Source: java.exe, 00000002.00000002.249049473.000000000A1C6000.00000004.00000001.sdmp | String found in binary or memory: http://bugreport.sun.com/bugreport/ |
Source: java.exe, 00000002.00000002.249513940.000000000A46E000.00000004.00000001.sdmp | String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html |
Source: java.exe, 00000002.00000002.249513940.000000000A46E000.00000004.00000001.sdmp | String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0 |
Source: java.exe, 00000002.00000002.248954130.0000000005113000.00000004.00000001.sdmp | String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.htmlK#O |
Source: java.exe, 00000002.00000002.249513940.000000000A46E000.00000004.00000001.sdmp | String found in binary or memory: http://crl.chambersign.org/chambersroot.crl |
Source: java.exe, 00000002.00000002.249513940.000000000A46E000.00000004.00000001.sdmp | String found in binary or memory: http://crl.chambersign.org/chambersroot.crl0 |
Source: java.exe, 00000002.00000002.249513940.000000000A46E000.00000004.00000001.sdmp, java.exe, 00000002.00000002.248736888.000000000504D000.00000004.00000001.sdmp | String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl |
Source: java.exe, 00000002.00000002.252951545.0000000015810000.00000004.00000001.sdmp | String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: java.exe, 00000002.00000002.249513940.000000000A46E000.00000004.00000001.sdmp | String found in binary or memory: http://crl.globalsign.net/root-r2.crl |
Source: java.exe, 00000002.00000002.249513940.000000000A46E000.00000004.00000001.sdmp | String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: java.exe, 00000002.00000002.249513940.000000000A46E000.00000004.00000001.sdmp | String found in binary or memory: http://crl.securetrust.com/STCA.crl |
Source: java.exe, 00000002.00000002.249513940.000000000A46E000.00000004.00000001.sdmp | String found in binary or memory: http://crl.securetrust.com/STCA.crl0 |
Source: java.exe, 00000002.00000002.248954130.0000000005113000.00000004.00000001.sdmp | String found in binary or memory: http://crl.securetrust.com/STCA.crl3 |
Source: java.exe, 00000002.00000002.248954130.0000000005113000.00000004.00000001.sdmp | String found in binary or memory: http://crl.securetrust.com/STCA.crlC/O |
Source: java.exe, 00000002.00000002.249513940.000000000A46E000.00000004.00000001.sdmp | String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl |
Source: java.exe, 00000002.00000002.249513940.000000000A46E000.00000004.00000001.sdmp | String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0 |
Source: java.exe, 00000002.00000002.249073461.000000000A1D6000.00000004.00000001.sdmp | String found in binary or memory: http://java.oracle.com/ |
Source: java.exe, 00000002.00000003.239994256.0000000015109000.00000004.00000001.sdmp, java.exe, 00000002.00000002.252839548.0000000015712000.00000004.00000001.sdmp, java.exe, 00000002.00000002.249357252.000000000A3B4000.00000004.00000001.sdmp | String found in binary or memory: http://null.oracle.com/ |
Source: java.exe, 00000002.00000002.249513940.000000000A46E000.00000004.00000001.sdmp | String found in binary or memory: http://policy.camerfirma.com |
Source: java.exe, 00000002.00000002.249513940.000000000A46E000.00000004.00000001.sdmp | String found in binary or memory: http://policy.camerfirma.com0 |
Source: java.exe, 00000002.00000002.248954130.0000000005113000.00000004.00000001.sdmp | String found in binary or memory: http://policy.camerfirma.com3 |
Source: java.exe, 00000002.00000002.248736888.000000000504D000.00000004.00000001.sdmp | String found in binary or memory: http://policy.camerfirma.com3LT |
Source: java.exe, 00000002.00000002.248736888.000000000504D000.00000004.00000001.sdmp | String found in binary or memory: http://policy.camerfirma.comk |
Source: java.exe, 00000002.00000002.249513940.000000000A46E000.00000004.00000001.sdmp | String found in binary or memory: http://repository.swisssign.com/ |
Source: java.exe, 00000002.00000002.248736888.000000000504D000.00000004.00000001.sdmp | String found in binary or memory: http://repository.swisssign.com/# |
Source: java.exe, 00000002.00000002.252951545.0000000015810000.00000004.00000001.sdmp | String found in binary or memory: http://repository.swisssign.com/0 |
Source: java.exe, 00000002.00000002.248736888.000000000504D000.00000004.00000001.sdmp | String found in binary or memory: http://repository.swisssign.com/CJT |
Source: java.exe, 00000002.00000002.248736888.000000000504D000.00000004.00000001.sdmp | String found in binary or memory: http://repository.swisssign.com/S$Q |
Source: java.exe, 00000002.00000002.248736888.000000000504D000.00000004.00000001.sdmp | String found in binary or memory: http://repository.swisssign.com/kKT |
Source: java.exe, 00000002.00000002.248954130.0000000005113000.00000004.00000001.sdmp | String found in binary or memory: http://repository.swisssign.com/s |
Source: java.exe, 00000002.00000002.249513940.000000000A46E000.00000004.00000001.sdmp | String found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl |
Source: java.exe, 00000002.00000002.249513940.000000000A46E000.00000004.00000001.sdmp | String found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0 |
Source: java.exe, 00000002.00000002.249513940.000000000A46E000.00000004.00000001.sdmp | String found in binary or memory: http://www.certplus.com/CRL/class2.crl |
Source: java.exe, 00000002.00000002.249513940.000000000A46E000.00000004.00000001.sdmp | String found in binary or memory: http://www.certplus.com/CRL/class2.crl0 |
Source: java.exe, 00000002.00000002.249513940.000000000A46E000.00000004.00000001.sdmp, java.exe, 00000002.00000002.248736888.000000000504D000.00000004.00000001.sdmp | String found in binary or memory: http://www.certplus.com/CRL/class3P.crl |
Source: java.exe, 00000002.00000002.252951545.0000000015810000.00000004.00000001.sdmp | String found in binary or memory: http://www.certplus.com/CRL/class3P.crl0 |
Source: java.exe, 00000002.00000002.249513940.000000000A46E000.00000004.00000001.sdmp | String found in binary or memory: http://www.chambersign.org |
Source: java.exe, 00000002.00000002.249513940.000000000A46E000.00000004.00000001.sdmp | String found in binary or memory: http://www.chambersign.org1 |
Source: java.exe, 00000002.00000002.249513940.000000000A46E000.00000004.00000001.sdmp, java.exe, 00000002.00000002.248736888.000000000504D000.00000004.00000001.sdmp | String found in binary or memory: http://www.quovadis.bm |
Source: java.exe, 00000002.00000002.249513940.000000000A46E000.00000004.00000001.sdmp | String found in binary or memory: http://www.quovadis.bm0 |
Source: java.exe, 00000002.00000002.249513940.000000000A46E000.00000004.00000001.sdmp | String found in binary or memory: http://www.quovadisglobal.com/cps |
Source: java.exe, 00000002.00000002.249513940.000000000A46E000.00000004.00000001.sdmp | String found in binary or memory: http://www.quovadisglobal.com/cps0 |
Source: java.exe, 00000002.00000002.248736888.000000000504D000.00000004.00000001.sdmp | String found in binary or memory: http://www.quovadisglobal.com/cps3 |
Source: java.exe, 00000002.00000002.249513940.000000000A46E000.00000004.00000001.sdmp | String found in binary or memory: https://ocsp.quovadisoffshore.com |
Source: java.exe, 00000002.00000002.249513940.000000000A46E000.00000004.00000001.sdmp | String found in binary or memory: https://ocsp.quovadisoffshore.com0 |
Source: unknown | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ''C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -javaagent:'C:\Users\user\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\UAE Contract Supply.jar'' >> C:\cmdlinestart.log 2>&1 |
Source: unknown | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: unknown | Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe 'C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -javaagent:'C:\Users\user\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\UAE Contract Supply.jar' |
Source: unknown | Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M |
Source: unknown | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: unknown | Process created: C:\Users\user\mx8043.exe C:\Users\user\mx8043.exe |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe 'C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -javaagent:'C:\Users\user\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\UAE Contract Supply.jar' |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe | Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe | Process created: C:\Users\user\mx8043.exe C:\Users\user\mx8043.exe |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\mx8043.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\mx8043.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\mx8043.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\mx8043.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\mx8043.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\mx8043.exe | RDTSC instruction interceptor: First address: 00000000021956EB second address: 00000000021956EB instructions: |
Source: C:\Users\user\mx8043.exe | RDTSC instruction interceptor: First address: 00000000021953F5 second address: 00000000021953F5 instructions: 0x00000000 rdtsc 0x00000002 xor eax, eax 0x00000004 inc eax 0x00000005 cpuid 0x00000007 popad 0x00000008 call 00007FE2F4D10D8Ch 0x0000000d lfence 0x00000010 mov edx, dword ptr [7FFE0014h] 0x00000016 lfence 0x00000019 ret 0x0000001a sub edx, esi 0x0000001c ret 0x0000001d cmp ax, cx 0x00000020 cmp ch, ah 0x00000022 add edi, edx 0x00000024 dec dword ptr [ebp+000000F8h] 0x0000002a cmp dword ptr [ebp+000000F8h], 00000000h 0x00000031 jne 00007FE2F4D10D41h 0x00000033 cmp edi, 62D4476Ah 0x00000039 call 00007FE2F4D10DAEh 0x0000003e call 00007FE2F4D10D9Ch 0x00000043 lfence 0x00000046 mov edx, dword ptr [7FFE0014h] 0x0000004c lfence 0x0000004f ret 0x00000050 mov esi, edx 0x00000052 pushad 0x00000053 rdtsc |
Source: mx8043.exe, 00000005.00000002.490396907.0000000002190000.00000040.00000001.sdmp | Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe8 |
Source: java.exe, 00000002.00000002.251220154.0000000015340000.00000002.00000001.sdmp | Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: java.exe, 00000002.00000002.246340230.0000000002970000.00000004.00000001.sdmp | Binary or memory string: ,java/lang/VirtualMachineError |
Source: java.exe, 00000002.00000002.246340230.0000000002970000.00000004.00000001.sdmp | Binary or memory string: |[Ljava/lang/VirtualMachineError; |
Source: java.exe, 00000002.00000002.251220154.0000000015340000.00000002.00000001.sdmp | Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: java.exe, 00000002.00000002.251220154.0000000015340000.00000002.00000001.sdmp | Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: mx8043.exe | Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe |
Source: java.exe, 00000002.00000002.251220154.0000000015340000.00000002.00000001.sdmp | Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |
Source: C:\Users\user\mx8043.exe | Code function: 5_2_02195A2E mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\mx8043.exe | Code function: 5_2_02195A4C mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\mx8043.exe | Code function: 5_2_02191FF6 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\mx8043.exe | Code function: 5_2_02192054 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\mx8043.exe | Code function: 5_2_0219186D mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\mx8043.exe | Code function: 5_2_02194CD7 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\mx8043.exe | Code function: 5_2_02195106 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\mx8043.exe | Code function: 5_2_02192D66 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\mx8043.exe | Code function: 5_2_02191DB8 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\mx8043.exe | Code function: 5_2_02191DB6 mov eax, dword ptr fs:[00000030h] |
Source: mx8043.exe, 00000005.00000002.489393009.0000000000C70000.00000002.00000001.sdmp | Binary or memory string: Shell_TrayWnd |
Source: mx8043.exe, 00000005.00000002.489393009.0000000000C70000.00000002.00000001.sdmp | Binary or memory string: Progman |
Source: mx8043.exe, 00000005.00000002.489393009.0000000000C70000.00000002.00000001.sdmp | Binary or memory string: SProgram Managerl |
Source: mx8043.exe, 00000005.00000002.489393009.0000000000C70000.00000002.00000001.sdmp | Binary or memory string: Shell_TrayWnd, |
Source: mx8043.exe, 00000005.00000002.489393009.0000000000C70000.00000002.00000001.sdmp | Binary or memory string: Progmanlock |