Overview
overview
5Static
static
3weka-3-9-6...ws.exe
windows11-21h2-x64
4RunWeka.bat
windows11-21h2-x64
5WekaManual.pdf
windows11-21h2-x64
1changelogs...0.html
windows11-21h2-x64
1doc/script...min.js
windows11-21h2-x64
1doc/script...min.js
windows11-21h2-x64
1doc/script.js
windows11-21h2-x64
1doc/search.js
windows11-21h2-x64
1doc/serial...m.html
windows11-21h2-x64
1doc/tag-se...dex.js
windows11-21h2-x64
1doc/type-s...dex.js
windows11-21h2-x64
1doc/weka/R...e.html
windows11-21h2-x64
1doc/weka/Run.html
windows11-21h2-x64
1doc/weka/a...r.html
windows11-21h2-x64
1doc/weka/a...i.html
windows11-21h2-x64
1doc/weka/a...t.html
windows11-21h2-x64
1doc/weka/a...e.html
windows11-21h2-x64
1doc/weka/a...s.html
windows11-21h2-x64
1doc/weka/a...r.html
windows11-21h2-x64
1doc/weka/a...r.html
windows11-21h2-x64
1doc/weka/a...n.html
windows11-21h2-x64
1doc/weka/a...m.html
windows11-21h2-x64
1doc/weka/a...r.html
windows11-21h2-x64
1doc/weka/a...r.html
windows11-21h2-x64
1doc/weka/a...E.html
windows11-21h2-x64
1doc/weka/a...e.html
windows11-21h2-x64
1doc/weka/a...h.html
windows11-21h2-x64
1doc/weka/a...s.html
windows11-21h2-x64
1doc/weka/a...r.html
windows11-21h2-x64
1doc/weka/a...m.html
windows11-21h2-x64
1doc/weka/a...t.html
windows11-21h2-x64
1doc/weka/a...t.html
windows11-21h2-x64
1Analysis
-
max time kernel
83s -
max time network
98s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system -
submitted
22/02/2024, 15:25
Behavioral task
behavioral1
Sample
weka-3-9-6-azul-zulu-windows.exe
Resource
win11-20240221-en
Behavioral task
behavioral2
Sample
RunWeka.bat
Resource
win11-20240221-en
Behavioral task
behavioral3
Sample
WekaManual.pdf
Resource
win11-20240221-en
Behavioral task
behavioral4
Sample
changelogs/CHANGELOG-3-5-0.html
Resource
win11-20240221-en
Behavioral task
behavioral5
Sample
doc/script-dir/jquery-3.5.1.min.js
Resource
win11-20240221-en
Behavioral task
behavioral6
Sample
doc/script-dir/jquery-ui.min.js
Resource
win11-20240221-en
Behavioral task
behavioral7
Sample
doc/script.js
Resource
win11-20240221-en
Behavioral task
behavioral8
Sample
doc/search.js
Resource
win11-20240221-en
Behavioral task
behavioral9
Sample
doc/serialized-form.html
Resource
win11-20240221-en
Behavioral task
behavioral10
Sample
doc/tag-search-index.js
Resource
win11-20240221-en
Behavioral task
behavioral11
Sample
doc/type-search-index.js
Resource
win11-20240221-en
Behavioral task
behavioral12
Sample
doc/weka/Run.SchemeType.html
Resource
win11-20240221-en
Behavioral task
behavioral13
Sample
doc/weka/Run.html
Resource
win11-20240221-en
Behavioral task
behavioral14
Sample
doc/weka/associations/AbstractAssociator.html
Resource
win11-20240221-en
Behavioral task
behavioral15
Sample
doc/weka/associations/Apriori.html
Resource
win11-20240221-en
Behavioral task
behavioral16
Sample
doc/weka/associations/AprioriItemSet.html
Resource
win11-20240221-en
Behavioral task
behavioral17
Sample
doc/weka/associations/AssociationRule.html
Resource
win11-20240221-en
Behavioral task
behavioral18
Sample
doc/weka/associations/AssociationRules.html
Resource
win11-20240221-en
Behavioral task
behavioral19
Sample
doc/weka/associations/AssociationRulesProducer.html
Resource
win11-20240221-en
Behavioral task
behavioral20
Sample
doc/weka/associations/Associator.html
Resource
win11-20240221-en
Behavioral task
behavioral21
Sample
doc/weka/associations/AssociatorEvaluation.html
Resource
win11-20240221-en
Behavioral task
behavioral22
Sample
doc/weka/associations/BinaryItem.html
Resource
win11-20240221-en
Behavioral task
behavioral23
Sample
doc/weka/associations/CARuleMiner.html
Resource
win11-20240221-en
Behavioral task
behavioral24
Sample
doc/weka/associations/CheckAssociator.html
Resource
win11-20240221-en
Behavioral task
behavioral25
Sample
doc/weka/associations/DefaultAssociationRule.METRIC_TYPE.html
Resource
win11-20240221-en
Behavioral task
behavioral26
Sample
doc/weka/associations/DefaultAssociationRule.html
Resource
win11-20240221-en
Behavioral task
behavioral27
Sample
doc/weka/associations/FPGrowth.html
Resource
win11-20240221-en
Behavioral task
behavioral28
Sample
doc/weka/associations/FilteredAssociationRules.html
Resource
win11-20240221-en
Behavioral task
behavioral29
Sample
doc/weka/associations/FilteredAssociator.html
Resource
win11-20240221-en
Behavioral task
behavioral30
Sample
doc/weka/associations/Item.html
Resource
win11-20240221-en
Behavioral task
behavioral31
Sample
doc/weka/associations/ItemSet.html
Resource
win11-20240221-en
Behavioral task
behavioral32
Sample
doc/weka/associations/LabeledItemSet.html
Resource
win11-20240221-en
General
-
Target
RunWeka.bat
-
Size
1KB
-
MD5
3bf83e0b05c9f8fcc7e232a2d0b38b39
-
SHA1
afd59a6008266cbdc2396aab44c5826014fbcc2c
-
SHA256
14262f56ade4c745fa7f10a71f3432d1ed5d9ca9ee71b95ef9a0f676666d420c
-
SHA512
c141d4cc6706390e742b1680e81138085f944307cdef9f2361f02a57c322551c2dce2a7b7171b0e081f6561cdd2783cb032423a82b0e0e50e7399a47da51fdbc
Malware Config
Signatures
-
Drops file in System32 directory 6 IoCs
description ioc Process File opened for modification C:\Windows\SYSTEM32\dll\jvm.pdb javaw.exe File opened for modification C:\Windows\SYSTEM32\symbols\dll\jvm.pdb javaw.exe File opened for modification C:\Windows\SYSTEM32\ntdll.pdb javaw.exe File opened for modification C:\Windows\SYSTEM32\dll\ntdll.pdb javaw.exe File opened for modification C:\Windows\SYSTEM32\symbols\dll\ntdll.pdb javaw.exe File opened for modification C:\Windows\SYSTEM32\jvm.pdb javaw.exe -
Drops file in Windows directory 6 IoCs
description ioc Process File opened for modification C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\symbols\dll\jvm.pdb javaw.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\ntdll.pdb javaw.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\dll\ntdll.pdb javaw.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\symbols\dll\ntdll.pdb javaw.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\jvm.pdb javaw.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\dll\jvm.pdb javaw.exe -
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 javaw.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision javaw.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 javaw.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision javaw.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString javaw.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 4580 javaw.exe 4580 javaw.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 4904 wrote to memory of 1144 4904 cmd.exe 80 PID 4904 wrote to memory of 1144 4904 cmd.exe 80 PID 1144 wrote to memory of 1820 1144 cmd.exe 81 PID 1144 wrote to memory of 1820 1144 cmd.exe 81 PID 4904 wrote to memory of 3572 4904 cmd.exe 82 PID 4904 wrote to memory of 3572 4904 cmd.exe 82 PID 3572 wrote to memory of 4580 3572 javaw.exe 83 PID 3572 wrote to memory of 4580 3572 javaw.exe 83
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\RunWeka.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:4904 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c where.exe /R . javaw.exe2⤵
- Suspicious use of WriteProcessMemory
PID:1144 -
C:\Windows\system32\where.exewhere.exe /R . javaw.exe3⤵PID:1820
-
-
-
C:\Users\Admin\AppData\Local\Temp\jre\zulu17.32.13-ca-fx-jre17.0.2-win_x64\bin\javaw.exe"C:\Users\Admin\AppData\Local\Temp\jre\zulu17.32.13-ca-fx-jre17.0.2-win_x64\bin\javaw.exe" -classpath . RunWeka -c default -jre-path .\jre\* --2⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:3572 -
C:\Users\Admin\AppData\Local\Temp\jre\zulu17.32.13-ca-fx-jre17.0.2-win_x64\bin\javaw.exe"jre\zulu17.32.13-ca-fx-jre17.0.2-win_x64\bin\javaw" -Dfile.encoding=Cp1252 --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.lang.annotation=ALL-UNNAMED --add-opens=java.base/java.lang.constant=ALL-UNNAMED --add-opens=java.base/java.lang.invoke=ALL-UNNAMED --add-opens=java.base/java.lang.module=ALL-UNNAMED --add-opens=java.base/java.lang.ref=ALL-UNNAMED --add-opens=java.base/java.lang.reflect=ALL-UNNAMED --add-opens=java.base/java.lang.runtime=ALL-UNNAMED --add-opens=java.base/java.math=ALL-UNNAMED --add-opens=java.base/java.net=ALL-UNNAMED --add-opens=java.base/java.net.spi=ALL-UNNAMED --add-opens=java.base/java.nio=ALL-UNNAMED --add-opens=java.base/java.nio.channels=ALL-UNNAMED --add-opens=java.base/java.nio.channels.spi=ALL-UNNAMED --add-opens=java.base/java.nio.charset=ALL-UNNAMED --add-opens=java.base/java.nio.charset.spi=ALL-UNNAMED --add-opens=java.base/java.nio.file=ALL-UNNAMED --add-opens=java.base/java.nio.file.attribute=ALL-UNNAMED --add-opens=java.base/java.nio.file.spi=ALL-UNNAMED --add-opens=java.base/java.security=ALL-UNNAMED --add-opens=java.base/java.security.cert=ALL-UNNAMED --add-opens=java.base/java.security.interfaces=ALL-UNNAMED --add-opens=java.base/java.security.spec=ALL-UNNAMED --add-opens=java.base/java.text=ALL-UNNAMED --add-opens=java.base/java.text.spi=ALL-UNNAMED --add-opens=java.base/java.time=ALL-UNNAMED --add-opens=java.base/java.time.chrono=ALL-UNNAMED --add-opens=java.base/java.time.format=ALL-UNNAMED --add-opens=java.base/java.time.temporal=ALL-UNNAMED --add-opens=java.base/java.time.zone=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.base/java.util.concurrent.atomic=ALL-UNNAMED --add-opens=java.base/java.util.concurrent.locks=ALL-UNNAMED --add-opens=java.base/java.util.function=ALL-UNNAMED --add-opens=java.base/java.util.jar=ALL-UNNAMED --add-opens=java.base/java.util.random=ALL-UNNAMED --add-opens=java.base/java.util.regex=ALL-UNNAMED --add-opens=java.base/java.util.spi=ALL-UNNAMED --add-opens=java.base/java.util.stream=ALL-UNNAMED --add-opens=java.base/java.util.zip=ALL-UNNAMED --add-opens=java.base/javax.crypto=ALL-UNNAMED --add-opens=java.base/javax.crypto.interfaces=ALL-UNNAMED --add-opens=java.base/javax.crypto.spec=ALL-UNNAMED --add-opens=java.base/javax.net=ALL-UNNAMED --add-opens=java.base/javax.net.ssl=ALL-UNNAMED --add-opens=java.base/javax.security.auth=ALL-UNNAMED --add-opens=java.base/javax.security.auth.callback=ALL-UNNAMED --add-opens=java.base/javax.security.auth.login=ALL-UNNAMED --add-opens=java.base/javax.security.auth.spi=ALL-UNNAMED --add-opens=java.base/javax.security.auth.x500=ALL-UNNAMED --add-opens=java.base/javax.security.cert=ALL-UNNAMED --add-opens=java.compiler/javax.annotation.processing=ALL-UNNAMED --add-opens=java.compiler/javax.lang.model=ALL-UNNAMED --add-opens=java.compiler/javax.lang.model.element=ALL-UNNAMED --add-opens=java.compiler/javax.lang.model.type=ALL-UNNAMED --add-opens=java.compiler/javax.lang.model.util=ALL-UNNAMED --add-opens=java.compiler/javax.tools=ALL-UNNAMED --add-opens=java.datatransfer/java.awt.datatransfer=ALL-UNNAMED --add-opens=java.desktop/java.applet=ALL-UNNAMED --add-opens=java.desktop/java.awt=ALL-UNNAMED --add-opens=java.desktop/java.awt.color=ALL-UNNAMED --add-opens=java.desktop/java.awt.desktop=ALL-UNNAMED --add-opens=java.desktop/java.awt.dnd=ALL-UNNAMED --add-opens=java.desktop/java.awt.event=ALL-UNNAMED --add-opens=java.desktop/java.awt.font=ALL-UNNAMED --add-opens=java.desktop/java.awt.geom=ALL-UNNAMED --add-opens=java.desktop/java.awt.im=ALL-UNNAMED --add-opens=java.desktop/java.awt.im.spi=ALL-UNNAMED --add-opens=java.desktop/java.awt.image=ALL-UNNAMED --add-opens=java.desktop/java.awt.image.renderable=ALL-UNNAMED --add-opens=java.desktop/java.awt.print=ALL-UNNAMED --add-opens=java.desktop/java.beans=ALL-UNNAMED --add-opens=java.desktop/java.beans.beancontext=ALL-UNNAMED --add-opens=java.desktop/javax.accessibility=ALL-UNNAMED --add-opens=java.desktop/javax.imageio=ALL-UNNAMED --add-opens=java.desktop/javax.imageio.event=ALL-UNNAMED --add-opens=java.desktop/javax.imageio.metadata=ALL-UNNAMED --add-opens=java.desktop/javax.imageio.plugins.bmp=ALL-UNNAMED --add-opens=java.desktop/javax.imageio.plugins.jpeg=ALL-UNNAMED --add-opens=java.desktop/javax.imageio.plugins.tiff=ALL-UNNAMED --add-opens=java.desktop/javax.imageio.spi=ALL-UNNAMED --add-opens=java.desktop/javax.imageio.stream=ALL-UNNAMED --add-opens=java.desktop/javax.print=ALL-UNNAMED --add-opens=java.desktop/javax.print.attribute=ALL-UNNAMED --add-opens=java.desktop/javax.print.attribute.standard=ALL-UNNAMED --add-opens=java.desktop/javax.print.event=ALL-UNNAMED --add-opens=java.desktop/javax.sound.midi=ALL-UNNAMED --add-opens=java.desktop/javax.sound.midi.spi=ALL-UNNAMED --add-opens=java.desktop/javax.sound.sampled=ALL-UNNAMED --add-opens=java.desktop/javax.sound.sampled.spi=ALL-UNNAMED --add-opens=java.desktop/javax.swing=ALL-UNNAMED --add-opens=java.desktop/javax.swing.border=ALL-UNNAMED --add-opens=java.desktop/javax.swing.colorchooser=ALL-UNNAMED --add-opens=java.desktop/javax.swing.event=ALL-UNNAMED --add-opens=java.desktop/javax.swing.filechooser=ALL-UNNAMED --add-opens=java.desktop/javax.swing.plaf=ALL-UNNAMED --add-opens=java.desktop/javax.swing.plaf.basic=ALL-UNNAMED --add-opens=java.desktop/javax.swing.plaf.metal=ALL-UNNAMED --add-opens=java.desktop/javax.swing.plaf.multi=ALL-UNNAMED --add-opens=java.desktop/javax.swing.plaf.nimbus=ALL-UNNAMED --add-opens=java.desktop/javax.swing.plaf.synth=ALL-UNNAMED --add-opens=java.desktop/javax.swing.table=ALL-UNNAMED --add-opens=java.desktop/javax.swing.text=ALL-UNNAMED --add-opens=java.desktop/javax.swing.text.html=ALL-UNNAMED --add-opens=java.desktop/javax.swing.text.html.parser=ALL-UNNAMED --add-opens=java.desktop/javax.swing.text.rtf=ALL-UNNAMED --add-opens=java.desktop/javax.swing.tree=ALL-UNNAMED --add-opens=java.desktop/javax.swing.undo=ALL-UNNAMED --add-opens=java.instrument/java.lang.instrument=ALL-UNNAMED --add-opens=java.logging/java.util.logging=ALL-UNNAMED --add-opens=java.management/java.lang.management=ALL-UNNAMED --add-opens=java.management/javax.management=ALL-UNNAMED --add-opens=java.management/javax.management.loading=ALL-UNNAMED --add-opens=java.management/javax.management.modelmbean=ALL-UNNAMED --add-opens=java.management/javax.management.monitor=ALL-UNNAMED --add-opens=java.management/javax.management.openmbean=ALL-UNNAMED --add-opens=java.management/javax.management.relation=ALL-UNNAMED --add-opens=java.management/javax.management.remote=ALL-UNNAMED --add-opens=java.management/javax.management.timer=ALL-UNNAMED --add-opens=java.management.rmi/javax.management.remote.rmi=ALL-UNNAMED --add-opens=java.naming/javax.naming=ALL-UNNAMED --add-opens=java.naming/javax.naming.directory=ALL-UNNAMED --add-opens=java.naming/javax.naming.event=ALL-UNNAMED --add-opens=java.naming/javax.naming.ldap=ALL-UNNAMED --add-opens=java.naming/javax.naming.ldap.spi=ALL-UNNAMED --add-opens=java.naming/javax.naming.spi=ALL-UNNAMED --add-opens=java.net.http/java.net.http=ALL-UNNAMED --add-opens=java.prefs/java.util.prefs=ALL-UNNAMED --add-opens=java.rmi/java.rmi=ALL-UNNAMED --add-opens=java.rmi/java.rmi.dgc=ALL-UNNAMED --add-opens=java.rmi/java.rmi.registry=ALL-UNNAMED --add-opens=java.rmi/java.rmi.server=ALL-UNNAMED --add-opens=java.rmi/javax.rmi.ssl=ALL-UNNAMED --add-opens=java.scripting/javax.script=ALL-UNNAMED --add-opens=java.security.jgss/javax.security.auth.kerberos=ALL-UNNAMED --add-opens=java.security.jgss/org.ietf.jgss=ALL-UNNAMED --add-opens=java.security.sasl/javax.security.sasl=ALL-UNNAMED --add-opens=java.smartcardio/javax.smartcardio=ALL-UNNAMED --add-opens=java.sql/java.sql=ALL-UNNAMED --add-opens=java.sql/javax.sql=ALL-UNNAMED --add-opens=java.sql.rowset/javax.sql.rowset=ALL-UNNAMED --add-opens=java.sql.rowset/javax.sql.rowset.serial=ALL-UNNAMED --add-opens=java.sql.rowset/javax.sql.rowset.spi=ALL-UNNAMED --add-opens=java.transaction.xa/javax.transaction.xa=ALL-UNNAMED --add-opens=java.xml/javax.xml=ALL-UNNAMED --add-opens=java.xml/javax.xml.catalog=ALL-UNNAMED --add-opens=java.xml/javax.xml.datatype=ALL-UNNAMED --add-opens=java.xml/javax.xml.namespace=ALL-UNNAMED --add-opens=java.xml/javax.xml.parsers=ALL-UNNAMED --add-opens=java.xml/javax.xml.stream=ALL-UNNAMED --add-opens=java.xml/javax.xml.stream.events=ALL-UNNAMED --add-opens=java.xml/javax.xml.stream.util=ALL-UNNAMED --add-opens=java.xml/javax.xml.transform=ALL-UNNAMED --add-opens=java.xml/javax.xml.transform.dom=ALL-UNNAMED --add-opens=java.xml/javax.xml.transform.sax=ALL-UNNAMED --add-opens=java.xml/javax.xml.transform.stax=ALL-UNNAMED --add-opens=java.xml/javax.xml.transform.stream=ALL-UNNAMED --add-opens=java.xml/javax.xml.validation=ALL-UNNAMED --add-opens=java.xml/javax.xml.xpath=ALL-UNNAMED --add-opens=java.xml/org.w3c.dom=ALL-UNNAMED --add-opens=java.xml/org.w3c.dom.bootstrap=ALL-UNNAMED --add-opens=java.xml/org.w3c.dom.events=ALL-UNNAMED --add-opens=java.xml/org.w3c.dom.ls=ALL-UNNAMED --add-opens=java.xml/org.w3c.dom.ranges=ALL-UNNAMED --add-opens=java.xml/org.w3c.dom.traversal=ALL-UNNAMED --add-opens=java.xml/org.w3c.dom.views=ALL-UNNAMED --add-opens=java.xml/org.xml.sax=ALL-UNNAMED --add-opens=java.xml/org.xml.sax.ext=ALL-UNNAMED --add-opens=java.xml/org.xml.sax.helpers=ALL-UNNAMED --add-opens=java.xml.crypto/javax.xml.crypto=ALL-UNNAMED --add-opens=java.xml.crypto/javax.xml.crypto.dom=ALL-UNNAMED --add-opens=java.xml.crypto/javax.xml.crypto.dsig=ALL-UNNAMED --add-opens=java.xml.crypto/javax.xml.crypto.dsig.dom=ALL-UNNAMED --add-opens=java.xml.crypto/javax.xml.crypto.dsig.keyinfo=ALL-UNNAMED --add-opens=java.xml.crypto/javax.xml.crypto.dsig.spec=ALL-UNNAMED --add-opens=javafx.base/javafx.beans=ALL-UNNAMED --add-opens=javafx.base/javafx.beans.binding=ALL-UNNAMED --add-opens=javafx.base/javafx.beans.property=ALL-UNNAMED --add-opens=javafx.base/javafx.beans.property.adapter=ALL-UNNAMED --add-opens=javafx.base/javafx.beans.value=ALL-UNNAMED --add-opens=javafx.base/javafx.collections=ALL-UNNAMED --add-opens=javafx.base/javafx.collections.transformation=ALL-UNNAMED --add-opens=javafx.base/javafx.event=ALL-UNNAMED --add-opens=javafx.base/javafx.util=ALL-UNNAMED --add-opens=javafx.base/javafx.util.converter=ALL-UNNAMED --add-opens=javafx.controls/javafx.scene.chart=ALL-UNNAMED --add-opens=javafx.controls/javafx.scene.control=ALL-UNNAMED --add-opens=javafx.controls/javafx.scene.control.cell=ALL-UNNAMED --add-opens=javafx.controls/javafx.scene.control.skin=ALL-UNNAMED --add-opens=javafx.fxml/javafx.fxml=ALL-UNNAMED --add-opens=javafx.graphics/javafx.animation=ALL-UNNAMED --add-opens=javafx.graphics/javafx.application=ALL-UNNAMED --add-opens=javafx.graphics/javafx.concurrent=ALL-UNNAMED --add-opens=javafx.graphics/javafx.css=ALL-UNNAMED --add-opens=javafx.graphics/javafx.css.converter=ALL-UNNAMED --add-opens=javafx.graphics/javafx.geometry=ALL-UNNAMED --add-opens=javafx.graphics/javafx.print=ALL-UNNAMED --add-opens=javafx.graphics/javafx.scene=ALL-UNNAMED --add-opens=javafx.graphics/javafx.scene.canvas=ALL-UNNAMED --add-opens=javafx.graphics/javafx.scene.effect=ALL-UNNAMED --add-opens=javafx.graphics/javafx.scene.image=ALL-UNNAMED --add-opens=javafx.graphics/javafx.scene.input=ALL-UNNAMED --add-opens=javafx.graphics/javafx.scene.layout=ALL-UNNAMED --add-opens=javafx.graphics/javafx.scene.paint=ALL-UNNAMED --add-opens=javafx.graphics/javafx.scene.robot=ALL-UNNAMED --add-opens=javafx.graphics/javafx.scene.shape=ALL-UNNAMED --add-opens=javafx.graphics/javafx.scene.text=ALL-UNNAMED --add-opens=javafx.graphics/javafx.scene.transform=ALL-UNNAMED --add-opens=javafx.graphics/javafx.stage=ALL-UNNAMED --add-opens=javafx.media/javafx.scene.media=ALL-UNNAMED --add-opens=javafx.swing/javafx.embed.swing=ALL-UNNAMED --add-opens=javafx.web/javafx.scene.web=ALL-UNNAMED --add-opens=java.base/sun.net.www.protocol.jar=ALL-UNNAMED --add-opens=java.base/sun.nio.ch=ALL-UNNAMED --add-opens=java.desktop/sun.awt=ALL-UNNAMED --add-opens=java.desktop/sun.java2d=ALL-UNNAMED --add-opens=javafx.graphics/com.sun.javafx.tk=ALL-UNNAMED --add-opens=javafx.graphics/com.sun.javafx.tk.quantum=ALL-UNNAMED --add-opens=javafx.graphics/com.sun.glass.ui=ALL-UNNAMED -Xss20m -Djava.net.useSystemProxies=true -classpath "weka.jar;" weka.gui.GUIChooser3⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
PID:4580
-
-