Source: java.exe, 00000008.00000002.240115149.0000000005254000.00000004.00000001.sdmp, java.exe, 0000000B.00000002.478504835.000000000A598000.00000004.00000001.sdmp |
String found in binary or memory: http://bugreport.sun.com/bugreport/ |
Source: javaw.exe, 00000007.00000002.231546296.000000000A723000.00000004.00000001.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt |
Source: javaw.exe, 00000007.00000002.231505878.000000000A717000.00000004.00000001.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt0 |
Source: javaw.exe, 00000007.00000002.230443511.00000000052E4000.00000004.00000001.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt3 |
Source: javaw.exe, 00000007.00000002.230154394.0000000005268000.00000004.00000001.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt9 |
Source: javaw.exe, 00000007.00000002.230154394.0000000005268000.00000004.00000001.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt90 |
Source: javaw.exe, 00000007.00000002.230179968.0000000005274000.00000004.00000001.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crtS |
Source: javaw.exe, 00000007.00000002.230443511.00000000052E4000.00000004.00000001.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crts |
Source: javaw.exe, 00000007.00000002.231505878.000000000A717000.00000004.00000001.sdmp, javaw.exe, 00000007.00000002.230572094.000000000534F000.00000004.00000001.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt |
Source: javaw.exe, 00000007.00000002.230503075.0000000005309000.00000004.00000001.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt0 |
Source: java.exe, 0000000B.00000002.479989081.000000000A72A000.00000004.00000001.sdmp |
String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html |
Source: javaw.exe, 00000007.00000002.231004788.000000000A525000.00000004.00000001.sdmp, java.exe, 00000008.00000002.240603827.00000000056CD000.00000004.00000001.sdmp, java.exe, 0000000B.00000002.479989081.000000000A72A000.00000004.00000001.sdmp |
String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0 |
Source: java.exe, 0000000B.00000002.479989081.000000000A72A000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.chambersign.org/chambersroot.crl |
Source: javaw.exe, 00000007.00000002.231004788.000000000A525000.00000004.00000001.sdmp, java.exe, 00000008.00000002.240603827.00000000056CD000.00000004.00000001.sdmp, java.exe, 0000000B.00000002.479989081.000000000A72A000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.chambersign.org/chambersroot.crl0 |
Source: java.exe, 00000008.00000002.240603827.00000000056CD000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.chambersign.org/chambersroot.crlK% |
Source: javaw.exe, 00000007.00000002.231004788.000000000A525000.00000004.00000001.sdmp, java.exe, 00000008.00000002.240908433.000000000A926000.00000004.00000001.sdmp, java.exe, 0000000B.00000002.479989081.000000000A72A000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl |
Source: javaw.exe, 00000007.00000002.231004788.000000000A525000.00000004.00000001.sdmp, java.exe, 00000008.00000002.240603827.00000000056CD000.00000004.00000001.sdmp, java.exe, 0000000B.00000002.479989081.000000000A72A000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: javaw.exe, 00000007.00000002.231004788.000000000A525000.00000004.00000001.sdmp, java.exe, 00000008.00000002.240908433.000000000A926000.00000004.00000001.sdmp, java.exe, 0000000B.00000002.479989081.000000000A72A000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.globalsign.net/root-r2.crl |
Source: javaw.exe, 00000007.00000002.231004788.000000000A525000.00000004.00000001.sdmp, java.exe, 00000008.00000002.240603827.00000000056CD000.00000004.00000001.sdmp, java.exe, 0000000B.00000002.479989081.000000000A72A000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: java.exe, 0000000B.00000002.479989081.000000000A72A000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.securetrust.com/STCA.crl |
Source: javaw.exe, 00000007.00000002.231004788.000000000A525000.00000004.00000001.sdmp, java.exe, 00000008.00000002.240603827.00000000056CD000.00000004.00000001.sdmp, java.exe, 0000000B.00000002.479989081.000000000A72A000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.securetrust.com/STCA.crl0 |
Source: javaw.exe, 00000007.00000002.231004788.000000000A525000.00000004.00000001.sdmp, java.exe, 00000008.00000002.240908433.000000000A926000.00000004.00000001.sdmp, java.exe, 0000000B.00000002.479989081.000000000A72A000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl |
Source: javaw.exe, 00000007.00000002.231004788.000000000A525000.00000004.00000001.sdmp, java.exe, 00000008.00000002.240603827.00000000056CD000.00000004.00000001.sdmp, java.exe, 0000000B.00000002.479989081.000000000A72A000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0 |
Source: javaw.exe, 00000007.00000002.231546296.000000000A723000.00000004.00000001.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl |
Source: javaw.exe, 00000007.00000002.231505878.000000000A717000.00000004.00000001.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07 |
Source: javaw.exe, 00000007.00000002.230443511.00000000052E4000.00000004.00000001.sdmp, javaw.exe, 00000007.00000002.231546296.000000000A723000.00000004.00000001.sdmp |
String found in binary or memory: http://crl3.digicert.com/sha2-ha-server-g6.crl |
Source: javaw.exe, 00000007.00000002.230211483.0000000005287000.00000004.00000001.sdmp |
String found in binary or memory: http://crl3.digicert.com/sha2-ha-server-g6.crl# |
Source: javaw.exe, 00000007.00000002.231505878.000000000A717000.00000004.00000001.sdmp |
String found in binary or memory: http://crl3.digicert.com/sha2-ha-server-g6.crl04 |
Source: javaw.exe, 00000007.00000002.230154394.0000000005268000.00000004.00000001.sdmp |
String found in binary or memory: http://crl3.digicert.com/sha2-ha-server-g6.crl90 |
Source: javaw.exe, 00000007.00000002.231223812.000000000A64E000.00000004.00000001.sdmp |
String found in binary or memory: http://crl3.digicert.com/ssca-sha2-g6.crl |
Source: javaw.exe, 00000007.00000002.231223812.000000000A64E000.00000004.00000001.sdmp |
String found in binary or memory: http://crl3.digicert.com/ssca-sha2-g6.crl0/ |
Source: javaw.exe, 00000007.00000002.231546296.000000000A723000.00000004.00000001.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl |
Source: javaw.exe, 00000007.00000002.231505878.000000000A717000.00000004.00000001.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl0= |
Source: javaw.exe, 00000007.00000002.231546296.000000000A723000.00000004.00000001.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl |
Source: javaw.exe, 00000007.00000002.231505878.000000000A717000.00000004.00000001.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0= |
Source: javaw.exe, 00000007.00000002.230443511.00000000052E4000.00000004.00000001.sdmp, javaw.exe, 00000007.00000002.230211483.0000000005287000.00000004.00000001.sdmp, javaw.exe, 00000007.00000002.231546296.000000000A723000.00000004.00000001.sdmp |
String found in binary or memory: http://crl4.digicert.com/sha2-ha-server-g6.crl |
Source: javaw.exe, 00000007.00000002.231505878.000000000A717000.00000004.00000001.sdmp |
String found in binary or memory: http://crl4.digicert.com/sha2-ha-server-g6.crl0L |
Source: javaw.exe, 00000007.00000002.230154394.0000000005268000.00000004.00000001.sdmp |
String found in binary or memory: http://crl4.digicert.com/sha2-ha-server-g6.crl9 |
Source: javaw.exe, 00000007.00000002.230443511.00000000052E4000.00000004.00000001.sdmp |
String found in binary or memory: http://crl4.digicert.com/sha2-ha-server-g6.crlfferent |
Source: javaw.exe, 00000007.00000002.231223812.000000000A64E000.00000004.00000001.sdmp, javaw.exe, 00000007.00000002.230572094.000000000534F000.00000004.00000001.sdmp |
String found in binary or memory: http://crl4.digicert.com/ssca-sha2-g6.crl |
Source: javaw.exe, 00000007.00000002.230503075.0000000005309000.00000004.00000001.sdmp |
String found in binary or memory: http://crl4.digicert.com/ssca-sha2-g6.crl0L |
Source: java.exe, 00000003.00000002.199757814.0000000004B32000.00000004.00000001.sdmp, java.exe, 00000003.00000002.199851526.0000000009BD5000.00000004.00000001.sdmp, javaw.exe, 00000007.00000002.230632591.000000000A3A2000.00000004.00000001.sdmp, java.exe, 00000008.00000002.240115149.0000000005254000.00000004.00000001.sdmp, java.exe, 0000000B.00000002.478598950.000000000A5A1000.00000004.00000001.sdmp |
String found in binary or memory: http://java.oracle.com/ |
Source: java.exe, 0000000B.00000002.472694359.00000000051AA000.00000004.00000001.sdmp |
String found in binary or memory: http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5 |
Source: java.exe |
String found in binary or memory: http://null.oracle.com/ |
Source: javaw.exe, 00000007.00000002.231546296.000000000A723000.00000004.00000001.sdmp |
String found in binary or memory: http://ocsp.digicert.com |
Source: javaw.exe, 00000007.00000002.231505878.000000000A717000.00000004.00000001.sdmp |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: javaw.exe, 00000007.00000002.231505878.000000000A717000.00000004.00000001.sdmp |
String found in binary or memory: http://ocsp.digicert.com0F |
Source: javaw.exe, 00000007.00000002.231505878.000000000A717000.00000004.00000001.sdmp |
String found in binary or memory: http://ocsp.digicert.com0K |
Source: javaw.exe, 00000007.00000002.231505878.000000000A717000.00000004.00000001.sdmp |
String found in binary or memory: http://ocsp.digicert.com0M |
Source: javaw.exe, 00000007.00000002.230154394.0000000005268000.00000004.00000001.sdmp |
String found in binary or memory: http://ocsp.digicert.com90 |
Source: javaw.exe, 00000007.00000002.230179968.0000000005274000.00000004.00000001.sdmp |
String found in binary or memory: http://ocsp.digicert.comS |
Source: javaw.exe, 00000007.00000002.230443511.00000000052E4000.00000004.00000001.sdmp |
String found in binary or memory: http://ocsp.digicert.coms |
Source: wscript.exe, 00000006.00000003.204854343.000000000548C000.00000004.00000001.sdmp |
String found in binary or memory: http://ops.com.pa/jre7.zip |
Source: wscript.exe, 00000006.00000003.207608361.00000000061F0000.00000004.00000001.sdmp |
String found in binary or memory: http://ops.com.pa/jre7.zipnf |
Source: java.exe, 0000000B.00000002.479989081.000000000A72A000.00000004.00000001.sdmp |
String found in binary or memory: http://policy.camerfirma.com |
Source: javaw.exe, 00000007.00000002.231004788.000000000A525000.00000004.00000001.sdmp, java.exe, 00000008.00000002.240603827.00000000056CD000.00000004.00000001.sdmp, java.exe, 0000000B.00000002.479989081.000000000A72A000.00000004.00000001.sdmp |
String found in binary or memory: http://policy.camerfirma.com0 |
Source: java.exe, 0000000B.00000002.479989081.000000000A72A000.00000004.00000001.sdmp |
String found in binary or memory: http://repository.swisssign.com/ |
Source: javaw.exe, 00000007.00000002.231004788.000000000A525000.00000004.00000001.sdmp, java.exe, 00000008.00000002.240603827.00000000056CD000.00000004.00000001.sdmp, java.exe, 0000000B.00000002.479989081.000000000A72A000.00000004.00000001.sdmp |
String found in binary or memory: http://repository.swisssign.com/0 |
Source: java.exe, 0000000B.00000002.475250989.00000000053CA000.00000004.00000001.sdmp |
String found in binary or memory: http://str-master.pw |
Source: java.exe, 0000000B.00000002.475200533.00000000053C1000.00000004.00000001.sdmp |
String found in binary or memory: http://str-master.pw/strigoi/server/ping.php |
Source: java.exe, 0000000B.00000002.475250989.00000000053CA000.00000004.00000001.sdmp |
String found in binary or memory: http://str-master.pw/strigoi/server/ping.php? |
Source: java.exe, 0000000B.00000002.475200533.00000000053C1000.00000004.00000001.sdmp |
String found in binary or memory: http://str-master.pw/strigoi/server/ping.php?lid= |
Source: java.exe, 0000000B.00000002.475250989.00000000053CA000.00000004.00000001.sdmp, java.exe, 0000000B.00000002.475200533.00000000053C1000.00000004.00000001.sdmp |
String found in binary or memory: http://str-master.pw/strigoi/server/ping.php?lid=RUGR-ATSN-D14P-VBXX-49LW |
Source: java.exe, 0000000B.00000002.479989081.000000000A72A000.00000004.00000001.sdmp |
String found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl |
Source: javaw.exe, 00000007.00000002.231004788.000000000A525000.00000004.00000001.sdmp, java.exe, 00000008.00000002.240603827.00000000056CD000.00000004.00000001.sdmp, java.exe, 0000000B.00000002.479989081.000000000A72A000.00000004.00000001.sdmp |
String found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0 |
Source: javaw.exe, 00000007.00000002.230591347.000000000A36E000.00000004.00000001.sdmp, java.exe, 00000008.00000002.240669616.000000000A76C000.00000004.00000001.sdmp, java.exe, 0000000B.00000002.478558218.000000000A59F000.00000004.00000001.sdmp |
String found in binary or memory: http://www.allatori.com |
Source: javaw.exe, 00000007.00000002.231305715.000000000A6CC000.00000004.00000001.sdmp |
String found in binary or memory: http://www.apache.org/licenses/ |
Source: java.exe |
String found in binary or memory: http://www.apache.org/licenses/LICEN |
Source: java.exe, 00000008.00000003.236877886.00000000157D7000.00000004.00000001.sdmp, java.exe, 0000000B.00000002.485142565.00000000156D4000.00000004.00000001.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.txt |
Source: java.exe, 0000000B.00000002.479989081.000000000A72A000.00000004.00000001.sdmp |
String found in binary or memory: http://www.certplus.com/CRL/class2.crl |
Source: javaw.exe, 00000007.00000002.231004788.000000000A525000.00000004.00000001.sdmp, java.exe, 00000008.00000002.240603827.00000000056CD000.00000004.00000001.sdmp, java.exe, 0000000B.00000002.479989081.000000000A72A000.00000004.00000001.sdmp |
String found in binary or memory: http://www.certplus.com/CRL/class2.crl0 |
Source: java.exe, 0000000B.00000002.479989081.000000000A72A000.00000004.00000001.sdmp |
String found in binary or memory: http://www.certplus.com/CRL/class3P.crl |
Source: javaw.exe, 00000007.00000002.231004788.000000000A525000.00000004.00000001.sdmp, java.exe, 00000008.00000002.240603827.00000000056CD000.00000004.00000001.sdmp, java.exe, 0000000B.00000002.479989081.000000000A72A000.00000004.00000001.sdmp |
String found in binary or memory: http://www.certplus.com/CRL/class3P.crl0 |
Source: javaw.exe, 00000007.00000002.231305715.000000000A6CC000.00000004.00000001.sdmp, java.exe, 00000008.00000002.240908433.000000000A926000.00000004.00000001.sdmp, java.exe, 0000000B.00000002.479989081.000000000A72A000.00000004.00000001.sdmp |
String found in binary or memory: http://www.chambersign.org |
Source: javaw.exe, 00000007.00000002.231004788.000000000A525000.00000004.00000001.sdmp, java.exe, 00000008.00000002.240603827.00000000056CD000.00000004.00000001.sdmp, java.exe, 0000000B.00000002.479989081.000000000A72A000.00000004.00000001.sdmp |
String found in binary or memory: http://www.chambersign.org1 |
Source: javaw.exe, 00000007.00000002.231004788.000000000A525000.00000004.00000001.sdmp, java.exe, 00000008.00000002.240908433.000000000A926000.00000004.00000001.sdmp, java.exe, 0000000B.00000002.479989081.000000000A72A000.00000004.00000001.sdmp |
String found in binary or memory: http://www.quovadis.bm |
Source: javaw.exe, 00000007.00000002.231004788.000000000A525000.00000004.00000001.sdmp, java.exe, 00000008.00000002.240603827.00000000056CD000.00000004.00000001.sdmp, java.exe, 0000000B.00000002.479989081.000000000A72A000.00000004.00000001.sdmp |
String found in binary or memory: http://www.quovadis.bm0 |
Source: java.exe, 0000000B.00000002.479989081.000000000A72A000.00000004.00000001.sdmp |
String found in binary or memory: http://www.quovadisglobal.com/cps |
Source: javaw.exe, 00000007.00000002.231004788.000000000A525000.00000004.00000001.sdmp, java.exe, 00000008.00000002.240603827.00000000056CD000.00000004.00000001.sdmp, java.exe, 0000000B.00000002.479989081.000000000A72A000.00000004.00000001.sdmp |
String found in binary or memory: http://www.quovadisglobal.com/cps0 |
Source: javaw.exe, 00000007.00000002.230443511.00000000052E4000.00000004.00000001.sdmp, javaw.exe, 00000007.00000002.231305715.000000000A6CC000.00000004.00000001.sdmp, javaw.exe, 00000007.00000002.231546296.000000000A723000.00000004.00000001.sdmp |
String found in binary or memory: https://api.github.com/_private/browser/errors |
Source: javaw.exe, 00000007.00000002.231305715.000000000A6CC000.00000004.00000001.sdmp, javaw.exe, 00000007.00000002.231546296.000000000A723000.00000004.00000001.sdmp, javaw.exe, 00000007.00000002.231252298.000000000A675000.00000004.00000001.sdmp |
String found in binary or memory: https://github-releases.githubusercontent.com/51361554/623ef000-9da4-11e9-9ea2-d90155318994?X-Amz-Al |
Source: javaw.exe, 00000007.00000002.230576050.000000000A350000.00000004.00000001.sdmp, java.exe, 00000008.00000002.240655876.000000000A750000.00000004.00000001.sdmp, java.exe, 0000000B.00000002.477826365.000000000A550000.00000004.00000001.sdmp |
String found in binary or memory: https://github.com/kristian/system-hook/releases/download/3.5/system-hook-3.5.jar |
Source: java.exe, 0000000B.00000002.479989081.000000000A72A000.00000004.00000001.sdmp |
String found in binary or memory: https://ocsp.quovadisoffshore.com |
Source: javaw.exe, 00000007.00000002.231004788.000000000A525000.00000004.00000001.sdmp, java.exe, 00000008.00000002.240603827.00000000056CD000.00000004.00000001.sdmp, java.exe, 0000000B.00000002.479989081.000000000A72A000.00000004.00000001.sdmp |
String found in binary or memory: https://ocsp.quovadisoffshore.com0 |
Source: javaw.exe, 00000007.00000002.230576050.000000000A350000.00000004.00000001.sdmp, java.exe, 00000008.00000002.240655876.000000000A750000.00000004.00000001.sdmp, java.exe, 0000000B.00000002.477826365.000000000A550000.00000004.00000001.sdmp |
String found in binary or memory: https://repo1.maven.org/maven2/net/java/dev/jna/jna-platform/5.5.0/jna-platform-5.5.0.jar |
Source: javaw.exe, 00000007.00000002.230591347.000000000A36E000.00000004.00000001.sdmp, javaw.exe, 00000007.00000002.230576050.000000000A350000.00000004.00000001.sdmp, java.exe, 00000008.00000002.240655876.000000000A750000.00000004.00000001.sdmp, java.exe, 0000000B.00000002.477826365.000000000A550000.00000004.00000001.sdmp |
String found in binary or memory: https://repo1.maven.org/maven2/net/java/dev/jna/jna/5.5.0/jna-5.5.0.jar |
Source: javaw.exe, 00000007.00000002.224848171.0000000004EF8000.00000004.00000001.sdmp, javaw.exe, 00000007.00000002.230576050.000000000A350000.00000004.00000001.sdmp, java.exe, 00000008.00000002.240655876.000000000A750000.00000004.00000001.sdmp, java.exe, 0000000B.00000002.477826365.000000000A550000.00000004.00000001.sdmp |
String found in binary or memory: https://repo1.maven.org/maven2/org/xerial/sqlite-jdbc/3.14.2.1/sqlite-jdbc-3.14.2.1.jar |
Source: javaw.exe, 00000007.00000002.231546296.000000000A723000.00000004.00000001.sdmp |
String found in binary or memory: https://www.digicert.com/CPS |
Source: javaw.exe, 00000007.00000002.231505878.000000000A717000.00000004.00000001.sdmp |
String found in binary or memory: https://www.digicert.com/CPS0 |
Source: javaw.exe, 00000007.00000002.230154394.0000000005268000.00000004.00000001.sdmp |
String found in binary or memory: https://www.digicert.com/CPS9 |
Source: javaw.exe, 00000007.00000002.230179968.0000000005274000.00000004.00000001.sdmp |
String found in binary or memory: https://www.digicert.com/CPSS |
Source: javaw.exe, 00000007.00000002.230443511.00000000052E4000.00000004.00000001.sdmp |
String found in binary or memory: https://www.digicert.com/CPSs |
Source: unknown |
Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ''C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -javaagent:'C:\Users\user\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\Covid19_Vacine_Investment_Proposals_1st_Quarter2021 pdf.jar'' >> C:\cmdlinestart.log 2>&1 |
|
Source: unknown |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: unknown |
Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe 'C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -javaagent:'C:\Users\user\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\Covid19_Vacine_Investment_Proposals_1st_Quarter2021 pdf.jar' |
|
Source: unknown |
Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M |
|
Source: unknown |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: unknown |
Process created: C:\Windows\SysWOW64\wscript.exe wscript C:\Users\user\fukvowbkrs.js |
|
Source: unknown |
Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe 'C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe' -jar 'C:\Users\user\AppData\Roaming\pruoglcim.txt' |
|
Source: unknown |
Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe 'C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -jar 'C:\Users\user\pruoglcim.txt' |
|
Source: unknown |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: unknown |
Process created: C:\Windows\SysWOW64\cmd.exe cmd /c schtasks /create /sc minute /mo 30 /tn Skype /tr 'C:\Users\user\AppData\Roaming\pruoglcim.txt' |
|
Source: unknown |
Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe 'C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -jar 'C:\Users\user\AppData\Roaming\pruoglcim.txt' |
|
Source: unknown |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: unknown |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: unknown |
Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc minute /mo 30 /tn Skype /tr 'C:\Users\user\AppData\Roaming\pruoglcim.txt' |
|
Source: unknown |
Process created: C:\Windows\System32\notepad.exe C:\Windows\system32\NOTEPAD.EXE C:\Users\user\AppData\Roaming\pruoglcim.txt |
|
Source: unknown |
Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe 'C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -jar 'C:\Users\user\AppData\Roaming\plugins.jar' mp |
|
Source: unknown |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: unknown |
Process created: C:\Windows\System32\notepad.exe 'C:\Windows\system32\NOTEPAD.EXE' C:\Users\user\AppData\Roaming\pruoglcim.txt |
|
Source: unknown |
Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe 'C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe' -jar 'C:\Users\user\AppData\Roaming\plugins.jar' mp |
|
Source: unknown |
Process created: C:\Windows\System32\notepad.exe 'C:\Windows\system32\NOTEPAD.EXE' C:\Users\user\AppData\Roaming\pruoglcim.txt |
|
Source: unknown |
Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe 'C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe' -jar 'C:\Users\user\AppData\Roaming\plugins.jar' mp |
|
Source: unknown |
Process created: C:\Windows\System32\notepad.exe 'C:\Windows\system32\NOTEPAD.EXE' C:\Users\user\AppData\Roaming\pruoglcim.txt |
|
Source: unknown |
Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe 'C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe' -jar 'C:\Users\user\AppData\Roaming\plugins.jar' mp |
|
Source: unknown |
Process created: C:\Windows\System32\notepad.exe 'C:\Windows\system32\NOTEPAD.EXE' C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pruoglcim.txt |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe 'C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -javaagent:'C:\Users\user\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\Covid19_Vacine_Investment_Proposals_1st_Quarter2021 pdf.jar' |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe |
Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe |
Process created: C:\Windows\SysWOW64\wscript.exe wscript C:\Users\user\fukvowbkrs.js |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe 'C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe' -jar 'C:\Users\user\AppData\Roaming\pruoglcim.txt' |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe |
Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe 'C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -jar 'C:\Users\user\pruoglcim.txt' |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd /c schtasks /create /sc minute /mo 30 /tn Skype /tr 'C:\Users\user\AppData\Roaming\pruoglcim.txt' |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe |
Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe 'C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -jar 'C:\Users\user\AppData\Roaming\pruoglcim.txt' |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc minute /mo 30 /tn Skype /tr 'C:\Users\user\AppData\Roaming\pruoglcim.txt' |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe |
Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe 'C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -jar 'C:\Users\user\AppData\Roaming\plugins.jar' mp |
Jump to behavior |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe |
Code function: 3_2_025AB377 push 00000000h; mov dword ptr [esp], esp |
3_2_025AB39D |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe |
Code function: 3_2_025ABB27 push 00000000h; mov dword ptr [esp], esp |
3_2_025ABB4D |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe |
Code function: 3_2_025AB907 push 00000000h; mov dword ptr [esp], esp |
3_2_025AB92D |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe |
Code function: 3_2_025AA1DB push ecx; ret |
3_2_025AA1E5 |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe |
Code function: 3_2_025AA1CA push ecx; ret |
3_2_025AA1DA |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe |
Code function: 3_2_025AC437 push 00000000h; mov dword ptr [esp], esp |
3_2_025AC45D |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe |
Code function: 3_2_025B2D44 push eax; retf |
3_2_025B2D45 |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe |
Code function: 3_2_02649791 push cs; retf |
3_2_026497B1 |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe |
Code function: 7_3_15A4CB43 push eax; iretd |
7_3_15A4CB59 |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe |
Code function: 7_3_15A0CF34 pushad ; iretd |
7_3_15A0CF3D |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe |
Code function: 7_3_15A0CB12 push eax; retf |
7_3_15A0CB2D |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe |
Code function: 7_3_15A0CB44 push eax; retf |
7_3_15A0CB45 |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe |
Code function: 7_3_15A0CF4B pushad ; iretd |
7_3_15A0CF55 |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe |
Code function: 7_3_15A0CF34 pushad ; iretd |
7_3_15A0CF3D |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe |
Code function: 7_3_15A0CB12 push eax; retf |
7_3_15A0CB2D |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe |
Code function: 7_3_15A0CB44 push eax; retf |
7_3_15A0CB45 |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe |
Code function: 7_3_15A0CF4B pushad ; iretd |
7_3_15A0CF55 |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe |
Code function: 8_3_15DEA8D8 pushad ; ret |
8_3_15DEA92D |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe |
Code function: 8_3_15DE3948 pushad ; iretd |
8_3_15DE3CB1 |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe |
Code function: 8_3_15DEAC73 push eax; retf |
8_3_15DEAC79 |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe |
Code function: 8_3_15DEA8D8 pushad ; ret |
8_3_15DEA92D |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe |
Code function: 8_3_15DE3948 pushad ; iretd |
8_3_15DE3CB1 |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe |
Code function: 8_3_15DEAC73 push eax; retf |
8_3_15DEAC79 |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe |
Code function: 8_3_157CC3EF push esp; ret |
8_3_157CC3F1 |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe |
Code function: 8_3_157CCEAA push dword ptr [edi]; retf |
8_3_157CCEB1 |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe |
Code function: 11_3_156DA9BD push ds; retf |
11_3_156DA9BE |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe |
Code function: 17_3_152476C5 push ds; retf |
17_3_152476C6 |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe |
Code function: 17_3_158E0C90 push cs; retf 0071h |
17_3_158E0C92 |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe |
Code function: 23_2_02B9BB27 push 00000000h; mov dword ptr [esp], esp |
23_2_02B9BB4D |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe |
Code function: 23_2_02B9B377 push 00000000h; mov dword ptr [esp], esp |
23_2_02B9B39D |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe |
Code function: 23_2_02B9A1DB push ecx; ret |
23_2_02B9A1E5 |