MalScore
100/100

Document_CA_18864.jar

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 17/57
File details Download PDF Report
File type: Java archive data (JAR)
File size: 888.90 KB (910234 bytes)
MD5: 2dbe9c4d734435edd2568cc241266cd6
SHA1: 3a15fa76ba9d7e4b7ae7a5d6500a08ab3d6e19dd
SHA256: aebee15437f2df5ffba0db5555f48828f129e953f3f4316c9375c2a9129aca17
First submission: 2019-04-16 10:36:11
Last submission: 2019-04-16 10:36:11
Filename detected: - Document_CA_18864.jar (1)
URL file hosting
hXXp://htlvn.com/admin/includes/plugins/fckeditor/Document_CA_18864.jarVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2019-03-27 02:09:32 [17/57] VirusTotal
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
No packers found for this file
File found
No file name detected
IP Found
No IP detected
URL(s)
No URL found
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven02_64 Seven02_64 VirtualBox 2019-04-19 13:26:04 2019-04-19 13:29:09 185

7 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven02_64 Seven02_64 VirtualBox 2019-04-19 13:26:04 2019-04-19 13:29:09 185

8 Summary items with data

Files

C:\Users\Seven01\AppData\Local\Temp\Document_CA_18864.jar
C:\Program Files (x86)\Java\jre1.8.0_74\bin\java.dll
C:\Windows\System32\tzres.dll
C:\Windows\System32\it-IT\tzres.dll.mui
C:\Program Files (x86)\Java\jre1.8.0_74\lib\i386\jvm.cfg
C:\Program Files (x86)\Java\jre1.8.0_74\bin\client\jvm.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\msvcr100.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\WSOCK32.dll
C:\Windows\System32\wsock32.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\WINMM.dll
C:\Windows\System32\winmm.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\VERSION.dll
C:\Windows\System32\version.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\verify.dll
C:\Users\Seven01\AppData\Local\Temp\.hotspotrc
C:\Program Files (x86)\Java\jre1.8.0_74\lib\endorsed
C:\
C:\Users\Seven01\AppData\Local\Temp\hsperfdata_Seven01
C:\Users\Seven01\AppData\Local\Temp\hsperfdata_Seven01\*.*
C:\Users\Seven01\AppData\Local\Temp\hsperfdata_Seven01\2620
C:\Program Files (x86)\Java\jre1.8.0_74\bin\zip.dll
C:\Program Files (x86)\Java\jre1.8.0_74\lib\resources.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\rt.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\sunrsasign.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\jsse.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\jce.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\charsets.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\jfr.jar
C:\Program Files (x86)\Java\jre1.8.0_74\classes
C:\Program Files (x86)\Java\jre1.8.0_74\lib\meta-index
C:\Program Files (x86)\Java\jre1.8.0_74\bin\client\classes.jsa
C:\Program Files (x86)
C:\Program Files (x86)\Java
C:\Program Files (x86)\Java\jre1.8.0_74
C:\Program Files (x86)\Java\jre1.8.0_74\lib
C:\Users\Seven01\AppData\Local\Temp\.hotspot_compiler
C:\Program Files (x86)\Java\jre1.8.0_74\bin
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\meta-index
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext
C:\Windows\Sun\Java\lib\ext\meta-index
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\*
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\access-bridge-32.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\cldrdata.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\dnsns.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\jaccess.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\jfxrt.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\localedata.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\nashorn.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\sunec.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\sunjce_provider.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\sunmscapi.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\sunpkcs11.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\zipfs.jar
C:\Windows\Sun\Java\lib\ext
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Program Files (x86)\Java\conf\usagetracker.properties
C:\Program Files (x86)\Java\jre1.8.0_74\lib\management\usagetracker.properties
C:\Users\Seven01\.oracle_jre_usage\48ac84126bcac2cd.timestamp
C:\Program Files (x86)\Java\jre1.8.0_74\meta-index
C:\Program Files (x86)\Java\jre1.8.0_74\lib\security\java.security
C:\Program%20Files%20(x86)\Java\jre1.8.0_74\lib\ext\x86\sunec.dll
C:\Program%20Files%20(x86)\Java\jre1.8.0_74\lib\ext\sunec.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\sunec.dll
C:\Program Files (x86)\Java\jre1.8.0_74\lib\security\US_export_policy.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\security\local_policy.jar
C:\Program Files (x86)\Java\jre1.8.0_74\bin\net.dll
C:\Users\Seven01\AppData\Local\Temp\*
C:\Program Files (x86)\Java\jre1.8.0_74\lib\security\blacklisted.certs
C:\Program Files (x86)\Java\jre1.8.0_74\bin\awt.dll
C:\Users\Seven01\.accessibility.properties
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui
C:\Program Files (x86)\Java\jre1.8.0_74\lib\accessibility.properties
\Device\KsecDD
C:\Program Files (x86)\Java\jre1.8.0_74\lib\swing.properties
C:\etc\release
\DEVICE\NETBT_TCPIP_{C2D43895-0262-4873-A789-C2F96D24B693}
\DEVICE\NETBT_TCPIP_{846EE342-7039-11DE-9D20-806E6F6E6963}
C:\Program Files (x86)\Java\jre1.8.0_74\bin\nio.dll
C:\Users\Seven01\AppData\Local\Temp\asdqw79240279909387800110COTND.jar
\Device\NamedPipe\
C:\Users\Seven01\AppData\Local\Temp\asdqw51587575849316379271UKQ.jar
\Device\NamedPipe
C:\Users\Seven01\AppData\Local\Temp\hsperfdata_Seven01\2400
C:\Users\Seven01\AppData\Local\Temp\hsperfdata_Seven01\2172
C:\Program Files (x86)\Java\jre1.8.0_74\bin\*
C:\Program Files (x86)\Java\jre1.8.0_74\bin\bci.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\client
C:\Program Files (x86)\Java\jre1.8.0_74\bin\dcpr.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\decora_sse.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\deploy.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\dtplugin
C:\Program Files (x86)\Java\jre1.8.0_74\bin\dt_shmem.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\dt_socket.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\eula.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\fontmanager.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\fxplugins.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\glass.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\glib-lite.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\gstreamer-lite.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\hprof.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\instrument.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\j2pcsc.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\j2pkcs11.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\jaas_nt.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\jabswitch.exe
C:\Program Files (x86)\Java\jre1.8.0_74\bin\java-rmi.exe
C:\Program Files (x86)\Java\jre1.8.0_74\bin\java.exe
C:\Program Files (x86)\Java\jre1.8.0_74\bin\JavaAccessBridge-32.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\javacpl.cpl
C:\Program Files (x86)\Java\jre1.8.0_74\bin\javacpl.exe
C:\Program Files (x86)\Java\jre1.8.0_74\bin\javafx_font.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\javafx_font_t2k.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\javafx_iio.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\javaw.exe
C:\Program Files (x86)\Java\jre1.8.0_74\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_74\bin\java_crw_demo.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\jawt.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\JAWTAccessBridge-32.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\jdwp.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\jfr.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\jfxmedia.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\jfxwebkit.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\jjs.exe
C:\Program Files (x86)\Java\jre1.8.0_74\bin\jli.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\jp2iexp.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre1.8.0_74\bin\jp2native.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\jp2ssv.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\jpeg.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\jsdt.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\jsound.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\jsoundds.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\kcms.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\keytool.exe
C:\Program Files (x86)\Java\jre1.8.0_74\bin\kinit.exe
C:\Program Files (x86)\Java\jre1.8.0_74\bin\klist.exe
C:\Program Files (x86)\Java\jre1.8.0_74\bin\ktab.exe
C:\Program Files (x86)\Java\jre1.8.0_74\bin\lcms.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\management.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\mlib_image.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\msvcp120.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\msvcr120.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\npt.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\orbd.exe
C:\Program Files (x86)\Java\jre1.8.0_74\bin\pack200.exe
C:\Program Files (x86)\Java\jre1.8.0_74\bin\plugin2
C:\Program Files (x86)\Java\jre1.8.0_74\bin\policytool.exe
C:\Program Files (x86)\Java\jre1.8.0_74\bin\prism_common.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\prism_d3d.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\prism_sw.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\resource.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\rmid.exe
C:\Program Files (x86)\Java\jre1.8.0_74\bin\rmiregistry.exe
C:\Program Files (x86)\Java\jre1.8.0_74\bin\servertool.exe
C:\Program Files (x86)\Java\jre1.8.0_74\bin\splashscreen.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\ssv.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\ssvagent.exe
C:\Program Files (x86)\Java\jre1.8.0_74\bin\sunmscapi.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\t2k.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\tnameserv.exe
C:\Program Files (x86)\Java\jre1.8.0_74\bin\unpack.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\unpack200.exe
C:\Program Files (x86)\Java\jre1.8.0_74\bin\w2k_lsa_auth.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\WindowsAccessBridge-32.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\wsdetect.dll
C:\Users\Seven01\.-8669121482867832769.jar
C:\Users\Seven01\AppData\Local\Temp\hsperfdata_Seven01\1080
C:\Users\Seven01\7gjn81r2gmtu1\31pegait49eoan4b9pi6l1bjec
C:\Users\Seven01\7gjn81r2gmtu1
C:\Users\Seven01\7gjn81r2gmtu1\31pegait49eoan4b9pi6l1bjec\m2lijvnfcldpu31tcusooa5mc8kdfhlpdntj1gjt11476htp05j
C:\Users\Seven01\7gjn81r2gmtu1\qa3rcpprl2e937d2j76k7kck48t5dk4gdt8tbuuvvpoo0siraui
C:\Users\Seven01\AppData\Local\Temp\slave.config.json
C:\Users\Seven01\7gjn81r2gmtu1\2c9eds5q243aaduv5tte48e1kg\a3cmc8t4k721sjk683j3l9req
C:\Users\Seven01\7gjn81r2gmtu1\2c9eds5q243aaduv5tte48e1kg
C:\Users\Seven01\7gjn81r2gmtu1\2c9eds5q243aaduv5tte48e1kg\a3cmc8t4k721sjk683j3l9req\ec1qdl62h21eormo1q707q6p7
C:\Users\Seven01\7gjn81r2gmtu1\84crpqhb8bagc6ubruaar8u2qvhe3p5pmb68686ir8c035leog2
C:\Program Files (x86)\Java\jre1.8.0_74\lib\net.properties
C:\Windows\Globalization\Sorting\sortdefault.nls

Read Files

C:\Users\Seven01\AppData\Local\Temp\Document_CA_18864.jar
C:\Windows\System32\tzres.dll
C:\Windows\System32\it-IT\tzres.dll.mui
C:\Program Files (x86)\Java\jre1.8.0_74\lib\i386\jvm.cfg
C:\Program Files (x86)\Java\jre1.8.0_74\bin\msvcr100.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\client\jvm.dll
C:\Windows\System32\wsock32.dll
C:\Windows\System32\winmm.dll
C:\Windows\System32\version.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\verify.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\java.dll
C:\Users\Seven01\AppData\Local\Temp\hsperfdata_Seven01\2620
C:\Program Files (x86)\Java\jre1.8.0_74\bin\zip.dll
C:\Program Files (x86)\Java\jre1.8.0_74\lib\meta-index
C:\Program Files (x86)\Java\jre1.8.0_74\bin\client\classes.jsa
C:\Program Files (x86)\Java\jre1.8.0_74\lib\rt.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\meta-index
C:\Program Files (x86)\Java\jre1.8.0_74\lib\jce.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\security\java.security
C:\Program Files (x86)\Java\jre1.8.0_74\lib\jsse.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\sunec.jar
C:\Program Files (x86)\Java\jre1.8.0_74\bin\sunec.dll
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\sunjce_provider.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\security\US_export_policy.jar
C:\Program Files (x86)\Java\jre1.8.0_74\bin\net.dll
C:\Program Files (x86)\Java\jre1.8.0_74\lib\security\local_policy.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\security\blacklisted.certs
C:\Program Files (x86)\Java\jre1.8.0_74\bin\awt.dll
C:\Users\Seven01\.accessibility.properties
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui
C:\Program Files (x86)\Java\jre1.8.0_74\lib\accessibility.properties
\Device\KsecDD
C:\etc\release
\DEVICE\NETBT_TCPIP_{C2D43895-0262-4873-A789-C2F96D24B693}
\DEVICE\NETBT_TCPIP_{846EE342-7039-11DE-9D20-806E6F6E6963}
C:\Program Files (x86)\Java\jre1.8.0_74\bin\nio.dll
C:\Users\Seven01\AppData\Local\Temp\asdqw79240279909387800110COTND.jar
\Device\NamedPipe\
C:\Users\Seven01\AppData\Local\Temp\asdqw51587575849316379271UKQ.jar
C:\Users\Seven01\AppData\Local\Temp\hsperfdata_Seven01\2400
C:\Users\Seven01\AppData\Local\Temp\hsperfdata_Seven01\2172
C:\Users\Seven01\.-8669121482867832769.jar
C:\Users\Seven01\AppData\Local\Temp\hsperfdata_Seven01\1080
C:\Users\Seven01\7gjn81r2gmtu1\31pegait49eoan4b9pi6l1bjec\m2lijvnfcldpu31tcusooa5mc8kdfhlpdntj1gjt11476htp05j
C:\Users\Seven01\7gjn81r2gmtu1\qa3rcpprl2e937d2j76k7kck48t5dk4gdt8tbuuvvpoo0siraui
C:\Users\Seven01\AppData\Local\Temp\slave.config.json
C:\Users\Seven01\7gjn81r2gmtu1\2c9eds5q243aaduv5tte48e1kg\a3cmc8t4k721sjk683j3l9req\ec1qdl62h21eormo1q707q6p7
C:\Users\Seven01\7gjn81r2gmtu1\84crpqhb8bagc6ubruaar8u2qvhe3p5pmb68686ir8c035leog2
C:\Program Files (x86)\Java\jre1.8.0_74\lib\net.properties
C:\Windows\Globalization\Sorting\sortdefault.nls

Write Files

C:\Users\Seven01\AppData\Local\Temp\hsperfdata_Seven01\2620
C:\Users\Seven01\.oracle_jre_usage\48ac84126bcac2cd.timestamp
C:\Users\Seven01\AppData\Local\Temp\asdqw79240279909387800110COTND.jar
C:\Users\Seven01\AppData\Local\Temp\asdqw51587575849316379271UKQ.jar
\Device\NamedPipe
C:\Users\Seven01\AppData\Local\Temp\hsperfdata_Seven01\2400
C:\Users\Seven01\AppData\Local\Temp\hsperfdata_Seven01\2172
C:\Users\Seven01\.-8669121482867832769.jar
C:\Users\Seven01\AppData\Local\Temp\hsperfdata_Seven01\1080
C:\Users\Seven01\7gjn81r2gmtu1\31pegait49eoan4b9pi6l1bjec\m2lijvnfcldpu31tcusooa5mc8kdfhlpdntj1gjt11476htp05j

Delete Files

Nothing to display

Keys

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CMF\Config
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\GDIProcessHandleQuota
HKEY_CURRENT_USER\Control Panel\Desktop
HKEY_CURRENT_USER\Control Panel\Desktop\FontSmoothingOrientation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AutoCheckSelect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\IconsOnly
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowTypeOverlay
HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics
HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics\Shell Icon BPP
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32\PlacesBar
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Shell Dlg 2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager\ThemeActive
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager\DllName
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager\SizeName
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager\ColorName
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{c2d43895-0262-4873-a789-c2f96d24b693}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\EnableDhcp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\Domain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\DhcpDomain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\EnableDhcp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\Domain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DhcpDomain
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\J153e5c1e202:U536576656e3031_s

Read Keys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\GDIProcessHandleQuota
HKEY_CURRENT_USER\Control Panel\Desktop\FontSmoothingOrientation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AutoCheckSelect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\IconsOnly
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowTypeOverlay
HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics\Shell Icon BPP
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Shell Dlg 2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager\ThemeActive
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager\DllName
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager\SizeName
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager\ColorName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\EnableDhcp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\Domain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\DhcpDomain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\EnableDhcp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\Domain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DhcpDomain
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\J153e5c1e202:U536576656e3031_s

Write Keys

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\J153e5c1e202:U536576656e3031_s

Delete Keys

Nothing to display

Mutexes

Resolved APIs

kernel32.dll.FlsAlloc
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.FlsFree
jvm.dll.JNI_CreateJavaVM
jvm.dll.JNI_GetDefaultJavaVMInitArgs
java.dll.JDK_GetVersionInfo0
advapi32.dll.SetSecurityDescriptorControl
zip.dll.ZIP_Open
zip.dll.ZIP_Close
zip.dll.ZIP_FindEntry
zip.dll.ZIP_ReadEntry
zip.dll.ZIP_GetNextEntry
zip.dll.ZIP_CRC32
java.dll.Canonicalize
java.dll._Java_java_lang_Object_registerNatives@8
java.dll._Java_java_lang_System_registerNatives@8
java.dll._Java_java_lang_Thread_registerNatives@8
java.dll._Java_java_security_AccessController_getStackAccessControlContext@8
java.dll._Java_java_security_AccessController_getInheritedAccessControlContext@8
java.dll._Java_java_lang_Class_registerNatives@8
java.dll._Java_java_lang_ClassLoader_registerNatives@8
java.dll._Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedAction_2@12
java.dll._Java_java_lang_Class_forName0@24
java.dll._Java_java_lang_Throwable_fillInStackTrace@12
java.dll._Java_sun_reflect_Reflection_getCallerClass__@8
java.dll._Java_java_lang_Class_getPrimitiveClass@12
java.dll._Java_java_lang_Float_floatToRawIntBits@12
java.dll._Java_java_lang_Double_doubleToRawLongBits@16
java.dll._Java_java_lang_Double_longBitsToDouble@16
java.dll._Java_sun_misc_VM_initialize@8
jvm.dll.JVM_GetVersionInfo
java.dll._Java_java_lang_System_initProperties@12
shell32.dll.SHGetKnownFolderPath
java.dll.NewStringPlatform
java.dll._Java_java_lang_Runtime_maxMemory@8
java.dll._Java_java_io_FileInputStream_initIDs@8
java.dll._Java_java_io_FileDescriptor_initIDs@8
java.dll._Java_java_io_FileDescriptor_set@12
java.dll._Java_java_io_FileOutputStream_initIDs@8
java.dll._Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedExceptionAction_2@12
java.dll._Java_java_lang_String_intern@8
java.dll._Java_java_lang_System_setIn0@12
java.dll._Java_java_lang_Object_getClass@8
java.dll._Java_sun_reflect_Reflection_getClassAccessFlags@12
java.dll._Java_sun_reflect_NativeConstructorAccessorImpl_newInstance0@16
java.dll._Java_java_util_concurrent_atomic_AtomicLong_VMSupportsCS8@8
java.dll._Java_java_lang_System_setOut0@12
java.dll._Java_java_lang_System_setErr0@12
java.dll._Java_java_io_WinNTFileSystem_initIDs@8
kernel32.dll.GetFinalPathNameByHandleW
java.dll._Java_java_lang_System_mapLibraryName@12
java.dll._Java_java_lang_ClassLoader_findBuiltinLib@12
java.dll._Java_java_io_WinNTFileSystem_getBooleanAttributes@12
java.dll._Java_java_io_WinNTFileSystem_canonicalize0@12
java.dll._Java_java_lang_ClassLoader_00024NativeLibrary_load@16
java.dll._Java_sun_misc_Signal_findSignal@12
java.dll._Java_sun_misc_Signal_handle0@20
java.dll._Java_sun_io_Win32ErrorMode_setErrorMode@16
java.dll._Java_java_lang_Compiler_registerNatives@8
java.dll._Java_java_lang_Class_isAssignableFrom@12
java.dll._Java_java_io_FileInputStream_open0@12
java.dll._Java_java_io_FileInputStream_readBytes@20
java.dll._Java_java_io_FileInputStream_available@8
java.dll._Java_java_lang_reflect_Array_newArray@16
java.dll._Java_java_lang_Runtime_availableProcessors@8
java.dll._Java_java_io_FileInputStream_close0@8
java.dll._Java_java_io_WinNTFileSystem_list@12
java.dll._Java_java_io_WinNTFileSystem_canonicalizeWithPrefix0@16
java.dll._Java_sun_misc_URLClassPath_getLookupCacheURLs@12
java.dll._Java_java_lang_ProcessEnvironment_environmentBlock@8
java.dll._Java_java_io_FileOutputStream_open0@16
java.dll._Java_java_io_FileOutputStream_writeBytes@24
java.dll._Java_java_io_FileOutputStream_close0@8
jvm.dll.JVM_FindClassFromBootLoader
java.dll._Java_java_lang_ClassLoader_00024NativeLibrary_find@12
zip.dll._Java_java_util_zip_ZipFile_initIDs@8
java.dll._Java_java_io_WinNTFileSystem_getLastModifiedTime@12
zip.dll._Java_java_util_zip_ZipFile_open@28
zip.dll._Java_java_util_zip_ZipFile_getTotal@16
zip.dll._Java_java_util_zip_ZipFile_startsWithLOC@16
zip.dll._Java_java_util_zip_ZipFile_getEntry@24
zip.dll._Java_java_util_zip_ZipFile_getEntryFlag@16
zip.dll._Java_java_util_zip_ZipFile_getEntryTime@16
zip.dll._Java_java_util_zip_ZipFile_getEntryCrc@16
zip.dll._Java_java_util_zip_ZipFile_getEntrySize@16
zip.dll._Java_java_util_zip_ZipFile_getEntryCSize@16
zip.dll._Java_java_util_zip_ZipFile_getEntryMethod@16
zip.dll._Java_java_util_zip_ZipFile_getEntryBytes@20
zip.dll._Java_java_util_zip_ZipFile_freeEntry@24
zip.dll._Java_java_util_zip_Inflater_initIDs@8
zip.dll._Java_java_util_zip_Inflater_init@12
zip.dll._Java_java_util_zip_Inflater_inflateBytes@28
zip.dll._Java_java_util_zip_ZipFile_read@44
zip.dll._Java_java_util_zip_Inflater_reset@16
zip.dll._Java_java_util_zip_Inflater_end@16
zip.dll._Java_java_util_zip_ZipFile_close@16
java.dll._Java_java_lang_ClassLoader_findLoadedClass0@12
java.dll._Java_java_lang_ClassLoader_findBootstrapClass@12
java.dll._Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedExceptionAction_2Ljava_security_AccessControlContext_2@16
zip.dll._Java_java_util_jar_JarFile_getMetaInfEntryNames@8
java.dll._Java_java_lang_ClassLoader_defineClass1@32
java.dll._Java_sun_reflect_NativeMethodAccessorImpl_invoke0@20
java.dll._Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedAction_2Ljava_security_AccessControlContext_2@16
java.dll._Java_java_lang_Package_getSystemPackage0@12
zip.dll._Java_java_util_zip_ZipFile_getNextEntry@20
net.dll._JNI_OnLoad@8
net.dll._Java_java_net_InetAddress_init@8
net.dll._Java_java_net_InetAddressImplFactory_isIPv6Supported@8
net.dll._Java_java_net_Inet6AddressImpl_getLocalHostName@8
net.dll._Java_java_net_Inet6AddressImpl_lookupAllHostAddr@12
net.dll._Java_java_net_Inet4Address_init@8
net.dll._Java_java_net_Inet6Address_init@8
java.dll._Java_java_lang_Runtime_totalMemory@8
java.dll._Java_java_lang_Runtime_freeMemory@8
java.dll._Java_java_lang_Class_isInstance@12
java.dll._Java_java_lang_System_identityHashCode@12
java.dll._Java_java_lang_SecurityManager_getClassContext@8
zip.dll._Java_java_util_zip_CRC32_update@16
zip.dll._Java_java_util_zip_CRC32_updateBytes@24
java.dll._Java_java_lang_reflect_Array_getLength@12
java.dll._Java_java_io_ObjectStreamClass_initNative@8
java.dll._Java_sun_misc_VM_latestUserDefinedLoader@8
java.dll._Java_java_lang_Float_intBitsToFloat@12
user32.dll.RegisterWindowMessageW
user32.dll.GetKeyboardLayout
user32.dll.GetDoubleClickTime
user32.dll.GetSystemMetrics
user32.dll.RegisterClipboardFormatW
user32.dll.MapVirtualKeyExW
user32.dll.ToAsciiEx
user32.dll.GetKeyboardState
awt.dll._JNI_OnLoad@8
awt.dll._Java_java_awt_Toolkit_initIDs@8
awt.dll._Java_java_awt_Insets_initIDs@8
awt.dll._Java_sun_awt_windows_WToolkit_initIDs@8
awt.dll._Java_sun_java2d_SurfaceData_initIDs@8
awt.dll._Java_java_awt_image_ColorModel_initIDs@8
awt.dll._Java_java_awt_image_IndexColorModel_initIDs@8
awt.dll._Java_sun_java2d_pipe_SpanClipRenderer_initIDs@16
awt.dll._Java_sun_java2d_pipe_Region_initIDs@8
awt.dll._Java_java_awt_Component_initIDs@8
awt.dll._Java_java_awt_AWTEvent_initIDs@8
awt.dll._Java_java_awt_event_InputEvent_initIDs@8
awt.dll._Java_sun_awt_windows_WObjectPeer_initIDs@8
awt.dll._Java_java_awt_Font_initIDs@8
awt.dll._Java_sun_java2d_Disposer_initIDs@8
awt.dll._Java_sun_awt_windows_WToolkit_startToolkitThread@16
awt.dll._Java_sun_awt_windows_WToolkit_init@8
comctl32.dll.InitCommonControlsEx
user32.dll.LoadIconW
user32.dll.RegisterClassW
user32.dll.GetDC
gdi32.dll.GetDeviceCaps
user32.dll.ReleaseDC
user32.dll.CreateWindowExW
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
user32.dll.DefWindowProcW
dwmapi.dll.DwmIsCompositionEnabled
user32.dll.SetWindowsHookExW
ole32.dll.OleInitialize
cryptbase.dll.SystemFunction036
awt.dll._Java_sun_awt_windows_WToolkit_eventLoop@8
awt.dll._Java_sun_awt_windows_WToolkit_setDynamicLayoutNative@12
user32.dll.WaitMessage
awt.dll._Java_sun_awt_windows_WToolkit_setExtraMouseButtonsEnabledNative@12
awt.dll._Java_sun_awt_windows_WDesktopProperties_initIDs@8
awt.dll._Java_sun_awt_windows_WDesktopProperties_init@8
awt.dll._Java_sun_awt_windows_WDesktopProperties_getWindowsParameters@8
user32.dll.SystemParametersInfoW
user32.dll.GetSysColor
awt.dll._Java_java_awt_Color_initIDs@8
shell32.dll.SHGetSettings
advapi32.dll.OpenThreadToken
gdi32.dll.CreateDCW
gdi32.dll.GetStockObject
gdi32.dll.SelectObject
gdi32.dll.GetTextFaceW
gdi32.dll.GetTextMetricsW
gdi32.dll.DeleteDC
awt.dll._Java_java_awt_Dimension_initIDs@8
awt.dll._Java_sun_java2d_windows_WindowsFlags_initNativeFlags@8
awt.dll._Java_sun_awt_Win32GraphicsEnvironment_initDisplay@8
user32.dll.SetProcessDPIAware
user32.dll.EnumDisplayMonitors
user32.dll.GetMonitorInfoW
gdi32.dll.CreateCompatibleBitmap
gdi32.dll.GetDIBits
gdi32.dll.DeleteObject
awt.dll._Java_java_awt_KeyboardFocusManager_initIDs@8
awt.dll._Java_java_awt_Container_initIDs@8
awt.dll._Java_sun_awt_windows_WToolkit_loadSystemColors@12
awt.dll._Java_sun_awt_windows_ThemeReader_isThemed@8
uxtheme.dll.OpenThemeData
uxtheme.dll.DrawThemeBackground
uxtheme.dll.CloseThemeData
uxtheme.dll.DrawThemeText
uxtheme.dll.GetThemeBackgroundContentRect
uxtheme.dll.GetThemeMargins
uxtheme.dll.IsThemePartDefined
uxtheme.dll.GetThemeBool
uxtheme.dll.GetThemeSysBool
uxtheme.dll.GetThemeColor
uxtheme.dll.GetThemeEnumValue
uxtheme.dll.GetThemeInt
uxtheme.dll.GetThemePosition
uxtheme.dll.GetThemePartSize
uxtheme.dll.SetWindowTheme
uxtheme.dll.IsThemeBackgroundPartiallyTransparent
uxtheme.dll.GetThemeTransitionDuration
awt.dll._Java_sun_awt_windows_ThemeReader_openTheme@12
awt.dll._Java_sun_awt_windows_ThemeReader_getSysBoolean@20
awt.dll._Java_sun_awt_windows_ThemeReader_getInt@28
awt.dll._Java_sun_awt_windows_ThemeReader_getPartSize@24
java.dll._Java_sun_security_provider_NativeSeedGenerator_nativeGenerateSeed@12
cryptsp.dll.CryptAcquireContextA
cryptsp.dll.CryptGenRandom
cryptsp.dll.CryptReleaseContext
net.dll._Java_java_net_NetworkInterface_init@8
net.dll._Java_java_net_NetworkInterface_getAll@8
iphlpapi.dll.GetIfTable
iphlpapi.dll.GetFriendlyIfIndex
iphlpapi.dll.GetIpAddrTable
dhcpcsvc6.dll.Dhcpv6QueryLeaseInfo
iphlpapi.dll.ConvertInterfaceNameToLuidW
dhcpcsvc.dll.DhcpIsEnabled
iphlpapi.dll.GetAdaptersAddresses
net.dll._Java_java_net_NetworkInterface_getMacAddr0@20
nio.dll._Java_sun_nio_fs_WindowsNativeDispatcher_initIDs@8
kernel32.dll.FindFirstStreamW
kernel32.dll.FindNextStreamW
kernel32.dll.CreateSymbolicLinkW
nio.dll._Java_sun_nio_fs_WindowsNativeDispatcher_FindFirstFile0@20
nio.dll._Java_sun_nio_fs_WindowsNativeDispatcher_FindNextFile@24
nio.dll._Java_sun_nio_fs_WindowsNativeDispatcher_FindClose@16
java.dll._Java_java_io_WinNTFileSystem_createFileExclusively@12
java.dll._Java_java_lang_ProcessImpl_getStillActive@8
java.dll._Java_java_lang_ProcessImpl_create@28
awt.dll._Java_sun_awt_windows_WToolkit_shutdown@8
user32.dll.SendMessageW
user32.dll.PeekMessageW
user32.dll.EnumThreadWindows
user32.dll.PostMessageW
user32.dll.CallNextHookEx
user32.dll.PostQuitMessage
ole32.dll.OleUninitialize
oleaut32.dll.#500
user32.dll.GetMessageW
user32.dll.IsWindow
user32.dll.DestroyWindow
user32.dll.UnregisterClassW
user32.dll.UnhookWindowsHookEx
java.dll._Java_java_io_WinNTFileSystem_delete0@12
java.dll._Java_java_io_WinNTFileSystem_createDirectory@12
java.dll._Java_java_io_ObjectStreamClass_hasStaticInitializer@12
java.dll._Java_java_lang_ProcessImpl_closeHandle@16
net.dll._Java_java_net_DualStackPlainSocketImpl_initIDs@8
net.dll._Java_java_net_DualStackPlainSocketImpl_socket0@16
net.dll._Java_java_net_DualStackPlainSocketImpl_connect0@20
net.dll._Java_java_net_DualStackPlainSocketImpl_close0@12
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle

Execute Commands

"C:\Program Files (x86)\Java\jre1.8.0_74\bin\javaw.exe" -jar "C:\Users\Seven01\AppData\Local\Temp\asdqw79240279909387800110COTND.jar"
"C:\Program Files (x86)\Java\jre1.8.0_74\bin\javaw.exe" -jar "C:\Users\Seven01\AppData\Local\Temp\asdqw51587575849316379271UKQ.jar"
"C:\Program Files (x86)\Java\jre1.8.0_74\bin\java.exe" -jar C:\Users\Seven01\.-8669121482867832769.jar
reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v J153e5c1e202:U536576656e3031_s /t REG_SZ /d "\"C:\Program Files (x86)\Java\jre1.8.0_74\bin\javaw.exe\" -jar \"C:\Users\Seven01\.-8669121482867832769.jar\""

Started Services

Nothing to display

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven02_64 Seven02_64 VirtualBox 2019-04-19 13:26:04 2019-04-19 13:29:09 185

1 Host(s) detected

IP Address Hostname Reverse DNS
179.43.156.194 Switzerland

Host(s) by Country

Hosts Country 1
1 Switzerland Switzerland

#infosec #automation

TheSystem Itself @ 2019-04-16 10:36:12