Windows Analysis Report
SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe

Overview

General Information

Sample name:	SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe
Analysis ID:	1432124
MD5:	fcf252f884324dab8d0831f3edde05bf
SHA1:	b9a566b4a184ed0435e026a9724774245204eccd
SHA256:	d92ffd29ee3f93e059c8efda75e4886be9c48f0eb0335cb21ebc563e95d85df1
Infos:

Detection

Score:	12
Range:	0 - 100
Whitelisted:	false
Confidence:	40%

Signatures

Machine Learning detection for dropped file

Binary contains a suspicious time stamp

Creates a process in suspended mode (likely to inject code)

Dropped file seen in connection with other malware

Drops PE files

Found dropped PE file which has not been started or loaded

PE file contains an invalid checksum

PE file contains sections with non-standard names

PE file does not import any functions

Queries the volume information (name, serial number etc) of a device

Uses 32bit PE files

Classification

Signatures

AV Detection

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\SUMlauncher.jar

Joe Sandbox ML: detected

Uses 32bit PE files

Source: SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\readme.txt			Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\conf\security\policy\README.txt			Jump to behavior

Source: SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe

Static PE information: certificate valid

Source:	Binary string: java.pdb source: java.dll.0.dr
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: api-ms-win-core-localization-l1-2-0.dll.0.dr
Source:	Binary string: api-ms-win-core-util-l1-1-0.pdb source: api-ms-win-core-util-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-heap-l1-1-0.pdbGCTL source: api-ms-win-core-heap-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-math-l1-1-0.pdbGCTL source: api-ms-win-crt-math-l1-1-0.dll.0.dr
Source:	Binary string: javaw.pdb source: javaw.exe, 00000002.00000000.2165491630.00007FF7B1382000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: jrunscript.pdb source: jrunscript.exe.0.dr
Source:	Binary string: api-ms-win-core-sysinfo-l1-1-0.pdbGCTL source: api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source:	Binary string: lcms.pdb// source: lcms.dll.0.dr
Source:	Binary string: lcms.pdb source: lcms.dll.0.dr
Source:	Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-util-l1-1-0.pdbGCTL source: api-ms-win-core-util-l1-1-0.dll.0.dr
Source:	Binary string: java.pdbzz source: java.dll.0.dr
Source:	Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-math-l1-1-0.pdb source: api-ms-win-crt-math-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-interlocked-l1-1-0.pdbGCTL source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-heap-l1-1-0.pdb source: api-ms-win-core-heap-l1-1-0.dll.0.dr

Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs	Jump to behavior

Source: javaw.exe, 00000002.00000003.2296906258.00000000874CC000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2252392924.0000012E684CF000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2324954708.0000012E68504000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086C00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2257130686.0000012E684D0000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2258058074.0000012E684F9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2329070912.0000012E6850F000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/allow-java-encodings
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/continue-after-fatal-error
Source: javaw.exe, 00000002.00000003.2328124352.0000012E684C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/disallow-doctype-decl
Source: javaw.exe, 00000002.00000003.2328124352.0000012E684C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/dom/create-entity-ref-nodes
Source: javaw.exe, 00000002.00000003.2296906258.00000000874CC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/dom/create-entity-ref-nodes#
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotationsc.
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocations
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/internal/parser-settings
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicates
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicatesKF
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/namespace-growth
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd
Source: javaw.exe, 00000002.00000003.2296906258.00000000874CC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd3
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/scanner/notify-builtin-refs
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/standard-uri-conformant
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validate-annotations
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validate-annotationskG
Source: javaw.exe, 00000002.00000003.2328124352.0000012E684C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-trees
Source: javaw.exe, 00000002.00000003.2328124352.0000012E684C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/dynamic
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/id-idref-checking
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/id-idref-checking$
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/identity-constraint-checking
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema/augment-psvi
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema/element-default
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema/element-defaultcI
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema/ignore-xsi-type-until-elemdecl
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema/ignore-xsi-type-until-elemdeclkE
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-value
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-value3Q
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/unparsed-entity-checking
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdef
Source: javaw.exe, 00000002.00000003.2296906258.00000000874CC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdef#
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdef
Source: javaw.exe, 00000002.00000003.2296906258.00000000874CC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdef3
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/warn-on-duplicate-entitydef
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/xinclude
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-uris
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-language
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/input-buffer-size
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/input-buffer-size;-
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factory
Source: javaw.exe, 00000002.00000003.2296906258.00000000874CC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factory36
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factoryGER
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/document-scanner
Source: javaw.exe, 00000002.00000003.2296906258.00000000874CC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/document-scanner3
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/dtd-processord-e
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner/stri
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/entity-manager
Source: javaw.exe, 00000002.00000003.2296906258.00000000874CC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/entity-managerC
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/entity-managerSt
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/error-handler
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/error-reporter
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/error-reporterrs
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/grammar-pool
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/namespace-binder
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/namespace-binder3M
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/namespace-context
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolver
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/symbol-table
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validation-manager
Source: javaw.exe, 00000002.00000003.2296906258.00000000874CC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validation-managercL
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factoryCJ
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factorylHan
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validator/dtd
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validator/dtd-ht
Source: javaw.exe, 00000002.00000003.2296906258.00000000874CC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validator/dtdSP
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validator/schema
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/xinclude-handler
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/locale
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/localeal/
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/n
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocation
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocationibu
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/security-manager
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/validation/schema/root-element-declaration
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/validation/schema/root-element-declaration3K
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/validation/schema/root-element-declarationmentHan
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/validation/schema/root-type-definition
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/validation/schema/root-type-definitionsol
Source: javaw.exe, 00000002.00000003.2586763509.0000012E63F57000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymousTypes
Source: java.dll.0.dr, jrunscript.exe.0.dr, lcms.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: java.dll.0.dr, jrunscript.exe.0.dr, lcms.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: java.dll.0.dr, jrunscript.exe.0.dr, lcms.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: java.dll.0.dr, jrunscript.exe.0.dr, lcms.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
Source: javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.htmlr
Source: javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.certigna.fr/certignarootca.crl
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
Source: javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.chambersign.org/chambersroot.crlkwell
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.chambersign.org/chambersroot.crlm
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.chambersign.org/chambersroot.crlme
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crlght
Source: javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crlghtK
Source: javaw.exe, 00000002.00000002.3285538078.0000000086D00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: javaw.exe, 00000002.00000003.2289356610.0000000086D00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086D00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
Source: javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crln
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: javaw.exe, 00000002.00000003.2296906258.0000000087606000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087783000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087646000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.00000000876C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: javaw.exe, 00000002.00000002.3285538078.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crler
Source: javaw.exe, 00000002.00000003.2296906258.0000000087783000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crlerCDG
Source: javaw.exe, 00000002.00000003.2289356610.0000000086F54000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: javaw.exe, 00000002.00000002.3285538078.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.00000000876C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl1.softwareag.com/Software%20AG%20CA%202.crt
Source: javaw.exe, 00000002.00000002.3285538078.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl1.softwareag.com/Software%20AG%20CA%202.crt0A
Source: javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl1.softwareag.com/Software%20AG%20Root%20CA%202020.crl
Source: javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl1.softwareag.com/Software%20AG%20Root%20CA%202020.crt
Source: javaw.exe, 00000002.00000002.3285538078.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl1.softwareag.com/Software%20AG%20Root%20CA%202020.crt0K
Source: javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl2.softwareag.com/Software%20AG%20CA%202.crt
Source: javaw.exe, 00000002.00000002.3285538078.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl2.softwareag.com/Software%20AG%20CA%202.crt0
Source: javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl2.softwareag.com/Software%20AG%20Root%20CA%202020.crl
Source: javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl2.softwareag.com/Software%20AG%20Root%20CA%202020.crlK
Source: javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl2.softwareag.com/Software%20AG%20Root%20CA%202020.crt
Source: javaw.exe, 00000002.00000002.3285538078.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl2.softwareag.com/Software%20AG%20Root%20CA%202020.crt0
Source: java.dll.0.dr, jrunscript.exe.0.dr, lcms.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: java.dll.0.dr, jrunscript.exe.0.dr, lcms.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: java.dll.0.dr, jrunscript.exe.0.dr, lcms.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: lcms.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: java.dll.0.dr, jrunscript.exe.0.dr, lcms.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe, 00000000.00000002.3283989553.0000000000028000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: http://documentation.softwareag.com/legal/general_license.txt
Source: javaw.exe, 00000002.00000003.2586763509.0000012E63F57000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/dom/properties/
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/
Source: javaw.exe, 00000002.00000003.2296906258.00000000874CC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/3
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/ax
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguage
Source: javaw.exe, 00000002.00000003.2296906258.00000000874CC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguage;H
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaSource
Source: javaw.exe, 00000002.00000003.2586763509.0000012E63F57000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/schema/features/
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace
Source: javaw.exe, 00000002.00000003.2586763509.0000012E63F57000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/stream/properties/
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtdh.
Source: javaw.exe, 00000002.00000003.2586763509.0000012E63F57000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/stream/properties/reader-in-defined-state
Source: javaw.exe, 00000002.00000003.2328124352.0000012E684C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/stream/properties/report-cdata-event
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/feature/secure-processing
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/feature/useCatalog
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/feature/useCatalogpa
Source: javaw.exe, 00000002.00000003.2586763509.0000012E63F57000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/property/
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTD
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchema
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchemas:
Source: javaw.exe, 00000002.00000003.2296906258.00000000874CC000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2330076875.0000012E63301000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086C00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.00000000878DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3287463619.0000012E483F0000.00000002.00000001.00040000.00000019.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://null.oracle.com/
Source: javaw.exe, 00000002.00000003.2296906258.00000000878DE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://null.oracle.com/C
Source: javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es0
Source: java.dll.0.dr, jrunscript.exe.0.dr, lcms.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: java.dll.0.dr, jrunscript.exe.0.dr, lcms.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: java.dll.0.dr, jrunscript.exe.0.dr, lcms.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: java.dll.0.dr, jrunscript.exe.0.dr, lcms.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe, 00000000.00000002.3283989553.0000000000028000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: http://ocsp.example.net:80
Source: javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://pki.corp.softwareag.com/CertEnroll/Software%20AG%20-%20Root%20Certification%20Authority(4).cr
Source: javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://pki.corp.softwareag.com/CertEnroll/cps.txt
Source: javaw.exe, 00000002.00000002.3285538078.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://pki.corp.softwareag.com/CertEnroll/cps.txt0
Source: javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://pki.corp.softwareag.com/CertEnroll/cps.txtS
Source: javaw.exe, 00000002.00000002.3285538078.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://pki.corp.softwareag.com/CertEnroll/cps.txtp
Source: javaw.exe, 00000002.00000002.3285538078.0000000086D00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://policy.camerfirma.com
Source: javaw.exe, 00000002.00000002.3285538078.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086D00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.00000000876C0000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086D00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://policy.camerfirma.com0
Source: javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://policy.camerfirma.come
Source: javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://policy.camerfirma.comeng
Source: javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://policy.camerfirma.comhtm
Source: javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://policy.camerfirma.comk
Source: javaw.exe, 00000002.00000002.3285538078.0000000086D00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/
Source: javaw.exe, 00000002.00000002.3285538078.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086D00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086D00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/0
Source: javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/55
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/6
Source: javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/SC
Source: javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/m
Source: javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/mb
Source: javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/nla
Source: javaw.exe, 00000002.00000003.2289356610.0000000086D00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086D00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/t
Source: javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/ttokD
Source: javaw.exe, 00000002.00000002.3283965661.00000000801C6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://softwareag.com/licenses
Source: javaw.exe, 00000002.00000003.2289356610.0000000087993000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086F54000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://softwareag.com/licenses.
Source: javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es
Source: javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt
Source: javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt#Y
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlcale
Source: javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlcale;d
Source: javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htms_
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es00
Source: javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.esS
Source: javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.eska
Source: javaw.exe, 00000002.00000002.3283965661.0000000080000000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3287463619.0000012E479F0000.00000002.00000001.00040000.00000019.sdmp	String found in binary or memory: http://www.azul.com/
Source: javaw.exe, 00000002.00000002.3283965661.0000000080000000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3287463619.0000012E479F0000.00000002.00000001.00040000.00000019.sdmp	String found in binary or memory: http://www.azul.com/support/
Source: javaw.exe, 00000002.00000003.2289356610.00000000876C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: javaw.exe, 00000002.00000003.2296906258.0000000087646000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.00000000876C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/0
Source: javaw.exe, 00000002.00000003.2289356610.00000000876C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/s
Source: javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.chambersign.org
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.chambersign.org1
Source: java.dll.0.dr, jrunscript.exe.0.dr, lcms.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.firmaprofesional.com/cps
Source: javaw.exe, 00000002.00000003.2289356610.0000000087683000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087646000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.00000000876C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.firmaprofesional.com/cpsc
Source: javaw.exe, 00000002.00000003.2289356610.0000000087683000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.firmaprofesional.com/cpsi
Source: javaw.exe, 00000002.00000003.2296906258.00000000873C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comhttp://www.fontbureau.com/designers/NormalNormaaliNormalNorm
Source: javaw.exe, 00000002.00000003.2289356610.0000000087346000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comhttp://www.fontbureau.com/designers/cabarga.htmlNegritaMagneto
Source: javaw.exe, 00000002.00000003.2296906258.00000000874CC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comhttp://www.fontbureau.com/designersCursivaCalifornian
Source: javaw.exe, 00000002.00000003.2296906258.00000000874CC000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087383000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comhttp://www.fontbureau.com/designersNormalNormaaliNormalNorm
Source: javaw.exe, 00000002.00000003.2289356610.0000000087306000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/NormalNormaaliNormalNorm
Source: javaw.exe, 00000002.00000003.2289356610.0000000087306000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/http://www.galapagosdesign.com/staff/dennis.htmPlease
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/feature/use-service-mechanism
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/is-standalone
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/is-standalones
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/
Source: javaw.exe, 00000002.00000002.3285538078.0000000086D00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/elementAttributeLimit
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/enableExtensionFunctions
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/enableExtensionFunctionss
Source: javaw.exe, 00000002.00000002.3285538078.0000000086D00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit
Source: javaw.exe, 00000002.00000002.3285538078.0000000086D00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityReplacementLimit
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/getEntityCountInfo
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/getEntityCountInfoK
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/isStandalone
Source: javaw.exe, 00000002.00000002.3285538078.0000000086D00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxElementDepth
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxElementDepth;
Source: javaw.exe, 00000002.00000002.3285538078.0000000086D00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxGeneralEntitySizeLimit
Source: javaw.exe, 00000002.00000002.3285538078.0000000086D00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxOccurLimit
Source: javaw.exe, 00000002.00000002.3285538078.0000000086D00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimit
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimits
Source: javaw.exe, 00000002.00000002.3285538078.0000000086D00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxXMLNameLimit
Source: javaw.exe, 00000002.00000002.3285538078.0000000086D00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/totalEntitySizeLimit
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/xsltcIsStandalone
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/xsltcIsStandalone#
Source: javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cpss
Source: SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe, 00000000.00000002.3284773324.0000000002260000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.skaro.net
Source: SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe, 00000000.00000002.3284773324.0000000002260000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.skaro.net/zipfusion/contact.html
Source: SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe, 00000000.00000002.3284773324.0000000002260000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.skaro.net/zipfusion/regn.html
Source: SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe, 00000000.00000002.3284773324.0000000002260000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.skaro.net/zipfusion/regn.html:
Source: SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	String found in binary or memory: http://www.skaro.net/zipfusionD
Source: javaw.exe, 00000002.00000003.2296906258.0000000087383000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.comMicrosoft
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deNormalNormaaliNormalNorm
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.dePlease
Source: javaw.exe, 00000002.00000003.2289356610.0000000087306000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: javaw.exe, 00000002.00000003.2296906258.00000000874CC000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2252782431.0000012E63984000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2586697815.0000012E6396C000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086C00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2328414279.0000012E63981000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2327338703.0000012E6397B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTD
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/external-general-entities
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/external-general-entities3)
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/external-parameter-entities
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/external-parameter-entitiess(
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/namespace-prefixes
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/namespace-prefixes.
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/namespaces
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/string-interning
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/validation
Source: javaw.exe, 00000002.00000003.2257625434.0000012E63532000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/validation.
Source: javaw.exe, 00000002.00000003.2296906258.00000000874CC000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2252782431.0000012E63984000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2586697815.0000012E6396C000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086C00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2328414279.0000012E63981000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2327338703.0000012E6397B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/properties/
Source: javaw.exe, 00000002.00000003.2296906258.00000000874CC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/properties/C
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/properties/declaration-handler
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/properties/dom-node
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/properties/lexical-handler
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/properties/lexical-handler39
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/properties/xml-string
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/properties/xml-stringar
Source: javaw.exe, 00000002.00000002.3283965661.00000000801C6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://documentation.softwareag.com/legal/general_license.txt
Source: javaw.exe, 00000002.00000003.2289356610.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://repository.luxtrust.lu
Source: javaw.exe, 00000002.00000002.3285538078.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.00000000876C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://repository.luxtrust.lu0
Source: javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://repository.luxtrust.luk
Source: javaw.exe, 00000002.00000003.2289356610.00000000879B9000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sdc.softwareag.com
Source: javaw.exe, 00000002.00000003.2289356610.00000000879B9000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sdc.softwareag.com/cgi-bin/dataserveMASTER.cgi
Source: javaw.exe, 00000002.00000003.2289356610.00000000879B9000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sdc.softwareag.com/cgi-bin/dataserveMASTER.cgi#
Source: javaw.exe, 00000002.00000003.2289356610.00000000879B9000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sdc.softwareag.com/services/auth
Source: javaw.exe, 00000002.00000003.2289356610.00000000879B9000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sdc.softwareag.com/services/sum-repository-service
Source: javaw.exe, 00000002.00000003.2289356610.00000000879B9000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sdc.softwareag.com/services/sum-repository-service/actuator/health
Source: javaw.exe, 00000002.00000003.2289356610.00000000879B9000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sdc.softwareag.com/services/sum-repository-service/actuator/healthc
Source: javaw.exe, 00000002.00000003.2289356610.00000000879B9000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sdc.softwareag.com/services/sum-repository-service/components/updates/GA_Fix_Repo
Source: javaw.exe, 00000002.00000003.2289356610.00000000879B9000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sdc.softwareag.com/services/sum-repository-service1
Source: javaw.exe, 00000002.00000003.2289356610.00000000879B9000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sdc.softwareag.com/services/sum-repository-serviceJ
Source: javaw.exe, 00000002.00000002.3283965661.0000000080216000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.00000000879F7000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sdc.softwareag.com/sumv2/api/version
Source: javaw.exe, 00000002.00000002.3283965661.00000000801C6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://softwareag.com/licenses
Source: unicode.md.0.dr	String found in binary or memory: https://www.unicode.org/copyright.html.
Source: javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/0m

Dropped file seen in connection with other malware

Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-console-l1-1-0.dll 191E08DEA0AD5AC02E7E84669D9FFFA5AA67DC696E36077C5FA20D81C80B6A56
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-console-l1-2-0.dll 9E04918D9E751DBC56D0251D3ADA573381B469A012599554D72AA4AFFDA9658A

PE file does not import any functions

Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-private-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-fibers-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-multibyte-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-2-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found

Uses 32bit PE files

Source: SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: classification engine

Classification label: clean12.winEXE@56/388@0/0

Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\83aa4cc77f591dfc2374580bbd95f6ba_9e146be9-c76a-4720-bcdb-53011b87bd06

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2072:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5044:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2200:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3364:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5644:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1880:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4368:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4724:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4676:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5468:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2636:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6436:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5084:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3836:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5168:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4072:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4332:120:WilError_03

Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe

File created: C:\Users\user\AppData\Local\Temp\ZFI_3536

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe

Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar3441555891569706586.bat

Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe

Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Jump to behavior

Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe

File read: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe "C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe"
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Process created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe "C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe" -Dbootstrapper.version=11.0.0.0000-0617 -classpath SUMLauncher.jar com.softwareag.plm.sum.client.launcher.installer.Main
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar3441555891569706586.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar10818828613249938793.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar17401203860513035475.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar13494803152977832873.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar12061198024144877217.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar679868451359564232.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar1160597909741069849.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar9524271340662204174.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar8642198764105678578.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar4678659186746217219.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar4430410592668505130.bat
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar4588889823313094399.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar9879207687526437611.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar9521514706033490886.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar7729600830500743558.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar11338522504124708664.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar17841775868638982939.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar4667907513633472375.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Process created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe "C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe" -Dbootstrapper.version=11.0.0.0000-0617 -classpath SUMLauncher.jar com.softwareag.plm.sum.client.launcher.installer.Main	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar3441555891569706586.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar10818828613249938793.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar17401203860513035475.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar13494803152977832873.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar12061198024144877217.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar679868451359564232.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar1160597909741069849.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar9524271340662204174.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar8642198764105678578.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar4678659186746217219.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar4430410592668505130.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar4588889823313094399.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar9879207687526437611.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar9521514706033490886.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar7729600830500743558.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar11338522504124708664.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar17841775868638982939.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar4667907513633472375.bat	Jump to behavior

Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: ksuser.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: avrt.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: audioses.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: midimap.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: riched32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: jli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: opengl32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: glu32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior

Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00021401-0000-0000-C000-000000000046}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe

Window found: window name: RICHEDIT

Jump to behavior

Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe

File opened: C:\Windows\SysWOW64\RICHED32.DLL

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe

Static PE information: certificate valid

Source: SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe

Static file information: File size 41718784 > 1048576

Source:	Binary string: java.pdb source: java.dll.0.dr
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: api-ms-win-core-localization-l1-2-0.dll.0.dr
Source:	Binary string: api-ms-win-core-util-l1-1-0.pdb source: api-ms-win-core-util-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-heap-l1-1-0.pdbGCTL source: api-ms-win-core-heap-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-math-l1-1-0.pdbGCTL source: api-ms-win-crt-math-l1-1-0.dll.0.dr
Source:	Binary string: javaw.pdb source: javaw.exe, 00000002.00000000.2165491630.00007FF7B1382000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: jrunscript.pdb source: jrunscript.exe.0.dr
Source:	Binary string: api-ms-win-core-sysinfo-l1-1-0.pdbGCTL source: api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source:	Binary string: lcms.pdb// source: lcms.dll.0.dr
Source:	Binary string: lcms.pdb source: lcms.dll.0.dr
Source:	Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-util-l1-1-0.pdbGCTL source: api-ms-win-core-util-l1-1-0.dll.0.dr
Source:	Binary string: java.pdbzz source: java.dll.0.dr
Source:	Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-math-l1-1-0.pdb source: api-ms-win-crt-math-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-interlocked-l1-1-0.pdbGCTL source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-heap-l1-1-0.pdb source: api-ms-win-core-heap-l1-1-0.dll.0.dr

Binary contains a suspicious time stamp

Source: api-ms-win-core-errorhandling-l1-1-0.dll.0.dr

Static PE information: 0xAEAB7D2A [Sat Nov 11 12:38:02 2062 UTC]

PE file contains an invalid checksum

Source: ktab.exe.0.dr	Static PE information: real checksum: 0xcf85 should be: 0xc43d
Source: javaw.exe.0.dr	Static PE information: real checksum: 0x1afa2 should be: 0xfde6
Source: jrunscript.exe.0.dr	Static PE information: real checksum: 0xce21 should be: 0xc2d9
Source: keytool.exe.0.dr	Static PE information: real checksum: 0xb910 should be: 0x10753
Source: kinit.exe.0.dr	Static PE information: real checksum: 0x11a97 should be: 0x68db
Source: jabswitch.exe.0.dr	Static PE information: real checksum: 0x1116d should be: 0x15fb3
Source: freetype.dll.0.dr	Static PE information: real checksum: 0x86b0c should be: 0x8be2e
Source: jfr.exe.0.dr	Static PE information: real checksum: 0x15298 should be: 0xa0dc
Source: klist.exe.0.dr	Static PE information: real checksum: 0x143ba should be: 0x91fe
Source: java.exe.0.dr	Static PE information: real checksum: 0x17f81 should be: 0x16242
Source: rmiregistry.exe.0.dr	Static PE information: real checksum: 0x1393c should be: 0x8780

PE file contains sections with non-standard names

Source: jsvml.dll.0.dr	Static PE information: section name: _RDATA
Source: fontmanager.dll.0.dr	Static PE information: section name: _RDATA
Source: vcruntime140.dll.0.dr	Static PE information: section name: _RDATA
Source: javaaccessbridge.dll.0.dr	Static PE information: section name: _RDATA

Drops PE files

Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jabswitch.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\net.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\sspi_bridge.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\lcms.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\j2gss.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jrunscript.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\j2pkcs11.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\java.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jli.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\management_ext.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\ktab.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\keytool.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\WinFallbackLookup.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jimage.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jdwp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\java.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\vcruntime140_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\klist.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\windowsaccessbridge-64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jaas.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\mlib_image.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaaccessbridge.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-console-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\management.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\management_agent.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\j2pcsc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javajpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\ucrtbase.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-fibers-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\kinit.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jaccesswalker.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\prefs.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jfr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\rmiregistry.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jsound.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jaccessinspector.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\verify.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\sunmscapi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\w2k_lsa_auth.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\freetype.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\fontmanager.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\rmi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\zip.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jawt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jsvml.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\server\jvm.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\instrument.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\nio.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\awt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\splashscreen.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\dt_socket.dll	Jump to dropped file

Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\readme.txt			Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\conf\security\policy\README.txt			Jump to behavior

Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jabswitch.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\net.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\sspi_bridge.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\lcms.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jrunscript.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\j2gss.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\j2pkcs11.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\java.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\management_ext.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\ktab.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\keytool.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\WinFallbackLookup.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jimage.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\java.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jdwp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\vcruntime140_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\klist.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\windowsaccessbridge-64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jaas.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaaccessbridge.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\mlib_image.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-console-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\management.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\management_agent.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\j2pcsc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javajpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-fibers-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jaccesswalker.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\kinit.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\prefs.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jfr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\rmiregistry.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jaccessinspector.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jsound.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\verify.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\sunmscapi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\w2k_lsa_auth.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\freetype.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\fontmanager.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\rmi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\zip.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jawt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jsvml.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\server\jvm.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\instrument.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\nio.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\awt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\splashscreen.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\dt_socket.dll	Jump to dropped file

Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs	Jump to behavior

Source: javaw.exe, 00000002.00000002.3287463619.0000012E479F0000.00000002.00000001.00040000.00000019.sdmp, classlist.0.dr	Binary or memory string: java/lang/VirtualMachineError
Source: javaw.exe, 00000002.00000002.3287463619.0000012E479F0000.00000002.00000001.00040000.00000019.sdmp	Binary or memory string: VirtualMachineError
Source: javaw.exe, 00000002.00000002.3287109941.0000012E4612D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe

Memory protected: page read and write | page guard

Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Process created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe "C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe" -Dbootstrapper.version=11.0.0.0000-0617 -classpath SUMLauncher.jar com.softwareag.plm.sum.client.launcher.installer.Main	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar3441555891569706586.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar10818828613249938793.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar17401203860513035475.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar13494803152977832873.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar12061198024144877217.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar679868451359564232.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar1160597909741069849.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar9524271340662204174.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar8642198764105678578.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar4678659186746217219.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar4430410592668505130.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar4588889823313094399.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar9879207687526437611.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar9521514706033490886.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar7729600830500743558.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar11338522504124708664.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar17841775868638982939.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar4667907513633472375.bat	Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\java.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\server\jvm.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\java.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\java.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\java.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\lib\modules VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\hsperfdata_user\6544 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\logs\launcher_gui260424_14-40-28.log.lck VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

AV Detection

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\SUMlauncher.jar

Joe Sandbox ML: detected

Uses 32bit PE files

Source: SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\readme.txt			Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\conf\security\policy\README.txt			Jump to behavior

Source: SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe

Static PE information: certificate valid

Source:	Binary string: java.pdb source: java.dll.0.dr
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: api-ms-win-core-localization-l1-2-0.dll.0.dr
Source:	Binary string: api-ms-win-core-util-l1-1-0.pdb source: api-ms-win-core-util-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-heap-l1-1-0.pdbGCTL source: api-ms-win-core-heap-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-math-l1-1-0.pdbGCTL source: api-ms-win-crt-math-l1-1-0.dll.0.dr
Source:	Binary string: javaw.pdb source: javaw.exe, 00000002.00000000.2165491630.00007FF7B1382000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: jrunscript.pdb source: jrunscript.exe.0.dr
Source:	Binary string: api-ms-win-core-sysinfo-l1-1-0.pdbGCTL source: api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source:	Binary string: lcms.pdb// source: lcms.dll.0.dr
Source:	Binary string: lcms.pdb source: lcms.dll.0.dr
Source:	Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-util-l1-1-0.pdbGCTL source: api-ms-win-core-util-l1-1-0.dll.0.dr
Source:	Binary string: java.pdbzz source: java.dll.0.dr
Source:	Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-math-l1-1-0.pdb source: api-ms-win-crt-math-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-interlocked-l1-1-0.pdbGCTL source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-heap-l1-1-0.pdb source: api-ms-win-core-heap-l1-1-0.dll.0.dr

Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs	Jump to behavior

Source: javaw.exe, 00000002.00000003.2296906258.00000000874CC000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2252392924.0000012E684CF000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2324954708.0000012E68504000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086C00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2257130686.0000012E684D0000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2258058074.0000012E684F9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2329070912.0000012E6850F000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/allow-java-encodings
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/continue-after-fatal-error
Source: javaw.exe, 00000002.00000003.2328124352.0000012E684C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/disallow-doctype-decl
Source: javaw.exe, 00000002.00000003.2328124352.0000012E684C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/dom/create-entity-ref-nodes
Source: javaw.exe, 00000002.00000003.2296906258.00000000874CC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/dom/create-entity-ref-nodes#
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotationsc.
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocations
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/internal/parser-settings
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicates
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicatesKF
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/namespace-growth
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd
Source: javaw.exe, 00000002.00000003.2296906258.00000000874CC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd3
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/scanner/notify-builtin-refs
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/standard-uri-conformant
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validate-annotations
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validate-annotationskG
Source: javaw.exe, 00000002.00000003.2328124352.0000012E684C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-trees
Source: javaw.exe, 00000002.00000003.2328124352.0000012E684C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/dynamic
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/id-idref-checking
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/id-idref-checking$
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/identity-constraint-checking
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema/augment-psvi
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema/element-default
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema/element-defaultcI
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema/ignore-xsi-type-until-elemdecl
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema/ignore-xsi-type-until-elemdeclkE
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-value
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-value3Q
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/unparsed-entity-checking
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdef
Source: javaw.exe, 00000002.00000003.2296906258.00000000874CC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdef#
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdef
Source: javaw.exe, 00000002.00000003.2296906258.00000000874CC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdef3
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/warn-on-duplicate-entitydef
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/xinclude
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-uris
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-language
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/input-buffer-size
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/input-buffer-size;-
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factory
Source: javaw.exe, 00000002.00000003.2296906258.00000000874CC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factory36
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factoryGER
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/document-scanner
Source: javaw.exe, 00000002.00000003.2296906258.00000000874CC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/document-scanner3
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/dtd-processord-e
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner/stri
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/entity-manager
Source: javaw.exe, 00000002.00000003.2296906258.00000000874CC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/entity-managerC
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/entity-managerSt
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/error-handler
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/error-reporter
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/error-reporterrs
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/grammar-pool
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/namespace-binder
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/namespace-binder3M
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/namespace-context
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolver
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/symbol-table
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validation-manager
Source: javaw.exe, 00000002.00000003.2296906258.00000000874CC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validation-managercL
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factoryCJ
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factorylHan
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validator/dtd
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validator/dtd-ht
Source: javaw.exe, 00000002.00000003.2296906258.00000000874CC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validator/dtdSP
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validator/schema
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/xinclude-handler
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/locale
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/localeal/
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/n
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocation
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocationibu
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/security-manager
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/validation/schema/root-element-declaration
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/validation/schema/root-element-declaration3K
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/validation/schema/root-element-declarationmentHan
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/validation/schema/root-type-definition
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/validation/schema/root-type-definitionsol
Source: javaw.exe, 00000002.00000003.2586763509.0000012E63F57000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymousTypes
Source: java.dll.0.dr, jrunscript.exe.0.dr, lcms.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: java.dll.0.dr, jrunscript.exe.0.dr, lcms.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: java.dll.0.dr, jrunscript.exe.0.dr, lcms.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: java.dll.0.dr, jrunscript.exe.0.dr, lcms.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
Source: javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.htmlr
Source: javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.certigna.fr/certignarootca.crl
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
Source: javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.chambersign.org/chambersroot.crlkwell
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.chambersign.org/chambersroot.crlm
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.chambersign.org/chambersroot.crlme
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crlght
Source: javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crlghtK
Source: javaw.exe, 00000002.00000002.3285538078.0000000086D00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: javaw.exe, 00000002.00000003.2289356610.0000000086D00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086D00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
Source: javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crln
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: javaw.exe, 00000002.00000003.2296906258.0000000087606000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087783000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087646000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.00000000876C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: javaw.exe, 00000002.00000002.3285538078.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crler
Source: javaw.exe, 00000002.00000003.2296906258.0000000087783000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crlerCDG
Source: javaw.exe, 00000002.00000003.2289356610.0000000086F54000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: javaw.exe, 00000002.00000002.3285538078.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.00000000876C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl1.softwareag.com/Software%20AG%20CA%202.crt
Source: javaw.exe, 00000002.00000002.3285538078.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl1.softwareag.com/Software%20AG%20CA%202.crt0A
Source: javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl1.softwareag.com/Software%20AG%20Root%20CA%202020.crl
Source: javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl1.softwareag.com/Software%20AG%20Root%20CA%202020.crt
Source: javaw.exe, 00000002.00000002.3285538078.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl1.softwareag.com/Software%20AG%20Root%20CA%202020.crt0K
Source: javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl2.softwareag.com/Software%20AG%20CA%202.crt
Source: javaw.exe, 00000002.00000002.3285538078.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl2.softwareag.com/Software%20AG%20CA%202.crt0
Source: javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl2.softwareag.com/Software%20AG%20Root%20CA%202020.crl
Source: javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl2.softwareag.com/Software%20AG%20Root%20CA%202020.crlK
Source: javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl2.softwareag.com/Software%20AG%20Root%20CA%202020.crt
Source: javaw.exe, 00000002.00000002.3285538078.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl2.softwareag.com/Software%20AG%20Root%20CA%202020.crt0
Source: java.dll.0.dr, jrunscript.exe.0.dr, lcms.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: java.dll.0.dr, jrunscript.exe.0.dr, lcms.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: java.dll.0.dr, jrunscript.exe.0.dr, lcms.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: lcms.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: java.dll.0.dr, jrunscript.exe.0.dr, lcms.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe, 00000000.00000002.3283989553.0000000000028000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: http://documentation.softwareag.com/legal/general_license.txt
Source: javaw.exe, 00000002.00000003.2586763509.0000012E63F57000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/dom/properties/
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/
Source: javaw.exe, 00000002.00000003.2296906258.00000000874CC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/3
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/ax
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguage
Source: javaw.exe, 00000002.00000003.2296906258.00000000874CC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguage;H
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaSource
Source: javaw.exe, 00000002.00000003.2586763509.0000012E63F57000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/schema/features/
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace
Source: javaw.exe, 00000002.00000003.2586763509.0000012E63F57000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/stream/properties/
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtdh.
Source: javaw.exe, 00000002.00000003.2586763509.0000012E63F57000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/stream/properties/reader-in-defined-state
Source: javaw.exe, 00000002.00000003.2328124352.0000012E684C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/stream/properties/report-cdata-event
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/feature/secure-processing
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/feature/useCatalog
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/feature/useCatalogpa
Source: javaw.exe, 00000002.00000003.2586763509.0000012E63F57000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/property/
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTD
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchema
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchemas:
Source: javaw.exe, 00000002.00000003.2296906258.00000000874CC000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2330076875.0000012E63301000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086C00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.00000000878DE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3287463619.0000012E483F0000.00000002.00000001.00040000.00000019.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://null.oracle.com/
Source: javaw.exe, 00000002.00000003.2296906258.00000000878DE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://null.oracle.com/C
Source: javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es0
Source: java.dll.0.dr, jrunscript.exe.0.dr, lcms.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: java.dll.0.dr, jrunscript.exe.0.dr, lcms.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: java.dll.0.dr, jrunscript.exe.0.dr, lcms.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: java.dll.0.dr, jrunscript.exe.0.dr, lcms.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe, 00000000.00000002.3283989553.0000000000028000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: http://ocsp.example.net:80
Source: javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://pki.corp.softwareag.com/CertEnroll/Software%20AG%20-%20Root%20Certification%20Authority(4).cr
Source: javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://pki.corp.softwareag.com/CertEnroll/cps.txt
Source: javaw.exe, 00000002.00000002.3285538078.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://pki.corp.softwareag.com/CertEnroll/cps.txt0
Source: javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://pki.corp.softwareag.com/CertEnroll/cps.txtS
Source: javaw.exe, 00000002.00000002.3285538078.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://pki.corp.softwareag.com/CertEnroll/cps.txtp
Source: javaw.exe, 00000002.00000002.3285538078.0000000086D00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://policy.camerfirma.com
Source: javaw.exe, 00000002.00000002.3285538078.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086D00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.00000000876C0000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086D00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://policy.camerfirma.com0
Source: javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://policy.camerfirma.come
Source: javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://policy.camerfirma.comeng
Source: javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://policy.camerfirma.comhtm
Source: javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://policy.camerfirma.comk
Source: javaw.exe, 00000002.00000002.3285538078.0000000086D00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/
Source: javaw.exe, 00000002.00000002.3285538078.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086D00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086D00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/0
Source: javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/55
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/6
Source: javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/SC
Source: javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/m
Source: javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/mb
Source: javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/nla
Source: javaw.exe, 00000002.00000003.2289356610.0000000086D00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086D00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/t
Source: javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/ttokD
Source: javaw.exe, 00000002.00000002.3283965661.00000000801C6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://softwareag.com/licenses
Source: javaw.exe, 00000002.00000003.2289356610.0000000087993000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086F54000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://softwareag.com/licenses.
Source: javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es
Source: javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt
Source: javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt#Y
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlcale
Source: javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlcale;d
Source: javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htms_
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es00
Source: javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.esS
Source: javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.eska
Source: javaw.exe, 00000002.00000002.3283965661.0000000080000000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3287463619.0000012E479F0000.00000002.00000001.00040000.00000019.sdmp	String found in binary or memory: http://www.azul.com/
Source: javaw.exe, 00000002.00000002.3283965661.0000000080000000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3287463619.0000012E479F0000.00000002.00000001.00040000.00000019.sdmp	String found in binary or memory: http://www.azul.com/support/
Source: javaw.exe, 00000002.00000003.2289356610.00000000876C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: javaw.exe, 00000002.00000003.2296906258.0000000087646000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.00000000876C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/0
Source: javaw.exe, 00000002.00000003.2289356610.00000000876C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/s
Source: javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.chambersign.org
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.chambersign.org1
Source: java.dll.0.dr, jrunscript.exe.0.dr, lcms.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.firmaprofesional.com/cps
Source: javaw.exe, 00000002.00000003.2289356610.0000000087683000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087646000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.00000000876C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.firmaprofesional.com/cpsc
Source: javaw.exe, 00000002.00000003.2289356610.0000000087683000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.firmaprofesional.com/cpsi
Source: javaw.exe, 00000002.00000003.2296906258.00000000873C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comhttp://www.fontbureau.com/designers/NormalNormaaliNormalNorm
Source: javaw.exe, 00000002.00000003.2289356610.0000000087346000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comhttp://www.fontbureau.com/designers/cabarga.htmlNegritaMagneto
Source: javaw.exe, 00000002.00000003.2296906258.00000000874CC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comhttp://www.fontbureau.com/designersCursivaCalifornian
Source: javaw.exe, 00000002.00000003.2296906258.00000000874CC000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087383000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comhttp://www.fontbureau.com/designersNormalNormaaliNormalNorm
Source: javaw.exe, 00000002.00000003.2289356610.0000000087306000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/NormalNormaaliNormalNorm
Source: javaw.exe, 00000002.00000003.2289356610.0000000087306000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/http://www.galapagosdesign.com/staff/dennis.htmPlease
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/feature/use-service-mechanism
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/is-standalone
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/is-standalones
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/
Source: javaw.exe, 00000002.00000002.3285538078.0000000086D00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/elementAttributeLimit
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/enableExtensionFunctions
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/enableExtensionFunctionss
Source: javaw.exe, 00000002.00000002.3285538078.0000000086D00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit
Source: javaw.exe, 00000002.00000002.3285538078.0000000086D00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityReplacementLimit
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/getEntityCountInfo
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/getEntityCountInfoK
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/isStandalone
Source: javaw.exe, 00000002.00000002.3285538078.0000000086D00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxElementDepth
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxElementDepth;
Source: javaw.exe, 00000002.00000002.3285538078.0000000086D00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxGeneralEntitySizeLimit
Source: javaw.exe, 00000002.00000002.3285538078.0000000086D00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxOccurLimit
Source: javaw.exe, 00000002.00000002.3285538078.0000000086D00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimit
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimits
Source: javaw.exe, 00000002.00000002.3285538078.0000000086D00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxXMLNameLimit
Source: javaw.exe, 00000002.00000002.3285538078.0000000086D00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/totalEntitySizeLimit
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/xsltcIsStandalone
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/xsltcIsStandalone#
Source: javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cpss
Source: SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe, 00000000.00000002.3284773324.0000000002260000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.skaro.net
Source: SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe, 00000000.00000002.3284773324.0000000002260000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.skaro.net/zipfusion/contact.html
Source: SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe, 00000000.00000002.3284773324.0000000002260000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.skaro.net/zipfusion/regn.html
Source: SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe, 00000000.00000002.3284773324.0000000002260000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.skaro.net/zipfusion/regn.html:
Source: SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	String found in binary or memory: http://www.skaro.net/zipfusionD
Source: javaw.exe, 00000002.00000003.2296906258.0000000087383000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.comMicrosoft
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deNormalNormaaliNormalNorm
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.dePlease
Source: javaw.exe, 00000002.00000003.2289356610.0000000087306000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: javaw.exe, 00000002.00000003.2296906258.00000000874CC000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2252782431.0000012E63984000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2586697815.0000012E6396C000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086C00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2328414279.0000012E63981000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2327338703.0000012E6397B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTD
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/external-general-entities
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/external-general-entities3)
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/external-parameter-entities
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/external-parameter-entitiess(
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/namespace-prefixes
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/namespace-prefixes.
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/namespaces
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/string-interning
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/validation
Source: javaw.exe, 00000002.00000003.2257625434.0000012E63532000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/validation.
Source: javaw.exe, 00000002.00000003.2296906258.00000000874CC000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2252782431.0000012E63984000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2586697815.0000012E6396C000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086C00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2328414279.0000012E63981000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2327338703.0000012E6397B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/properties/
Source: javaw.exe, 00000002.00000003.2296906258.00000000874CC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/properties/C
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/properties/declaration-handler
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/properties/dom-node
Source: javaw.exe, 00000002.00000003.2324442714.0000012E63974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/properties/lexical-handler
Source: javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/properties/lexical-handler39
Source: javaw.exe, 00000002.00000003.2289356610.0000000086C00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/properties/xml-string
Source: javaw.exe, 00000002.00000003.2326829190.0000012E68504000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/properties/xml-stringar
Source: javaw.exe, 00000002.00000002.3283965661.00000000801C6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://documentation.softwareag.com/legal/general_license.txt
Source: javaw.exe, 00000002.00000003.2289356610.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://repository.luxtrust.lu
Source: javaw.exe, 00000002.00000002.3285538078.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000086F54000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087410000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.00000000876C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://repository.luxtrust.lu0
Source: javaw.exe, 00000002.00000002.3285855469.0000000087E00000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://repository.luxtrust.luk
Source: javaw.exe, 00000002.00000003.2289356610.00000000879B9000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sdc.softwareag.com
Source: javaw.exe, 00000002.00000003.2289356610.00000000879B9000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sdc.softwareag.com/cgi-bin/dataserveMASTER.cgi
Source: javaw.exe, 00000002.00000003.2289356610.00000000879B9000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sdc.softwareag.com/cgi-bin/dataserveMASTER.cgi#
Source: javaw.exe, 00000002.00000003.2289356610.00000000879B9000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sdc.softwareag.com/services/auth
Source: javaw.exe, 00000002.00000003.2289356610.00000000879B9000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sdc.softwareag.com/services/sum-repository-service
Source: javaw.exe, 00000002.00000003.2289356610.00000000879B9000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sdc.softwareag.com/services/sum-repository-service/actuator/health
Source: javaw.exe, 00000002.00000003.2289356610.00000000879B9000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sdc.softwareag.com/services/sum-repository-service/actuator/healthc
Source: javaw.exe, 00000002.00000003.2289356610.00000000879B9000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sdc.softwareag.com/services/sum-repository-service/components/updates/GA_Fix_Repo
Source: javaw.exe, 00000002.00000003.2289356610.00000000879B9000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sdc.softwareag.com/services/sum-repository-service1
Source: javaw.exe, 00000002.00000003.2289356610.00000000879B9000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sdc.softwareag.com/services/sum-repository-serviceJ
Source: javaw.exe, 00000002.00000002.3283965661.0000000080216000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.00000000879F7000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sdc.softwareag.com/sumv2/api/version
Source: javaw.exe, 00000002.00000002.3283965661.00000000801C6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://softwareag.com/licenses
Source: unicode.md.0.dr	String found in binary or memory: https://www.unicode.org/copyright.html.
Source: javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/
Source: javaw.exe, 00000002.00000003.2289356610.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000002.3285538078.0000000086DBF000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2289356610.0000000087BE8000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000002.00000003.2296906258.0000000087AF6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/0m

Dropped file seen in connection with other malware

Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-console-l1-1-0.dll 191E08DEA0AD5AC02E7E84669D9FFFA5AA67DC696E36077C5FA20D81C80B6A56
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-console-l1-2-0.dll 9E04918D9E751DBC56D0251D3ADA573381B469A012599554D72AA4AFFDA9658A

PE file does not import any functions

Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-private-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-fibers-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-multibyte-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-2-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found

Uses 32bit PE files

Source: SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: classification engine

Classification label: clean12.winEXE@56/388@0/0

Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\83aa4cc77f591dfc2374580bbd95f6ba_9e146be9-c76a-4720-bcdb-53011b87bd06

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2072:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5044:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2200:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3364:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5644:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1880:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4368:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4724:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4676:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5468:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2636:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6436:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5084:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3836:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5168:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4072:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4332:120:WilError_03

Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe

File created: C:\Users\user\AppData\Local\Temp\ZFI_3536

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe

Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar3441555891569706586.bat

Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe

Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Jump to behavior

Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe

File read: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe "C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe"
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Process created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe "C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe" -Dbootstrapper.version=11.0.0.0000-0617 -classpath SUMLauncher.jar com.softwareag.plm.sum.client.launcher.installer.Main
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar3441555891569706586.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar10818828613249938793.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar17401203860513035475.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar13494803152977832873.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar12061198024144877217.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar679868451359564232.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar1160597909741069849.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar9524271340662204174.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar8642198764105678578.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar4678659186746217219.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar4430410592668505130.bat
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar4588889823313094399.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar9879207687526437611.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar9521514706033490886.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar7729600830500743558.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar11338522504124708664.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar17841775868638982939.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar4667907513633472375.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Process created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe "C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe" -Dbootstrapper.version=11.0.0.0000-0617 -classpath SUMLauncher.jar com.softwareag.plm.sum.client.launcher.installer.Main	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar3441555891569706586.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar10818828613249938793.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar17401203860513035475.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar13494803152977832873.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar12061198024144877217.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar679868451359564232.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar1160597909741069849.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar9524271340662204174.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar8642198764105678578.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar4678659186746217219.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar4430410592668505130.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar4588889823313094399.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar9879207687526437611.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar9521514706033490886.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar7729600830500743558.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar11338522504124708664.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar17841775868638982939.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar4667907513633472375.bat	Jump to behavior

Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: ksuser.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: avrt.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: audioses.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: midimap.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: riched32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: jli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: opengl32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: glu32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior

Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00021401-0000-0000-C000-000000000046}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe

Window found: window name: RICHEDIT

Jump to behavior

Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe

File opened: C:\Windows\SysWOW64\RICHED32.DLL

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe

Static PE information: certificate valid

Source: SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe

Static file information: File size 41718784 > 1048576

Source:	Binary string: java.pdb source: java.dll.0.dr
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: api-ms-win-core-localization-l1-2-0.dll.0.dr
Source:	Binary string: api-ms-win-core-util-l1-1-0.pdb source: api-ms-win-core-util-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-heap-l1-1-0.pdbGCTL source: api-ms-win-core-heap-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-math-l1-1-0.pdbGCTL source: api-ms-win-crt-math-l1-1-0.dll.0.dr
Source:	Binary string: javaw.pdb source: javaw.exe, 00000002.00000000.2165491630.00007FF7B1382000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: jrunscript.pdb source: jrunscript.exe.0.dr
Source:	Binary string: api-ms-win-core-sysinfo-l1-1-0.pdbGCTL source: api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source:	Binary string: lcms.pdb// source: lcms.dll.0.dr
Source:	Binary string: lcms.pdb source: lcms.dll.0.dr
Source:	Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-util-l1-1-0.pdbGCTL source: api-ms-win-core-util-l1-1-0.dll.0.dr
Source:	Binary string: java.pdbzz source: java.dll.0.dr
Source:	Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.0.dr
Source:	Binary string: api-ms-win-crt-math-l1-1-0.pdb source: api-ms-win-crt-math-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-interlocked-l1-1-0.pdbGCTL source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source:	Binary string: api-ms-win-core-heap-l1-1-0.pdb source: api-ms-win-core-heap-l1-1-0.dll.0.dr

Binary contains a suspicious time stamp

Source: api-ms-win-core-errorhandling-l1-1-0.dll.0.dr

Static PE information: 0xAEAB7D2A [Sat Nov 11 12:38:02 2062 UTC]

PE file contains an invalid checksum

Source: ktab.exe.0.dr	Static PE information: real checksum: 0xcf85 should be: 0xc43d
Source: javaw.exe.0.dr	Static PE information: real checksum: 0x1afa2 should be: 0xfde6
Source: jrunscript.exe.0.dr	Static PE information: real checksum: 0xce21 should be: 0xc2d9
Source: keytool.exe.0.dr	Static PE information: real checksum: 0xb910 should be: 0x10753
Source: kinit.exe.0.dr	Static PE information: real checksum: 0x11a97 should be: 0x68db
Source: jabswitch.exe.0.dr	Static PE information: real checksum: 0x1116d should be: 0x15fb3
Source: freetype.dll.0.dr	Static PE information: real checksum: 0x86b0c should be: 0x8be2e
Source: jfr.exe.0.dr	Static PE information: real checksum: 0x15298 should be: 0xa0dc
Source: klist.exe.0.dr	Static PE information: real checksum: 0x143ba should be: 0x91fe
Source: java.exe.0.dr	Static PE information: real checksum: 0x17f81 should be: 0x16242
Source: rmiregistry.exe.0.dr	Static PE information: real checksum: 0x1393c should be: 0x8780

PE file contains sections with non-standard names

Source: jsvml.dll.0.dr	Static PE information: section name: _RDATA
Source: fontmanager.dll.0.dr	Static PE information: section name: _RDATA
Source: vcruntime140.dll.0.dr	Static PE information: section name: _RDATA
Source: javaaccessbridge.dll.0.dr	Static PE information: section name: _RDATA

Drops PE files

Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jabswitch.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\net.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\sspi_bridge.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\lcms.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\j2gss.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jrunscript.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\j2pkcs11.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\java.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jli.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\management_ext.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\ktab.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\keytool.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\WinFallbackLookup.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jimage.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jdwp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\java.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\vcruntime140_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\klist.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\windowsaccessbridge-64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jaas.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\mlib_image.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaaccessbridge.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-console-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\management.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\management_agent.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\j2pcsc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javajpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\ucrtbase.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-fibers-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\kinit.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jaccesswalker.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\prefs.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jfr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\rmiregistry.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jsound.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jaccessinspector.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\verify.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\sunmscapi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\w2k_lsa_auth.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\freetype.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\fontmanager.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\rmi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\zip.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jawt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jsvml.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\server\jvm.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\instrument.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\nio.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\awt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\splashscreen.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\dt_socket.dll	Jump to dropped file

Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\readme.txt			Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\conf\security\policy\README.txt			Jump to behavior

Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jabswitch.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\net.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\sspi_bridge.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\lcms.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jrunscript.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\j2gss.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\j2pkcs11.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\java.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\management_ext.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\ktab.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\keytool.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\WinFallbackLookup.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jimage.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\java.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jdwp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\vcruntime140_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\klist.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\windowsaccessbridge-64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jaas.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaaccessbridge.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\mlib_image.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-console-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\management.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\management_agent.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\j2pcsc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javajpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-fibers-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jaccesswalker.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\kinit.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\prefs.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jfr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\rmiregistry.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jaccessinspector.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jsound.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\verify.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\sunmscapi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\w2k_lsa_auth.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\freetype.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\fontmanager.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\rmi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\zip.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jawt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\jsvml.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\server\jvm.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\instrument.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\nio.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\awt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\splashscreen.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\dt_socket.dll	Jump to dropped file

Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs	Jump to behavior

Source: javaw.exe, 00000002.00000002.3287463619.0000012E479F0000.00000002.00000001.00040000.00000019.sdmp, classlist.0.dr	Binary or memory string: java/lang/VirtualMachineError
Source: javaw.exe, 00000002.00000002.3287463619.0000012E479F0000.00000002.00000001.00040000.00000019.sdmp	Binary or memory string: VirtualMachineError
Source: javaw.exe, 00000002.00000002.3287109941.0000012E4612D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe

Memory protected: page read and write | page guard

Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Process created: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe "C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe" -Dbootstrapper.version=11.0.0.0000-0617 -classpath SUMLauncher.jar com.softwareag.plm.sum.client.launcher.installer.Main	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar3441555891569706586.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar10818828613249938793.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar17401203860513035475.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar13494803152977832873.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar12061198024144877217.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar679868451359564232.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar1160597909741069849.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar9524271340662204174.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar8642198764105678578.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar4678659186746217219.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar4430410592668505130.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar4588889823313094399.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar9879207687526437611.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar9521514706033490886.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar7729600830500743558.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar11338522504124708664.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar17841775868638982939.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Process created: C:\Windows\System32\cmd.exe CMD /C C:\Users\user\AppData\Local\Temp\envvar4667907513633472375.bat	Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\java.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\server\jvm.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\java.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\java.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\java.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\lib\modules VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\hsperfdata_user\6544 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\logs\launcher_gui260424_14-40-28.log.lck VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\ZFI_3536\jre\bin\javaw.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

ID:	1432124
Product:	CloudBasic
Start time:	14:39:21
Start date:	26.04.2024
Sample:	SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	fcf252f884324dab8d0831f3edde05bf
SHA1:	b9a566b4a184ed0435e026a9724774245204eccd
SHA256:	d92ffd29ee3f93e059c8efda75e4886be9c48f0eb0335cb21ebc563e95d85df1
Filetype:	Win32 Executable (generic) a (10002005/4) 99.94%

Windows Analysis Report
SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
SoftwareAGUpdateManagerInstaller20231121-11-Windows.exe