Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
Score: 80
|
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
|
|
|
malicious
Score: 80
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Potential for more IOCs and behavior
|
Name | Detection |
---|---|
http://xml.org/sax/features/use-entity-resolver2 | |
http://apache.org/xml/features/include-comments0 | |
http://java.sun.com/xml/stream/properties/ignore-external-dtdV | |
Click to see the 97 hidden entries | |
http://apache.org/xml/features/validation/balance-syntax-trees | |
http://xml.org/sax/features/allow-dtd-events-after-endDTD | |
http://java.sun.com/dtd/properties.dtd | |
http://apache.org/xml/features/standard-uri-conformanter2 | |
http://apache.org/xml/features/generate-synthetic-annotations | |
http://apache.org/xml/features/ | |
http://xml.org/sax/properties/C | |
http://java.oracle.com/ | |
http://apache.org/xml/properties/internal/entity-resolver | |
http://bugreport.sun.com/bugreport/ | |
http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only | |
http://apache.org/xml/properties/internal/validation/schema/dv-factory7 | |
http://apache.org/xml/properties/internal/document-scanner | |
http://apache.org/xml/features/standard-uri-conformant | |
http://apache.org/xml/features/continue-after-fatal-error | |
http://apache.org/xml/features/validation/schema/normalized-valueB | |
http://apache.org/xml/features/nonvalidating/load-external-dtd: | |
http://java.sun.com/xml/stream/properties/report-cdata-event | |
http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace0 | |
http://apache.org/xml/properties/dom/current-element-node9 | |
http://apache.org/xml/features/internal/tolerate-duplicatesY | |
http://apache.org/xml/features/scanner/notify-char-refs | |
http://apache.org/xml/properties/security-manager | |
http://apache.org/xml/features/validation/schema-full-checkingP | |
http://apache.org/xml/properties/internal/error-handler | |
http://xml.org/sax/features/ | |
http://apache.org/xml/properties/schema/external-schemaLocation | |
http://apache.org/xml/features/validation/warn-on-undeclared-elemdefs | |
http://apache.org/xml/properties/internal/dtd-scanner | |
http://apache.org/xml/features/validation/schema | |
http://www.oracle.com/feature/use-service-mechanismjectI | |
http://java.sun.com/xml/stream/properties/ | |
http://apache.org/xml/features/namespace-growthK | |
http://java.sun.com/xml/dom/properties/ancestor-check | |
http://apache.org/xml/features/validation/schema/augment-psvic | |
http://apache.org/xml/features/include-comments | |
http://apache.org/xml/properties/internal/xinclude-handler | |
http://apache.org/xml/properties/internal/namespace-context: | |
http://apache.org/xml/features/scanner/notify-builtin-refs7 | |
http://xml.org/sax/features/validation | |
http://apache.org/xml/properties/internal/namespace-contextk5p | |
http://apache.org/xml/features/validation/schema/augment-psviK | |
http://ipinfo.io/ipX | |
http://javax.xml.XMLConstants/property/accessExternalDTD; | |
http://apache.org/xml/properties/internal/namespace-binder | |
http://apache.org/xml/features/validation/balance-syntax-treesK | |
http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation; | |
http://apache.org/xml/features/internal/tolerate-duplicatesO | |
http://apache.org/xml/features/internal/parser-settings | |
http://apache.org/xml/properties/internal/symbol-tableQ | |
http://apache.org/xml/properties/dom/document-class-name$ | |
http://apache.org/xml/features/namespace-growth | |
http://apache.org/xml/properties/internal/dtd-processor | |
http://apache.org/xml/features/dom/create-entity-ref-nodes? | |
http://apache.org/xml/properties/internal/entity-manager | |
http://apache.org/xml/properties/internal/namespace-contextV | |
http://java.oracle.com/sha | |
http://apache.org/xml/properties/schema/external-schemaLocation( | |
http://apache.org/xml/features/standard-uri-conformantK | |
http://apache.org/xml/features/validate-annotations | |
http://apache.org/xml/features/dom/include-ignorable-whitespace | |
http://apache.org/xml/features/internal/parser-settingss8q | |
http://apache.org/xml/properties/internal/validator/schema | |
http://apache.org/xml/properties/internal/datatype-validator-factory | |
http://apache.org/xml/properties/input-buffer-size | |
http://apache.org/xml/properties/internal/validator/dtd | |
http://xml.org/sax/features/tream$PutFie | |
http://java.sun.com/xml/schema/features/ | |
http://apache.org/xml/features/validation/schema/augment-psvi | |
http://apache.org/xml/features/validation/dynamic | |
http://java.sun.com/xml/dom/properties/( | |
http://apache.org/xml/features/dom/create-entity-ref-nodes | |
http://apache.org/xml/features/xinclude/fixup-base-uris | |
http://xml.org/sax/properties/( | |
http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace; | |
http://javax.xml.XMLConstants/property/accessExternalSchema | |
http://apache.org/xml/features/scanner/notify-char-refsC | |
http://java.sun.com/dtd/properties.dtd3 | |
http://ipinfo.io/ | |
http://apache.org/xml/features/; | |
http://apache.org/xml/features/warn-on-duplicate-entitydef | |
http://apache.org/xml/properties/internal/namespace-context | |
http://apache.org/xml/properties/internal/error-reporter | |
http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation | |
http://apache.org/xml/properties/internal/grammar-pool6 | |
http://javax.xml.XMLConstants/property/accessExternalSchemas3p | |
http://javax.xml.XMLConstants/feature/secure-processing | |
http://apache.org/xml/features/xinclude/fixup-base-uris6 | |
http://apache.org/xml/features/3 | |
http://apache.org/xml/features/scanner/notify-char-refs3 | |
http://apache.org/xml/properties/internal/stax-entity-resolver | |
http://javax.xml.XMLConstants/property/accessExternalDTDs | |
http://apache.org/xml/properties/internal/document-scannerk | |
http://java.sun.com/xml/dom/properties/ | |
http://apache.org/xml/features/create-cdata-nodes | |
http://xml.org/sax/features/allow-dtd-events-after-endDTD= | |
http://apache.org/xml/properties/internal/document-scanner7 |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\AppData\Local\Temp\a0v2H8.jar |
Zip archive data, at least v2.0 to extract | # | |
C:\ProgramData\Oracle\Java\.oracle_jre_usage\17dfc292991c7c05.timestamp |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\37821B9D.emf |
Windows Enhanced Metafile (EMF) image data version 0x10000 | # | |
Click to see the 10 hidden entries | |||
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5AF0F4FA.png |
PNG image data, 706 x 366, 8-bit/color RGBA, non-interlaced | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8C420CB3.PNG |
PNG image data, 1037 x 72, 8-bit/color RGBA, non-interlaced | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{D598F5A9-41E1-44C7-8D38-8B82E1D2FAA1}.tmp |
Composite Document File V2 Document, Cannot read section info | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{4FFCC0C1-FAE9-48A2-A197-5DE81C053074}.tmp |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D9320A51-5E17-41AC-AA14-257027C1CCDA}.tmp |
data | # | |
C:\Users\user\AppData\Local\Temp\a0v2H8.jar:Zone.Identifier |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\12-09-2022 S#U0130PAR#U0130#U015e.docx.LNK |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Mar 8 15:45:52 2022, mtime=Tue Mar 8 15:45:52 2022, atime=Mon Sep 12 19:45:10 2022, length=258604, window=hide | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
data | # | |
C:\Users\user\Desktop\~$-09-2022 S#U0130PAR#U0130#U015e.docx.doc |
data | # |