Source: java.exe, 00000002.00000002.2171143861.000000000A1F8000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://bugreport.sun.com/bugreport/ |
Source: java.exe, 00000002.00000002.2171143861.000000000A24F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt |
Source: java.exe, 00000002.00000002.2171143861.000000000A24F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: java.exe, 00000002.00000002.2171143861.000000000A24F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt |
Source: java.exe, 00000002.00000002.2171143861.000000000A24F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: java.exe, 00000002.00000002.2171143861.000000000A24F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt |
Source: java.exe, 00000002.00000002.2171143861.000000000A24F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: java.exe, 00000002.00000002.2171143861.000000000A514000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html |
Source: java.exe, 00000002.00000002.2171143861.000000000A514000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2171143861.000000000A4CC000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0 |
Source: java.exe, 00000002.00000002.2171143861.000000000A514000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl.chambersign.org/chambersroot.crl |
Source: java.exe, 00000002.00000002.2171143861.000000000A514000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2171143861.000000000A4CC000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl.chambersign.org/chambersroot.crl0 |
Source: java.exe, 00000002.00000002.2171143861.000000000A514000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2162749884.000000000513A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl |
Source: java.exe, 00000002.00000002.2171143861.000000000A514000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2171143861.000000000A4CC000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: java.exe, 00000002.00000002.2171143861.000000000A514000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2162749884.000000000513A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl.securetrust.com/STCA.crl |
Source: java.exe, 00000002.00000002.2171143861.000000000A514000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2171143861.000000000A4CC000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl.securetrust.com/STCA.crl0 |
Source: java.exe, 00000002.00000002.2171143861.000000000A514000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2162749884.000000000513A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl |
Source: java.exe, 00000002.00000002.2171143861.000000000A514000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2171143861.000000000A4CC000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0 |
Source: java.exe, 00000002.00000002.2171143861.000000000A24F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl |
Source: java.exe, 00000002.00000002.2171143861.000000000A24F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: java.exe, 00000002.00000002.2171143861.000000000A24F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl |
Source: java.exe, 00000002.00000002.2171143861.000000000A24F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: java.exe, 00000002.00000002.2171143861.000000000A24F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl |
Source: java.exe, 00000002.00000002.2171143861.000000000A24F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: java.exe, 00000002.00000002.2171143861.000000000A20F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://java.oracle.com/ |
Source: java.exe, 00000002.00000002.2173529549.0000000015A9A000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000002.2171143861.000000000A40B000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2173529549.00000000158E4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://null.oracle.com/ |
Source: java.exe, 00000002.00000002.2171143861.000000000A24F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com |
Source: java.exe, 00000002.00000002.2171143861.000000000A24F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0A |
Source: java.exe, 00000002.00000002.2171143861.000000000A24F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: java.exe, 00000002.00000002.2171143861.000000000A24F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0X |
Source: java.exe, 00000002.00000002.2171143861.000000000A514000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://policy.camerfirma.com |
Source: java.exe, 00000002.00000002.2171143861.000000000A514000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2171143861.000000000A4CC000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://policy.camerfirma.com0 |
Source: java.exe, 00000002.00000002.2171143861.000000000A5DC000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://repository.swisssign.com/ |
Source: java.exe, 00000002.00000002.2171143861.000000000A514000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2171143861.000000000A4CC000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2162749884.000000000504F000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2171143861.000000000A5DC000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://repository.swisssign.com/0 |
Source: java.exe, 00000002.00000002.2162749884.000000000504F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://repository.swisssign.com/3 |
Source: java.exe, 00000002.00000002.2171143861.000000000A645000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.chambersign.org |
Source: java.exe, 00000002.00000002.2171143861.000000000A514000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2171143861.000000000A4CC000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.chambersign.org1 |
Source: java.exe, 00000002.00000002.2171143861.000000000A5DC000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.quovadis.bm |
Source: java.exe, 00000002.00000002.2171143861.000000000A514000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2171143861.000000000A4CC000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2162749884.000000000504F000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2171143861.000000000A5DC000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.quovadis.bm0 |
Source: java.exe, 00000002.00000002.2171143861.000000000A514000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.quovadisglobal.com/cps |
Source: java.exe, 00000002.00000002.2171143861.000000000A514000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2171143861.000000000A4CC000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.quovadisglobal.com/cps0 |
Source: Mtcn_1637256355_pdf.jar |
String found in binary or memory: https://branchlock.net |
Source: java.exe, 00000002.00000003.2113099983.0000000001078000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://branchlock.netU |
Source: java.exe, 00000002.00000002.2171143861.000000000A5DC000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ocsp.quovadisoffshore.com |
Source: java.exe, 00000002.00000002.2171143861.000000000A514000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2171143861.000000000A4CC000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2162749884.000000000504F000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2171143861.000000000A5DC000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ocsp.quovadisoffshore.com0 |
Source: java.exe, 00000002.00000002.2171143861.000000000A514000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://repository.luxtrust.lu |
Source: java.exe, 00000002.00000002.2171143861.000000000A514000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2171143861.000000000A4CC000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://repository.luxtrust.lu0 |
Source: java.exe, 00000002.00000002.2171143861.000000000A24F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://soakawaypit.s3.eu-west-1.amazonaws.com/def.jar |
Source: java.exe, 00000002.00000002.2171143861.000000000A24F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://soakawaypit.s3.eu-west-1.amazonaws.com/email.js |
Source: java.exe, 00000002.00000002.2171143861.000000000A24F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://soakawaypit.s3.eu-west-1.amazonaws.com/ext.jar |
Source: java.exe, 00000002.00000002.2171143861.000000000A24F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://soakawaypit.s3.eu-west-1.amazonaws.com/neft.pdf |
Source: java.exe, 00000002.00000002.2171143861.000000000A24F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://soakawaypit.s3.eu-west-1.amazonaws.com/res.jar |
Source: java.exe, 00000002.00000002.2171143861.000000000A24F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://soakawaypit.s3.eu-west-1.amazonaws.com/server.jar |
Source: java.exe, 00000002.00000002.2171143861.000000000A24F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://soakawaypit.s3.eu-west-1.amazonaws.com/server1.jar |
Source: java.exe, 00000002.00000002.2171143861.000000000A24F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://soakawaypit.s3.eu-west-1.amazonaws.com/startup.jar |
Source: unknown |
Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\Mtcn_1637256355_pdf.jar"" >> C:\cmdlinestart.log 2>&1 |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe "C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\Mtcn_1637256355_pdf.jar" |
|
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M |
|
Source: C:\Windows\SysWOW64\icacls.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe |
|
Source: C:\Windows\SysWOW64\tasklist.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe "C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\Mtcn_1637256355_pdf.jar" |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\icacls.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: framedynos.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: dbghelp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: winsta.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Code function: 2_2_02AD428D push ecx; retn 0022h |
2_2_02AD4342 |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Code function: 2_2_02ACC7C8 push cs; ret |
2_2_02ACC811 |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Code function: 2_2_02AD3FD3 push es; iretd |
2_2_02AD3FDA |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Code function: 2_2_02AC9F11 push cs; retf |
2_2_02AC9F31 |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Code function: 2_2_02ACAB48 push eax; retf |
2_2_02ACAB49 |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Code function: 2_2_02AD399B push es; iretd |
2_2_02AD399E |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Code function: 2_2_02AD3996 push es; iretd |
2_2_02AD399A |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Code function: 2_2_02A2D8F7 push 00000000h; mov dword ptr [esp], esp |
2_2_02A2D921 |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Code function: 2_2_02A2A20A push ecx; ret |
2_2_02A2A21A |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Code function: 2_2_02A2A21B push ecx; ret |
2_2_02A2A225 |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Code function: 2_2_02A2B3B7 push 00000000h; mov dword ptr [esp], esp |
2_2_02A2B3DD |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Code function: 2_2_02A2BB67 push 00000000h; mov dword ptr [esp], esp |
2_2_02A2BB8D |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Code function: 2_2_02A2D8E0 push 00000000h; mov dword ptr [esp], esp |
2_2_02A2D921 |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Code function: 2_2_02A2B947 push 00000000h; mov dword ptr [esp], esp |
2_2_02A2B96D |
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Code function: 2_2_02A2C477 push 00000000h; mov dword ptr [esp], esp |
2_2_02A2C49D |
Source: java.exe, 00000002.00000002.2171143861.000000000A24F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: PROCMON.EXE |
Source: java.exe, 00000002.00000002.2171143861.000000000A24F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: AUTORUNSC.EXE |
Source: java.exe, 00000002.00000002.2171143861.000000000A24F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OLLYDBG.EXE |
Source: java.exe, 00000002.00000002.2171143861.000000000A24F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: REGMON.EXE |
Source: java.exe, 00000002.00000002.2171143861.000000000A24F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: AUTORUNS.EXE |
Source: java.exe, 00000002.00000002.2171143861.000000000A24F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: FIDDLER.EXE |
Source: java.exe, 00000002.00000002.2171143861.000000000A24F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: WIRESHARK.EXE |
Source: java.exe, 00000002.00000002.2171143861.000000000A24F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: FILEMON.EXE |
Source: java.exe, 00000002.00000003.2114653557.000000001506F000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: com/sun/corba/se/impl/util/SUNVMCID.classPK |
Source: java.exe, 00000002.00000003.2114653557.000000001506F000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: &com/sun/corba/se/impl/util/SUNVMCID.classPK |
Source: java.exe, 00000002.00000002.2171143861.000000000A24F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: vmware.exe |
Source: java.exe, 00000002.00000002.2162049093.000000000103B000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: [Ljava/lang/VirtualMachineError; |
Source: java.exe, 00000002.00000003.2114653557.000000001506F000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: org/omg/CORBA/OMGVMCID.classPK |
Source: java.exe, 00000002.00000002.2162049093.000000000103B000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: cjava/lang/VirtualMachineError |
Source: java.exe, 00000002.00000003.2114653557.000000001506F000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: java/lang/VirtualMachineError.classPK |
Source: java.exe, 00000002.00000002.2162049093.000000000103B000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |