Source: java.exe, 00000002.00000002.568546871.000000000A5C5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.567221416.000000000A797000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://bugreport.sun.com/bugreport/ |
Source: javaw.exe, 0000000A.00000002.565143131.00000000056CC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html |
Source: java.exe, 00000002.00000002.568546871.000000000A81A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.565143131.00000000056CC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0 |
Source: javaw.exe, 0000000A.00000002.565143131.00000000056CC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl.chambersign.org/chambersroot.crl |
Source: java.exe, 00000002.00000002.568546871.000000000A81A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.565143131.00000000056CC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl.chambersign.org/chambersroot.crl0 |
Source: java.exe, 00000002.00000002.568546871.000000000A81A000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl |
Source: java.exe, 00000002.00000002.568546871.000000000A81A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.565143131.00000000056CC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: java.exe, 00000002.00000002.568546871.000000000A81A000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl.globalsign.net/root-r2.crl |
Source: java.exe, 00000002.00000002.568546871.000000000A81A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.565143131.00000000056CC000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.565143131.0000000005638000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: java.exe, 00000002.00000002.568546871.000000000A81A000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl.securetrust.com/STCA.crl |
Source: java.exe, 00000002.00000002.568546871.000000000A81A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.565143131.00000000056CC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl.securetrust.com/STCA.crl0 |
Source: java.exe, 00000002.00000002.573889478.0000000015D0D000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.317230891.0000000015D0E000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.316669999.0000000015CEA000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.315966186.0000000015CCD000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.395155985.0000000015D06000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl.u |
Source: java.exe, 00000002.00000002.568546871.000000000A81A000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl |
Source: java.exe, 00000002.00000002.568546871.000000000A81A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.565143131.00000000056CC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0 |
Source: java.exe, 00000002.00000002.568546871.000000000A5D5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.567221416.000000000A7A0000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://java.oracle.com/ |
Source: java.exe, java.exe, 00000002.00000002.573635192.0000000015C32000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000002.568546871.000000000A77B000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.396032507.000000001566E000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000002.573350505.00000000156B1000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.315886300.00000000156D5000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.396582802.00000000156AA000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.315708884.0000000015652000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.315477724.0000000015607000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, javaw.exe, 0000000A.00000003.393245827.0000000015874000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.570339410.000000001587B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.567221416.000000000A843000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.393054543.000000001585C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://null.oracle.com/ |
Source: javaw.exe, 0000000A.00000002.565143131.00000000056CC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://policy.camerfirma.com |
Source: java.exe, 00000002.00000002.568546871.000000000A81A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.565143131.00000000056CC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://policy.camerfirma.com0 |
Source: javaw.exe, 0000000A.00000002.565143131.00000000056CC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://repository.swisssign.com/ |
Source: java.exe, 00000002.00000002.568546871.000000000A8DB000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.568546871.000000000A81A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.565143131.00000000056CC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://repository.swisssign.com/0 |
Source: java.exe, 00000002.00000002.565299658.0000000005483000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://repository.swisssign.com/3 |
Source: javaw.exe, 0000000A.00000002.565143131.00000000056CC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl |
Source: java.exe, 00000002.00000002.568546871.000000000A8DB000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.568546871.000000000A81A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.565143131.00000000056CC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0 |
Source: java.exe, 00000002.00000002.565299658.0000000005483000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crls |
Source: javaw.exe, 0000000A.00000002.565143131.00000000056CC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.certplus.com/CRL/class2.crl |
Source: java.exe, 00000002.00000002.568546871.000000000A8DB000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.568546871.000000000A81A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.565143131.00000000056CC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.certplus.com/CRL/class2.crl0 |
Source: javaw.exe, 0000000A.00000002.565143131.00000000056CC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.certplus.com/CRL/class3P.crl |
Source: java.exe, 00000002.00000002.568546871.000000000A81A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.565143131.00000000056CC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.certplus.com/CRL/class3P.crl0 |
Source: java.exe, 00000002.00000002.568546871.000000000A81A000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.chambersign.org |
Source: java.exe, 00000002.00000002.568546871.000000000A81A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.565143131.00000000056CC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.chambersign.org1 |
Source: javaw.exe, 0000000A.00000002.565143131.000000000548B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.565143131.000000000549D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.geoplugin.net/json.gp |
Source: javaw.exe, 0000000A.00000002.565143131.000000000548B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.565143131.000000000549D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.geoplugin.net/json.gp? |
Source: javaw.exe, 0000000A.00000002.565143131.000000000549D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.geoplugin.net/json.gp?ip= |
Source: javaw.exe, 0000000A.00000002.565143131.000000000549D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.geoplugin.net/json.gp?ip=) |
Source: java.exe, 00000002.00000002.568546871.000000000A8DB000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.quovadis.bm |
Source: java.exe, 00000002.00000002.568546871.000000000A8DB000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.568546871.000000000A81A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.565143131.00000000056CC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.quovadis.bm0 |
Source: javaw.exe, 0000000A.00000002.565143131.00000000056CC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.quovadisglobal.com/cps |
Source: java.exe, 00000002.00000002.568546871.000000000A8DB000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.568546871.000000000A81A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.565143131.00000000056CC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.quovadisglobal.com/cps0 |
Source: java.exe, 00000002.00000002.565299658.0000000005218000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.565143131.0000000005433000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.565143131.00000000054B3000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://adrenalinecyber.com |
Source: java.exe, 00000002.00000002.565299658.0000000005218000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.568546871.000000000A928000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.565143131.00000000054B3000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://adrenalinecyber.com/login/ |
Source: java.exe, 00000002.00000002.565299658.0000000005218000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.565143131.00000000054B3000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://adrenalinecyber.com/login//api.php |
Source: java.exe, 00000002.00000002.565299658.0000000005218000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.565143131.00000000054B3000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://adrenalinecyber.com/login//api.php? |
Source: javaw.exe, 0000000A.00000002.565143131.0000000005433000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://adrenalinecyber.com/login//api.php?action=getIpAddress |
Source: java.exe, 00000002.00000002.565299658.0000000005218000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.565143131.00000000054B3000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://adrenalinecyber.com/login//api.php?action=get_anytask&ip=& |
Source: javaw.exe, 0000000A.00000002.565143131.00000000054B3000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://adrenalinecyber.com/login//api.php?action=get_anytask&ip=&computer_name=305090&user_name=jon |
Source: javaw.exe, 0000000A.00000002.565143131.00000000056CC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://ocsp.quovadisoffshore.com |
Source: java.exe, 00000002.00000002.568546871.000000000A8DB000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.568546871.000000000A81A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.565143131.00000000056CC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://ocsp.quovadisoffshore.com0 |
Source: java.exe, 00000002.00000002.565299658.00000000052A7000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.565143131.00000000054CF000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.paradisodomenico.it |
Source: java.exe, 00000002.00000002.568546871.000000000A928000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.565299658.00000000052A7000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.565143131.00000000054CF000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.paradisodomenico.it/wp-content/ |
Source: java.exe, 00000002.00000002.565299658.00000000052A7000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.565143131.00000000054CF000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.paradisodomenico.it/wp-content//api.php |
Source: java.exe, 00000002.00000002.565299658.00000000052A7000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.565143131.00000000054CF000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.paradisodomenico.it/wp-content//api.php? |
Source: java.exe, 00000002.00000002.565299658.00000000052A7000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.565143131.00000000054CF000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.paradisodomenico.it/wp-content//api.php?action=get_anytask&ip=& |
Source: javaw.exe, 0000000A.00000002.565143131.00000000054CF000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.paradisodomenico.it/wp-content//api.php?action=get_anytask&ip=&computer_name=305090&user |
Source: unknown | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\auz.jar"" >> C:\cmdlinestart.log 2>&1 | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe "C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\auz.jar" | |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe | Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M | |
Source: C:\Windows\SysWOW64\icacls.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe | Process created: C:\Windows\SysWOW64\tasklist.exe tasklist | |
Source: C:\Windows\SysWOW64\tasklist.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd /c schtasks /create /tn "JavaConnect" /tr "\"C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe\" -jar \"C:\Users\user\AppData\Roaming\bcfca1\bcfca15a1fe879c681f1459b1b147c6e.log\"" /sc minute /mo 60 | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn "JavaConnect" /tr "\"C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe\" -jar \"C:\Users\user\AppData\Roaming\bcfca1\bcfca15a1fe879c681f1459b1b147c6e.log\"" /sc minute /mo 60 | |
Source: unknown | Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Roaming\bcfca1\bcfca15a1fe879c681f1459b1b147c6e.log | |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe | Process created: C:\Windows\SysWOW64\tasklist.exe tasklist | |
Source: C:\Windows\SysWOW64\tasklist.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe | Process created: C:\Windows\SysWOW64\reg.exe reg query "HKU\S-1-5-19" | |
Source: C:\Windows\SysWOW64\reg.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd /c schtasks /create /tn "JavaConnect" /tr "\"C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe\" -jar \"C:\Users\user\AppData\Roaming\bcfca1\bcfca15a1fe879c681f1459b1b147c6e.log\"" /sc minute /mo 60 | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn "JavaConnect" /tr "\"C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe\" -jar \"C:\Users\user\AppData\Roaming\bcfca1\bcfca15a1fe879c681f1459b1b147c6e.log\"" /sc minute /mo 60 | |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe | Process created: C:\Windows\SysWOW64\reg.exe reg query "HKU\S-1-5-19" | |
Source: C:\Windows\SysWOW64\reg.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe "C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\auz.jar" | Jump to behavior |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe | Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M | Jump to behavior |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe | Process created: C:\Windows\SysWOW64\tasklist.exe tasklist | Jump to behavior |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd /c schtasks /create /tn "JavaConnect" /tr "\"C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe\" -jar \"C:\Users\user\AppData\Roaming\bcfca1\bcfca15a1fe879c681f1459b1b147c6e.log\"" /sc minute /mo 60 | Jump to behavior |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe | Process created: C:\Windows\SysWOW64\reg.exe reg query "HKU\S-1-5-19" | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn "JavaConnect" /tr "\"C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe\" -jar \"C:\Users\user\AppData\Roaming\bcfca1\bcfca15a1fe879c681f1459b1b147c6e.log\"" /sc minute /mo 60 | Jump to behavior |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe | Process created: C:\Windows\SysWOW64\tasklist.exe tasklist | Jump to behavior |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd /c schtasks /create /tn "JavaConnect" /tr "\"C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe\" -jar \"C:\Users\user\AppData\Roaming\bcfca1\bcfca15a1fe879c681f1459b1b147c6e.log\"" /sc minute /mo 60 | Jump to behavior |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe | Process created: C:\Windows\SysWOW64\reg.exe reg query "HKU\S-1-5-19" | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn "JavaConnect" /tr "\"C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe\" -jar \"C:\Users\user\AppData\Roaming\bcfca1\bcfca15a1fe879c681f1459b1b147c6e.log\"" /sc minute /mo 60 | Jump to behavior |