpl.AWT(00000001,00000001,OGLGC_DestroyOGLGraphicsConfig: info is null,?,6B39D805,?,?,000000FF), ref: 6B3BCBC2
                                                                                    • Part of subcall function 6B3AEA57: _J2dTraceInit@0.AWT(?,6B354EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B3AEA63
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEABA
                                                                                    • Part of subcall function 6B3AEA57: vfprintf.MSVCR100 ref: 6B3AEACB
                                                                                    • Part of subcall function 6B3AEA57: fprintf.MSVCR100 ref: 6B3AEAE5
                                                                                    • Part of subcall function 6B3AEA57: fflush.MSVCR100 ref: 6B3AEAEF
                                                                                  • free.MSVCR100 ref: 6B3BCBDA
                                                                                  Strings
                                                                                  • OGLGC_DestroyOGLGraphicsConfig: info is null, xrefs: 6B3BCBB9
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: Tracefprintf$ImplInit@0fflushfreevfprintf
                                                                                  • String ID: OGLGC_DestroyOGLGraphicsConfig: info is null
                                                                                  • API String ID: 320543924-797612303
                                                                                  • Opcode ID: 8b07d5c9556169185fb8435c12909574099a92b55713bbc60e5017030a92ab45
                                                                                  • Instruction ID: d446ab70f3195f2a8830ac0256f2dd2e5605f74cfbd81330c5c4529cefeeca90
                                                                                  • Opcode Fuzzy Hash: 8b07d5c9556169185fb8435c12909574099a92b55713bbc60e5017030a92ab45
                                                                                  • Instruction Fuzzy Hash: A0D0C232F5463013C6216B19B802F8F33689FE0B24F0A0059F45437504CAA6A8C180E2
                                                                                  Function 6B3E88DF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 16COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3E88E6
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: CreateCurrentEnv@8EventExceptionH_prolog3_catchObjectSingleThreadThrowWait
                                                                                  • String ID: Ljava/awt/Insets;$insets_
                                                                                  • API String ID: 2376344244-797675677
                                                                                  • Opcode ID: 0b689dc8653078d7a667307d72d1c01f8cad0996261f604996f4e1659f5a8510
                                                                                  • Instruction ID: 460cca96e99f82a5fa170af38155e4c49a87dc10e80453e9da30fcb34c20f88d
                                                                                  • Opcode Fuzzy Hash: 0b689dc8653078d7a667307d72d1c01f8cad0996261f604996f4e1659f5a8510
                                                                                  • Instruction Fuzzy Hash: 88E01278E44244EBDF50EBB0D54AF4C3635BF54359F004468B5555F240CF3D8601DB65
                                                                                  Function 6B3EAD7C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 16COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B3EAD83
                                                                                    • Part of subcall function 6B3FF49D: _JNU_GetEnv@8.JAVA(6C3E5A58,00010002,6B3FA2EA,00000004,6B367083,?,00000020,?,00000020,?), ref: 6B3FF4AC
                                                                                    • Part of subcall function 6B3F4450: GetCurrentThreadId.KERNEL32 ref: 6B3F448B
                                                                                    • Part of subcall function 6B3F4450: _CxxThrowException.MSVCR100(?,6B429788), ref: 6B3F44A7
                                                                                    • Part of subcall function 6B3F4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B429788), ref: 6B3F44B6
                                                                                    • Part of subcall function 6B3F4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B3F44BD
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: CreateCurrentEnv@8EventExceptionH_prolog3_catchObjectSingleThreadThrowWait
                                                                                  • String ID: Ljava/awt/print/PageFormat;$page
                                                                                  • API String ID: 2376344244-1475000988
                                                                                  • Opcode ID: 3dbdf7b91b98064d632b83ec12bbe8b16534d60631ce2983e94195dcd69316a4
                                                                                  • Instruction ID: 9a53c5518fd0c11ba3b09948924e75912650cbe924d1edadbd080b2c3b084399
                                                                                  • Opcode Fuzzy Hash: 3dbdf7b91b98064d632b83ec12bbe8b16534d60631ce2983e94195dcd69316a4
                                                                                  • Instruction Fuzzy Hash: 9BE0EC78A85200EBCB14EBB0C899F483635AF14219F408468AA445A144CF398515DB62
                                                                                  Function 6B3C4EC0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • JNU_CallMethodByName.JAVA(00000000,00000000,00000000,getItemImpl,(I)Ljava/lang/String;,6B3E51B8,00000000,00000000,?,6B3E51B8,00000000,00000000,00000000,?,00000000,00000000), ref: 6B3C4EDA
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: CallMethodName
                                                                                  • String ID: (I)Ljava/lang/String;$getItemImpl
                                                                                  • API String ID: 4012259957-3545066294
                                                                                  • Opcode ID: c0996a0bec3f20a436c7b44fd9b67a31b0573d63d9ab8a394ede7811cf292037
                                                                                  • Instruction ID: 8fad3acbae7d72781f484c57c60dfcba40440ee53a45e7f926f5decbab4e5a76
                                                                                  • Opcode Fuzzy Hash: c0996a0bec3f20a436c7b44fd9b67a31b0573d63d9ab8a394ede7811cf292037
                                                                                  • Instruction Fuzzy Hash: 50D0C9B2805248BBDF069F44CD02F6E7E69AB55258F448018FD0425151E6BAAA21B7E4
                                                                                  Function 6B3BEE62 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 7COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B3BEE65
                                                                                  • _JNU_ThrowOutOfMemoryError@8.JAVA(?,?), ref: 6B3BEE74
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: ??3@Error@8MemoryThrow
                                                                                  • String ID: OutOfMemoryError
                                                                                  • API String ID: 1207968103-1421130177
                                                                                  • Opcode ID: aa8c3ec30a0c0b5671cf91daafee93e5fb8a50c8b3bcf995334ad39f9a0e5b9d
                                                                                  • Instruction ID: 3ef3eb68e49326a8f5323205377ae72257f4099f82ce7388ad98fe688ef4c4c6
                                                                                  • Opcode Fuzzy Hash: aa8c3ec30a0c0b5671cf91daafee93e5fb8a50c8b3bcf995334ad39f9a0e5b9d
                                                                                  • Instruction Fuzzy Hash: 11B09B3451421457CF116F25D901E6D7D31FF51284F40447860941D924CB3E4951A7C2
                                                                                  Function 6B4003E0 Relevance: 5.0, APIs: 4, Instructions: 30COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: free
                                                                                  • String ID:
                                                                                  • API String ID: 1294909896-0
                                                                                  • Opcode ID: 15a360f616ca27b2384ba7b53bac53f4bfd6884a7d639a79c5464b4f78420c6e
                                                                                  • Instruction ID: 232af484c7f0e9f4cabafa488c6aa78a12ebaf9f1b883840e020cf84d4d1d263
                                                                                  • Opcode Fuzzy Hash: 15a360f616ca27b2384ba7b53bac53f4bfd6884a7d639a79c5464b4f78420c6e
                                                                                  • Instruction Fuzzy Hash: 32E039B0B0021957EA00AB39AC44FDB73DCAF85210F0A4878E899D3301DA38E945CAA2
                                                                                  Function 6B3CE9BB Relevance: 5.0, APIs: 4, Instructions: 25COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.2371536008.000000006B351000.00000020.00000001.01000000.00000013.sdmp, Offset: 6B350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.2371510230.000000006B350000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371672294.000000006B444000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371697435.000000006B446000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371724346.000000006B447000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371747945.000000006B448000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371770451.000000006B449000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44A000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371793035.000000006B44D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.2371849975.000000006B470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_6b350000_javaw.jbxd
                                                                                  Similarity
                                                                                  • API ID: free$ExceptionThrow
                                                                                  • String ID:
                                                                                  • API String ID: 4001284683-0
                                                                                  • Opcode ID: 08ebf7071099edec3cae6a7a0d086e9c974f9abbcfd08b5da80d74b16c5570cf
                                                                                  • Instruction ID: 448469c2cbf9811fb53b4855e848f1c73cca5cc1aa443dbaa6c14e92f89ab6df
                                                                                  • Opcode Fuzzy Hash: 08ebf7071099edec3cae6a7a0d086e9c974f9abbcfd08b5da80d74b16c5570cf
                                                                                  • Instruction Fuzzy Hash: 7DE06D32D0415DEEDF02ABA4CC0ACFFBF75EE8A250B10002AE50072111DF2A2D06EBA0