Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
CMTNGTFESJRKMAMSPWITGCAGOVGAFQODETEHLFVAACNQUJQP.jar

Overview

General Information

Sample Name:CMTNGTFESJRKMAMSPWITGCAGOVGAFQODETEHLFVAACNQUJQP.jar
Analysis ID:679298
MD5:8535942f58ba61ce5ce0755d7570f22f
SHA1:fb6c95fa16c2e91f22ac4e8d73233962e645c6bd
SHA256:308dcf6540932d062dd10a24fefd25d6660afe60dea76c9fa5612ae0f4cb4cda
Tags:jar
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Exploit detected, runtime environment starts unknown processes
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)
Creates a process in suspended mode (likely to inject code)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Classification

Process Tree

  • System is w10x64
  • cmd.exe (PID: 5652 cmdline: C:\Windows\system32\cmd.exe /c 7za.exe x -y -oC:\jar "C:\Users\user\Desktop\CMTNGTFESJRKMAMSPWITGCAGOVGAFQODETEHLFVAACNQUJQP.jar" MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
    • 7za.exe (PID: 3400 cmdline: 7za.exe x -y -oC:\jar "C:\Users\user\Desktop\CMTNGTFESJRKMAMSPWITGCAGOVGAFQODETEHLFVAACNQUJQP.jar" MD5: 77E556CDFDC5C592F5C46DB4127C6F4C)
  • cmd.exe (PID: 6136 cmdline: "C:\Windows\System32\cmd.exe" /c java.exe -jar "C:\Users\user\Desktop\CMTNGTFESJRKMAMSPWITGCAGOVGAFQODETEHLFVAACNQUJQP.jar" i >> C:\cmdlinestart.log 2>&1 MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
    • conhost.exe (PID: 3920 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • java.exe (PID: 4996 cmdline: java.exe -jar "C:\Users\user\Desktop\CMTNGTFESJRKMAMSPWITGCAGOVGAFQODETEHLFVAACNQUJQP.jar" i MD5: 28733BA8C383E865338638DF5196E6FE)
      • icacls.exe (PID: 4544 cmdline: C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M MD5: FF0D1D4317A44C951240FAE75075D501)
        • conhost.exe (PID: 5772 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • WMIC.exe (PID: 3272 cmdline: wmic CPU get ProcessorId MD5: 79A01FCD1C8166C5642F37D1E0FB7BA8)
        • conhost.exe (PID: 3280 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • WMIC.exe (PID: 2468 cmdline: wmic bios get serialnumber MD5: 79A01FCD1C8166C5642F37D1E0FB7BA8)
        • conhost.exe (PID: 5312 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • WMIC.exe (PID: 5496 cmdline: wmic csproduct get name MD5: 79A01FCD1C8166C5642F37D1E0FB7BA8)
        • conhost.exe (PID: 1792 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • WMIC.exe (PID: 1380 cmdline: wmic csproduct get UUID MD5: 79A01FCD1C8166C5642F37D1E0FB7BA8)
        • conhost.exe (PID: 3996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • cmd.exe (PID: 5072 cmdline: cmd.exe /c ver MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • conhost.exe (PID: 4252 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: CMTNGTFESJRKMAMSPWITGCAGOVGAFQODETEHLFVAACNQUJQP.jarVirustotal: Detection: 11%Perma Link
Source: CMTNGTFESJRKMAMSPWITGCAGOVGAFQODETEHLFVAACNQUJQP.jarReversingLabs: Detection: 12%
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Software Vulnerabilities

barindex
Exploit detected, runtime environment starts unknown processes
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe
Source: java.exe, java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/
Source: java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/3
Source: java.exe, java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/allow-java-encodings
Source: java.exe, java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/continue-after-fatal-error
Source: java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/continue-after-fatal-error=
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/create-cdata-nodes
Source: java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/create-cdata-nodesw
Source: java.exe, 00000007.00000003.379172780.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407385906.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379104781.00000000157C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/disallow-doctype-decl
Source: java.exe, 00000007.00000003.379172780.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407385906.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379104781.00000000157C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/disallow-doctype-decl:
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/disallow-doctype-declc?m
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/create-entity-ref-nodes
Source: java.exe, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansion
Source: java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansion9
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansionS
Source: java.exe, java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/include-ignorable-whitespace
Source: java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/include-ignorable-whitespace/
Source: java.exe, java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations
Source: java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations9
Source: java.exe, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocations
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocations#
Source: java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocations;
Source: java.exe, java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/include-comments
Source: java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/include-comments0
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/parser-settings
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicates
Source: java.exe, java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only
Source: java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only/
Source: java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/namespace-growth
Source: java.exe, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd
Source: java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd:
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtdStm
Source: java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-builtin-refs
Source: java.exe, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs
Source: java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs3
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refsctm
Source: java.exe, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/standard-uri-conformant
Source: java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/standard-uri-conformant2
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/standard-uri-conformantc
Source: java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validate-annotations
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validate-annotations#rm
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-trees
Source: java.exe, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.370705608.00000000158A1000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-treesag1
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/dynamic
Source: java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.370705608.00000000158A1000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/dynamicg/apach
Source: java.exe, java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema
Source: java.exe, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking3
Source: java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking=
Source: java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/augment-psvi
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/element-default
Source: java.exe, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/element-defaultA
Source: java.exe, java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-value
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdef
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdef
Source: java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/warn-on-duplicate-entitydef
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/warn-on-duplicate-entitydefS
Source: java.exe, java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-uris
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-language
Source: java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude1
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/dom/current-element-node
Source: java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/dom/document-class-name
Source: java.exe, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/dom/document-class-name$
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/dom/document-class-nameC
Source: java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/input-buffer-size
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/input-buffer-size3
Source: java.exe, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factory
Source: java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factory:
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factoryC
Source: java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/document-scanner
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/document-scannerCtm
Source: java.exe, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor
Source: java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor5
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-processorS
Source: java.exe, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner
Source: java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner8
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-scannerS
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-manager
Source: java.exe, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-manager8
Source: java.exe, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-resolverc
Source: java.exe, java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-handler
Source: java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-handler6
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-reporter
Source: java.exe, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-reporter:
Source: java.exe, java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/grammar-pool
Source: java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/grammar-pool6
Source: java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-binder
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-binderSvm
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-context
Source: java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-contextl
Source: java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolver
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolverS
Source: java.exe, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/symbol-table
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/symbol-table3
Source: java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/symbol-tableQ
Source: java.exe, java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation-manager
Source: java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation-managerF
Source: java.exe, java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory
Source: java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory7
Source: java.exe, java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/dtd
Source: java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/dtd:
Source: java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/schema
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/schema3
Source: java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/scheman
Source: java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/xinclude-handler
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/xinclude-handlerC
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/locale
Source: java.exe, java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation
Source: java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation?
Source: java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocation
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocationS
Source: java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/security-manager
Source: java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/security-manager#
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/security-managerSym
Source: java.exe, 00000007.00000002.400624014.0000000005224000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymousTypes
Source: java.exe, 00000007.00000003.379172780.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407385906.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379104781.00000000157C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymousTypesva/lan
Source: java.exe, 00000007.00000002.403347809.000000000A760000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bugreport.sun.com/bugreport/
Source: java.exe, 00000007.00000003.379134501.0000000015E45000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402244664.0000000005595000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.403032147.000000000570B000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402189718.0000000005577000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ipinfo.io/
Source: java.exe, java.exe, 00000007.00000003.379134501.0000000015E45000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402244664.0000000005595000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.403032147.000000000570B000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402189718.0000000005577000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ipinfo.io/ip
Source: java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ipinfo.io/ipss
Source: java.exe, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ipinfo.io/ss
Source: java.exe, 00000007.00000002.403396392.000000000A767000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.oracle.com/
Source: java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.400589760.0000000005210000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402980245.00000000056EB000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402090808.0000000005546000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/dtd/properties.dtd
Source: java.exe, 00000007.00000002.400624014.0000000005224000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/dom/properties/
Source: java.exe, 00000007.00000003.379172780.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.400589760.0000000005210000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407385906.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379104781.00000000157C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/dom/properties/ancestor-check
Source: java.exe, 00000007.00000003.379172780.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407385906.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379104781.00000000157C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/dom/properties/n(
Source: java.exe, java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguage
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaSource
Source: java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaSourcehc
Source: java.exe, 00000007.00000003.379172780.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.400624014.0000000005224000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407385906.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379104781.00000000157C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/
Source: java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace3
Source: java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespacez
Source: java.exe, 00000007.00000002.400624014.0000000005224000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/
Source: java.exe, 00000007.00000003.379172780.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407385906.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379104781.00000000157C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/dom/DOA
Source: java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtd
Source: java.exe, 00000007.00000002.400624014.0000000005224000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/reader-in-defined-state
Source: java.exe, 00000007.00000003.379172780.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407385906.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379104781.00000000157C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/reader-in-defined-stateType;Z)
Source: java.exe, 00000007.00000003.379172780.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407385906.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379104781.00000000157C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/report-cdata-event
Source: java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/feature/secure-processing
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/feature/secure-processing3
Source: java.exe, 00000007.00000002.400624014.0000000005224000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTD
Source: java.exe, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTD;
Source: java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchema
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchema#
Source: java.exe, 00000007.00000003.379172780.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407385906.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379104781.00000000157C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/m3
Source: java.exe, 00000007.00000002.403032147.000000000570B000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402334430.00000000055B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: java.exe, 00000007.00000003.379172780.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.400624014.0000000005224000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407385906.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379104781.00000000157C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/feature/use-service-mechanism
Source: java.exe, 00000007.00000002.400624014.0000000005224000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/elementAttributeLimit
Source: java.exe, 00000007.00000003.379172780.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407385906.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379104781.00000000157C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/elementAttributeLimitI
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit
Source: java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityReplacementLimit
Source: java.exe, 00000007.00000003.379172780.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407385906.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379104781.00000000157C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityReplacementLimit9
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityReplacementLimitC
Source: java.exe, 00000007.00000003.379172780.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407385906.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379104781.00000000157C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/g/w3c/
Source: java.exe, 00000007.00000003.379172780.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.400624014.0000000005224000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407385906.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379104781.00000000157C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/getEntityCountInfo
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxElementDepth
Source: java.exe, 00000007.00000003.379172780.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407385906.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379104781.00000000157C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxElementDepthCheckinC
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxGeneralEntitySizeLimit
Source: java.exe, 00000007.00000003.379172780.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407385906.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379104781.00000000157C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxGeneralEntitySizeLimitlStan7
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxOccurLimit
Source: java.exe, 00000007.00000003.379172780.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407385906.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379104781.00000000157C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxOccurLimittE
Source: java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimit
Source: java.exe, 00000007.00000003.379172780.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407385906.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379104781.00000000157C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimitGen9
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimitS
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxXMLNameLimit
Source: java.exe, 00000007.00000003.379172780.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407385906.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379104781.00000000157C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxXMLNameLimitDecl
Source: java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/totalEntitySizeLimit
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/totalEntitySizeLimitc
Source: java.exe, 00000007.00000003.379172780.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407385906.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379104781.00000000157C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/totalEntitySizeLimits
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/xmlSecurityPropertyManager
Source: java.exe, 00000007.00000002.400624014.0000000005224000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/
Source: java.exe, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTD
Source: java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTD=
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTDsym
Source: java.exe, 00000007.00000003.379172780.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407385906.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379104781.00000000157C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/even
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-general-entities
Source: java.exe, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-parameter-entities
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-parameter-entitiesCum
Source: java.exe, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespace-prefixes
Source: java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespace-prefixes(
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespace-prefixes3
Source: java.exe, java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespaces
Source: java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespaces&
Source: java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/use-entity-resolver2
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/use-entity-resolver2Cwm
Source: java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/validation
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/validationC
Source: java.exe, java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/
Source: java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/(
Source: java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/xml-string
Source: CMTNGTFESJRKMAMSPWITGCAGOVGAFQODETEHLFVAACNQUJQP.jarVirustotal: Detection: 11%
Source: CMTNGTFESJRKMAMSPWITGCAGOVGAFQODETEHLFVAACNQUJQP.jarReversingLabs: Detection: 12%
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeFile created: C:\Users\user\AppData\Local\Temp\hsperfdata_userJump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeSection loaded: C:\Program Files (x86)\Java\jre1.8.0_211\bin\client\jvm.dll
Source: C:\Windows\System32\7za.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: java.exeString found in binary or memory: sun/misc/Launcher$BootClassPathHolder$1
Source: java.exeString found in binary or memory: yhttp://apache.org/xml/features/nonvalidating/load-external-dtd
Source: java.exeString found in binary or memory: -addReference
Source: java.exeString found in binary or memory: }nonvalidating/load-external-dtd
Source: classification engineClassification label: mal56.expl.evad.winJAR@25/12@0/0
Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c 7za.exe x -y -oC:\jar "C:\Users\user\Desktop\CMTNGTFESJRKMAMSPWITGCAGOVGAFQODETEHLFVAACNQUJQP.jar"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\7za.exe 7za.exe x -y -oC:\jar "C:\Users\user\Desktop\CMTNGTFESJRKMAMSPWITGCAGOVGAFQODETEHLFVAACNQUJQP.jar"
Source: unknownProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c java.exe -jar "C:\Users\user\Desktop\CMTNGTFESJRKMAMSPWITGCAGOVGAFQODETEHLFVAACNQUJQP.jar" i >> C:\cmdlinestart.log 2>&1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe java.exe -jar "C:\Users\user\Desktop\CMTNGTFESJRKMAMSPWITGCAGOVGAFQODETEHLFVAACNQUJQP.jar" i
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeProcess created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
Source: C:\Windows\SysWOW64\icacls.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic CPU get ProcessorId
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic bios get serialnumber
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic csproduct get name
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic csproduct get UUID
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ver
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\7za.exe 7za.exe x -y -oC:\jar "C:\Users\user\Desktop\CMTNGTFESJRKMAMSPWITGCAGOVGAFQODETEHLFVAACNQUJQP.jar"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe java.exe -jar "C:\Users\user\Desktop\CMTNGTFESJRKMAMSPWITGCAGOVGAFQODETEHLFVAACNQUJQP.jar" i
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeProcess created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic CPU get ProcessorId
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic bios get serialnumber
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic csproduct get name
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic csproduct get UUID
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ver
Source: C:\Windows\SysWOW64\wbem\WMIC.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1792:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4252:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5772:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3996:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3280:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3920:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5312:120:WilError_01
Source: C:\Windows\SysWOW64\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessorId FROM WIN32_PROCESSOR
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeCode function: 7_3_157E605F push eax; retf
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeCode function: 7_3_157EC1DF pushad ; ret
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeCode function: 7_3_157E6154 push eax; retf
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeCode function: 7_3_157E624F push eax; retf
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeCode function: 7_3_157E6330 push eax; retf
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeCode function: 7_3_157E622C push eax; retf
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeCode function: 7_3_157E601C push eax; retf
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeCode function: 7_3_157E605F push eax; retf
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeCode function: 7_3_157EC1DF pushad ; ret
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeCode function: 7_3_157E6154 push eax; retf
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeCode function: 7_3_157E624F push eax; retf
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeCode function: 7_3_157E6330 push eax; retf
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeCode function: 7_3_157E622C push eax; retf
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeCode function: 7_3_157E601C push eax; retf
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeProcess created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Windows\SysWOW64\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_BIOS
Source: C:\Windows\SysWOW64\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessorId FROM WIN32_PROCESSOR
Source: C:\Windows\SysWOW64\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Name FROM Win32_ComputerSystemProduct
Source: C:\Windows\SysWOW64\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UUID FROM Win32_ComputerSystemProduct
Source: java.exe, 00000007.00000003.365423035.000000001566B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: java.exe, 00000007.00000003.365423035.000000001566B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: &com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: java.exe, 00000007.00000002.400088793.0000000003030000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ,java/lang/VirtualMachineError
Source: java.exe, 00000007.00000002.400088793.0000000003030000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: |[Ljava/lang/VirtualMachineError;
Source: java.exe, 00000007.00000003.365423035.000000001566B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: org/omg/CORBA/OMGVMCID.classPK
Source: java.exe, 00000007.00000003.365423035.000000001566B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: java/lang/VirtualMachineError.classPK
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeMemory protected: page read and write | page guard
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\7za.exe 7za.exe x -y -oC:\jar "C:\Users\user\Desktop\CMTNGTFESJRKMAMSPWITGCAGOVGAFQODETEHLFVAACNQUJQP.jar"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe java.exe -jar "C:\Users\user\Desktop\CMTNGTFESJRKMAMSPWITGCAGOVGAFQODETEHLFVAACNQUJQP.jar" i
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeProcess created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic CPU get ProcessorId
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic bios get serialnumber
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic csproduct get name
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic csproduct get UUID
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ver

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts121
Windows Management Instrumentation		1
Services File Permissions Weakness		1
Services File Permissions Weakness		1
Services File Permissions Weakness		OS Credential Dumping21
Security Software Discovery		Remote ServicesData from Local SystemExfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default Accounts2
Command and Scripting Interpreter		Boot or Logon Initialization Scripts11
Process Injection		2
Virtualization/Sandbox Evasion		LSASS Memory2
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain Accounts1
Exploitation for Client Execution		Logon Script (Windows)Logon Script (Windows)1
Disable or Modify Tools		Security Account Manager112
System Information Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)11
Process Injection		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
Obfuscated Files or Information		LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 679298 Sample: CMTNGTFESJRKMAMSPWITGCAGOVG... Startdate: 05/08/2022 Architecture: WINDOWS Score: 56 39 Multi AV Scanner detection for submitted file 2->39 41 Exploit detected, runtime environment starts unknown processes 2->41 8 cmd.exe 2 2->8         started        10 cmd.exe 1 2->10         started        process3 process4 12 java.exe 5 8->12         started        14 conhost.exe 8->14         started        16 7za.exe 16 10->16         started        process5 18 WMIC.exe 1 12->18         started        21 WMIC.exe 1 12->21         started        23 WMIC.exe 1 12->23         started        25 3 other processes 12->25 signatures6 43 Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) 18->43 27 conhost.exe 18->27         started        29 conhost.exe 21->29         started        31 conhost.exe 23->31         started        33 conhost.exe 25->33         started        35 conhost.exe 25->35         started        37 conhost.exe 25->37         started        process7

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
CMTNGTFESJRKMAMSPWITGCAGOVGAFQODETEHLFVAACNQUJQP.jar11%VirustotalBrowse
CMTNGTFESJRKMAMSPWITGCAGOVGAFQODETEHLFVAACNQUJQP.jar12%ReversingLabsByteCode-JAVA.Downloader.BanLoad

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://java.sun.com/xml/schema/features/0%URL Reputationsafe
http://java.sun.com/xml/stream/properties/dom/DOA0%Avira URL Cloudsafe
http://java.sun.com/xml/dom/properties/0%URL Reputationsafe
http://javax.xml.XMLConstants/feature/secure-processing0%URL Reputationsafe
http://javax.xml.XMLConstants/property/accessExternalSchema0%URL Reputationsafe
http://java.sun.com/xml/stream/properties/report-cdata-event0%URL Reputationsafe
http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace30%Avira URL Cloudsafe
http://java.sun.com/xml/stream/properties/ignore-external-dtd0%URL Reputationsafe
http://bugreport.sun.com/bugreport/0%URL Reputationsafe
http://java.sun.com/dtd/properties.dtd0%URL Reputationsafe
http://javax.xml.XMLConstants/property/accessExternalSchema#0%Avira URL Cloudsafe
http://javax.xml.XMLConstants/property/accessExternalDTD;0%URL Reputationsafe
http://java.sun.com/xml/dom/properties/ancestor-check0%URL Reputationsafe
http://java.sun.com/xml/stream/properties/0%URL Reputationsafe
http://java.sun.com/xml/stream/properties/reader-in-defined-stateType;Z)0%Avira URL Cloudsafe
http://javax.xml.XMLConstants/property/0%URL Reputationsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://apache.org/xml/properties/internal/namespace-contextljava.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
    		high
    http://apache.org/xml/features/dom/create-entity-ref-nodesjava.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
      		high
      http://apache.org/xml/features/validation/dynamicjava.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmpfalse
        		high
        http://apache.org/xml/features/validation/schema/augment-psvijava.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
          		high
          http://java.sun.com/xml/schema/features/java.exe, 00000007.00000003.379172780.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.400624014.0000000005224000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407385906.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379104781.00000000157C6000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://apache.org/xml/properties/internal/validator/dtdjava.exe, java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
            		high
            http://apache.org/xml/properties/input-buffer-sizejava.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              http://apache.org/xml/properties/internal/datatype-validator-factoryjava.exe, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                http://apache.org/xml/properties/internal/validator/schemajava.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  http://xml.org/sax/features/external-parameter-entitiesCumjava.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    http://apache.org/xml/features/validate-annotationsjava.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://apache.org/xml/properties/internal/document-scannerCtmjava.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://apache.org/xml/features/disallow-doctype-declc?mjava.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://apache.org/xml/features/nonvalidating/load-external-dtdStmjava.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://apache.org/xml/properties/security-managerSymjava.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://apache.org/xml/features/standard-uri-conformant2java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://xml.org/sax/features/namespace-prefixesjava.exe, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://apache.org/xml/properties/internal/entity-managerjava.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://apache.org/xml/properties/internal/dtd-processorjava.exe, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://apache.org/xml/features/namespace-growthjava.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://apache.org/xml/properties/dom/document-class-name$java.exe, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://apache.org/xml/properties/internal/symbol-tableQjava.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://xml.org/sax/features/allow-dtd-events-after-endDTDsymjava.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://apache.org/xml/features/internal/parser-settingsjava.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://apache.org/xml/features/dom/include-ignorable-whitespacejava.exe, java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://java.sun.com/xml/stream/properties/dom/DOAjava.exe, 00000007.00000003.379172780.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407385906.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379104781.00000000157C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://xml.org/sax/features/allow-dtd-events-after-endDTD=java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://apache.org/xml/features/create-cdata-nodesjava.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://java.sun.com/xml/dom/properties/java.exe, 00000007.00000002.400624014.0000000005224000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://apache.org/xml/properties/internal/stax-entity-resolverjava.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://xml.org/sax/features/namespace-prefixes3java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://apache.org/xml/features/scanner/notify-char-refs3java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://apache.org/xml/features/3java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://javax.xml.XMLConstants/feature/secure-processingjava.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://apache.org/xml/features/xinclude/fixup-base-urisjava.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://apache.org/xml/properties/internal/grammar-pool6java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocationjava.exe, java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://apache.org/xml/properties/internal/error-reporterjava.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://apache.org/xml/properties/internal/namespace-contextjava.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://apache.org/xml/features/warn-on-duplicate-entitydefjava.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://ipinfo.io/ssjava.exe, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://ipinfo.io/java.exe, 00000007.00000003.379134501.0000000015E45000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402244664.0000000005595000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.403032147.000000000570B000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402189718.0000000005577000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://javax.xml.XMLConstants/property/accessExternalSchemajava.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              http://xml.org/sax/properties/(java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://apache.org/xml/features/include-commentsjava.exe, java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://apache.org/xml/features/scanner/notify-char-refsjava.exe, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://apache.org/xml/properties/internal/symbol-table3java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://apache.org/xml/properties/schema/external-schemaLocationSjava.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://apache.org/xml/properties/dom/document-class-nameCjava.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://apache.org/xml/xmlschema/1.0/anonymousTypesva/lanjava.exe, 00000007.00000003.379172780.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407385906.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379104781.00000000157C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://java.sun.com/xml/stream/properties/report-cdata-eventjava.exe, 00000007.00000003.379172780.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407385906.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379104781.00000000157C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace3java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://apache.org/xml/features/nonvalidating/load-external-dtd:java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://java.sun.com/xml/stream/properties/ignore-external-dtdjava.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              http://apache.org/xml/features/scanner/notify-char-refsctmjava.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://apache.org/xml/features/continue-after-fatal-errorjava.exe, java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://apache.org/xml/features/create-cdata-nodeswjava.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://apache.org/xml/features/standard-uri-conformantjava.exe, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://apache.org/xml/properties/internal/document-scannerjava.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://apache.org/xml/properties/internal/validation/schema/dv-factory7java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://xml.org/sax/features/use-entity-resolver2java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://bugreport.sun.com/bugreport/java.exe, 00000007.00000002.403347809.000000000A760000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            http://apache.org/xml/properties/internal/entity-resolverjava.exe, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://java.oracle.com/java.exe, 00000007.00000002.403396392.000000000A767000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://apache.org/xml/properties/internal/namespace-binderSvmjava.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://apache.org/xml/features/java.exe, java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://apache.org/xml/features/generate-synthetic-annotationsjava.exe, java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://xml.org/sax/features/evenjava.exe, 00000007.00000003.379172780.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407385906.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379104781.00000000157C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://java.sun.com/dtd/properties.dtdjava.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.400589760.0000000005210000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402980245.00000000056EB000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402090808.0000000005546000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        http://xml.org/sax/features/allow-dtd-events-after-endDTDjava.exe, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://apache.org/xml/features/validation/balance-syntax-treesjava.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://javax.xml.XMLConstants/property/accessExternalSchema#java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation?java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://apache.org/xml/features/include-comments0java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-onlyjava.exe, java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://apache.org/xml/features/standard-uri-conformantcjava.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://apache.org/xml/properties/internal/namespace-binderjava.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://javax.xml.XMLConstants/property/accessExternalDTD;java.exe, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		unknown
                                                                                                                                      http://xml.org/sax/features/validationjava.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://xml.org/sax/features/validationCjava.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://apache.org/xml/properties/internal/stax-entity-resolverSjava.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://apache.org/xml/properties/internal/xinclude-handlerjava.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://apache.org/xml/properties/security-managerjava.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://java.sun.com/xml/dom/properties/ancestor-checkjava.exe, 00000007.00000003.379172780.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.400589760.0000000005210000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407385906.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379104781.00000000157C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                		unknown
                                                                                                                                                http://ipinfo.io/ipssjava.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://java.sun.com/xml/stream/properties/java.exe, 00000007.00000002.400624014.0000000005224000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  		unknown
                                                                                                                                                  http://apache.org/xml/features/validation/schemajava.exe, java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://apache.org/xml/properties/internal/dtd-scannerjava.exe, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://apache.org/xml/properties/internal/xinclude-handlerCjava.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://apache.org/xml/properties/schema/external-schemaLocationjava.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://xml.org/sax/features/java.exe, 00000007.00000002.400624014.0000000005224000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://apache.org/xml/properties/internal/error-handlerjava.exe, java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://apache.org/xml/properties/security-manager#java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://xml.org/sax/features/namespaces&java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://apache.org/xml/features/xincludejava.exe, java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407666815.0000000015887000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379034574.000000001582E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://java.sun.com/xml/stream/properties/reader-in-defined-stateType;Z)java.exe, 00000007.00000003.379172780.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.407385906.00000000157CD000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.379104781.00000000157C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                    		unknown
                                                                                                                                                                    http://apache.org/xml/properties/internal/validator/schema3java.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://apache.org/xml/features/validation/schema/element-defaultjava.exe, 00000007.00000002.402573664.0000000005635000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://apache.org/xml/features/validation/schema-full-checkingjava.exe, java.exe, 00000007.00000002.407452137.0000000015805000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378537747.00000000157E6000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000002.402937925.00000000056D0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378883229.000000001580E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000007.00000003.378738079.00000000157FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://javax.xml.XMLConstants/property/java.exe, 00000007.00000002.400624014.0000000005224000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                                          		unknown

                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                          No contacted IP infos

                                                                                                                                                                          General Information

                                                                                                                                                                          Joe Sandbox Version:35.0.0 Citrine
                                                                                                                                                                          Analysis ID:679298
                                                                                                                                                                          Start date and time: 05/08/202215:04:482022-08-05 15:04:48 +02:00
                                                                                                                                                                          Joe Sandbox Product:CloudBasic
                                                                                                                                                                          Overall analysis duration:0h 7m 12s
                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                          Report type:light
                                                                                                                                                                          Sample file name:CMTNGTFESJRKMAMSPWITGCAGOVGAFQODETEHLFVAACNQUJQP.jar
                                                                                                                                                                          Cookbook file name:defaultwindowsfilecookbook.jbs
                                                                                                                                                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                                          Run name:Without Tracing
                                                                                                                                                                          Number of analysed new started processes analysed:35
                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                          Technologies:
                                                                                                                                                                          • HCA enabled
                                                                                                                                                                          • EGA enabled
                                                                                                                                                                          • HDC enabled
                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                          Detection:MAL
                                                                                                                                                                          Classification:mal56.expl.evad.winJAR@25/12@0/0
                                                                                                                                                                          EGA Information:Failed
                                                                                                                                                                          HDC Information:Failed
                                                                                                                                                                          HCA Information:
                                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                                          • Number of executed functions: 0
                                                                                                                                                                          • Number of non-executed functions: 0
                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                          • Found application associated with file extension: .jar
                                                                                                                                                                          • Adjust boot time
                                                                                                                                                                          • Enable AMSI

                                                                                                                                                                          Warnings

                                                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 23.211.6.115
                                                                                                                                                                          • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, arc.msn.com, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, login.live.com, store-images.s-microsoft.com, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net
                                                                                                                                                                          • Execution Graph export aborted for target java.exe, PID 4996 because there are no executed function
                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                          • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                                                                          Simulations

                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                          TimeTypeDescription
                                                                                                                                                                          15:06:02API Interceptor4x Sleep call for process: WMIC.exe modified

                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                          IPs

                                                                                                                                                                          No context

                                                                                                                                                                          Domains

                                                                                                                                                                          No context

                                                                                                                                                                          ASNs

                                                                                                                                                                          No context

                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                          No context

                                                                                                                                                                          Dropped Files

                                                                                                                                                                          No context

                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                          C:\ProgramData\Oracle\Java\.oracle_jre_usage\cce3fe3b0d8d83e2.timestamp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):57
                                                                                                                                                                          Entropy (8bit):4.874483163584202
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:oFj4I5vpN6yUc7dcf:oJ5X6yNcf
                                                                                                                                                                          MD5:7FAAE6F0FAA539C55E861B27CD522679
                                                                                                                                                                          SHA1:C0ACC7C2BFC89FDE734F403494579B698AEC4648
                                                                                                                                                                          SHA-256:4AB5AB8E943764CA4FF029388E96D50EBFBD3EBA95625DD338F667DEC06079B1
                                                                                                                                                                          SHA-512:C3801275E926EF29A8E591233A5905F1175864B8C2988258ABF290CDEBE3B0D87BB721588736F85CC48722C0452EB786A1820747F4C455BD509CE48414A8AAD3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:C:\Program Files (x86)\Java\jre1.8.0_211..1659737158989..

                                                                                                                                                                          C:\cmdlinestart.log

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\cmd.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:modified
                                                                                                                                                                          Size (bytes):370
                                                                                                                                                                          Entropy (8bit):4.627200901267542
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:usqcdU35osKJuq9HMgaoS+wYFoAxOq+JkhSc9o0+JkhSc9o0+JkhSc9o0+JkhSc/:FqCs2WUS+OeEcK0EcK0EcK0Ecn/
                                                                                                                                                                          MD5:E0E84C0C67CB0EAAF7B5F9294BBD91FC
                                                                                                                                                                          SHA1:1878D68279D055CDCCFADB05B300F193C10C8E4D
                                                                                                                                                                          SHA-256:BC4396DEEF30766744CBB0736479162BCAB4373BD373CC2D5A197024B07EA213
                                                                                                                                                                          SHA-512:A9FF30729DC4BC3FAFF985E37E7EEE9E6E9D2A961E5B480D8F75B4CBDFBEB70415F75733273F46DF4DDA1500E6A6BE647B2B6FCEA0733A1479D5B046CFFB7639
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:gdcqsztapnkzjdjszyfedn..ndqhrhihkyda..ggtaqtvnojcl..rtvmnoqynpozofzv..lqtdxatpkhyiiybxadnbiydp..lezysliawayatspfmbykqx..dbsukdzwatnaakzonbogwdqz..uaoglripgbfbxjrz..vthvetwlbzyguyxcjv..tascwymocbvyvyyegt..vthvetwlbzyguyxcjv..tascwymocbvyvyyegt..vthvetwlbzyguyxcjv..tascwymocbvyvyyegt..vthvetwlbzyguyxcjv..tascwymocbvyvyyegt..aembvltotxqndb....uezhuecqzzfg..uezhuecqzzfg..

                                                                                                                                                                          C:\jar\196442737

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\7za.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):134
                                                                                                                                                                          Entropy (8bit):5.1361360683634425
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:Lw6v/Vc8RvLPpHyUTZrPhITEYcqXLTSBTIaRLhQhqHUMcn:Lwo/Vc8R1HxTZrTUToRLhQhxV
                                                                                                                                                                          MD5:D26D05DCCB1560B69688578CF893C0D6
                                                                                                                                                                          SHA1:9FA3986F43FD10CFB7B5D2BF4B0560153F078319
                                                                                                                                                                          SHA-256:7BEA613EF3C23B57F8AD6A6A0F7D096A0BA998E9116C28A64420D56CEBB45EB2
                                                                                                                                                                          SHA-512:9F7558A55138A5DFFA2DFC811B744BA2DFC9CCEC9EAA141140EA912A0BB3109EDB952884AAB463C0AD2DB5C28423E2615983E382A2192F7EF8645873803FDA90
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:sbK8ufOOqbyvqdfl7err5OzXsuiYirmxnJnsmO7oheWoj66q74vppKeqr+m6jYyYj5+JkLvuvIu0..tOi26b6wuKmxuby1mYjv6Jufr766lOvkmbm17q60ku2H7qiNu7aXiYXX

                                                                                                                                                                          C:\jar\807691

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\7za.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):94439
                                                                                                                                                                          Entropy (8bit):7.997910777292354
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:1536:0tX5KwrxfyEPt8+8/toVZhULz51VAQEmBuyvCh2xHjRbaMnZI4RMpTp:yJpVyw1KtoVZWzDeQT5vChubn24RmTp
                                                                                                                                                                          MD5:5ADCEDF99D0944FCC1223E0B9C8318E1
                                                                                                                                                                          SHA1:9DBA17A031E1C368AEE297FF06040F86397C7488
                                                                                                                                                                          SHA-256:162EFC6E3884D39A0EF9374A1918D9E97861966A66B3F90E0297BDBEEC6888B2
                                                                                                                                                                          SHA-512:82F013AFFB886C920305CB3851F4F6757D5CBE88A2A6FEA7B21FD73F51C2E0FFF47CC79998AB45A5DE7DE826FB17C2A32345D782735E134562EC1E22DA38AAFB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:?~FSplAL9EsmdjuRsw0V4yzwr4nPUE....Kz/.F..k4`m5?o`uhD]:5..N1x..E.dh3.iO0N3uP+...u&{.x)-..w.`avu3..H9..m..2..K$...+.0.......,w.=%F..+!c..<.....wm.c....P{&..H../e.^....dq....P....U3..u ..S>..._."..]....y#.+A.^..&....Y.....s)]..ddG.k......F1E.yV.....#<1R yz.z4'.m.RBTMd3aVii5k1cme....GGUb~EFfcgA>9.<Ta./.8\3uPbkJT_o5E;..%kx.....sR#<1R yz.z4'.m.r..$.?aV.q5k$cme....G.!SG2l...:E..o4`.p....+~1..[...Z%...tTrD.:K..esUhI`d~.... ..s.._.2.......y;.R.#.h.7.............'.tbc..&.....:;.6.z..{s .O6.XYgd.p.......u0.....u.......+".....ct....N..d.....;.RB...3Xm.L.M..p.).E^..#.$.M...77..0]9.8......&....v...rC.{.7..]......k-lB..._5..e.......M+...!$.6.et...}......xoP.L..j<..@P....q..0..Y....u..>.hp.E..id*.i...tM;....M..8G.C.Sq..h.@5K...oM..Eo.vM1w........@.79`l.\..q.{../..@R..7!u...e.~/./.n...>..Q.. ..j.3...=...:..0y..L....e...8.H...m.MK...)..%.C....-..,....VX.b.=*../,..>.......O..../....Oj.O...\...%..d.....c....a.#.e......X...\l.......FW...U.5_<m.$0...w..Y6.A..[...

                                                                                                                                                                          C:\jar\META-INF\MANIFEST.MF

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\7za.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):132
                                                                                                                                                                          Entropy (8bit):4.8627675378464055
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:ZLCAWIzBEYtKEi8eUS1+XA48UpLVcc34gmMgX84oxXbB:1KItJtf9jQ4FpLS04wuoxXbB
                                                                                                                                                                          MD5:7E0C4A698600C0FBB1E4A685266F4BCB
                                                                                                                                                                          SHA1:C199C532C9A8FA76AA1619180A6B286E68F6D011
                                                                                                                                                                          SHA-256:4CB8D0B929BCF03368BADA06C623C8C7B5CEBBB890491FCB74B3EA4AF5B508C5
                                                                                                                                                                          SHA-512:89100059D0B343EC34A919DBA9341DBD4E4C1F7B31343AEAC59F132491C2654922026446868D5D1D7992186CD8C3D69CD02975D6C25BD9BD481EF20AF79B9AB1
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:Manifest-Version: 1.0..Ant-Version: Apache Ant 1.10.8..Class-Path: ..Created-By: 1.8.0_281-b09 (Oracle Corporation)..Main-Class: i..

                                                                                                                                                                          C:\jar\dmi\zfn\n.class

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\7za.exe
                                                                                                                                                                          File Type:compiled Java class data, version 49.0 (Java 1.5)
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6741
                                                                                                                                                                          Entropy (8bit):6.572048489662696
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:ykj7kIo1Ay4PgfCTPO1UK1WfVhSZR128Fz017N3gLWBkZt5vB21/H+jjSCl:yksPxCiaHV4n1fG7uLgkb5JSv+3
                                                                                                                                                                          MD5:58E62DD41815C55E4217D75195D47C13
                                                                                                                                                                          SHA1:16687F59C842C86768D86AF081B362647C673FE9
                                                                                                                                                                          SHA-256:8B3C0CF7193075D7DF2BD11EA42570DCD5C8F6F00177FBC04EB9FB896642686B
                                                                                                                                                                          SHA-512:AA6835DF6709521BB706386430D7EA481DA14477F1B3652FF77777A87DBD31BD06AB2C2AD03C799419545C1D5F0E826467AD940AC594265541473DFF26149C5A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.......1.....dmi/zfn/n......java/lang/Thread......T...[Ljava/lang/Object;...F...I...b...[Ljava/math/BigInteger;...<init>...(I)V...()V.......................<clinit>...java/math/BigInteger................run...j...(ILjava/lang/Object;)V.............java/lang/Exception......java/lang/Object............ ...[B.."...[I..$..z..................................................................................................................................&...java/lang/String..(...toCharArray...()[C..*.+..).,........................................................................................

                                                                                                                                                                          C:\jar\dmi\zfn\yz.class

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\7za.exe
                                                                                                                                                                          File Type:compiled Java class data, version 49.0 (Java 1.5)
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6740
                                                                                                                                                                          Entropy (8bit):6.572760566280276
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:myMooIO19XQpP2yHV4nUAJl/G7uLgkb5JSv+3:mGOo52uV4nUAJl9g+ev+3
                                                                                                                                                                          MD5:F8D0642953F057FC50A4B4FAA3993940
                                                                                                                                                                          SHA1:199EAEDD2642B2AC876042815AFF4E592CE0056E
                                                                                                                                                                          SHA-256:A42B7D28D648DCABC0971AE51E016580AE52C2E1260F4B86225BD60DD2F4125E
                                                                                                                                                                          SHA-512:4271A653F6E4DD951D399E2C82A8AC862A783A9CA64536F43117846CED9E5C65AD69CDD5C5F40DC78FD9AF6E1FBAD5DA296493F6D787B22539D961121F1D3DB0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.......1.....dmi/zfn/yz......java/lang/Thread......b...[Ljava/lang/Object;...f...I...k...[Ljava/math/BigInteger;...<init>...(I)V...()V.......................<clinit>...java/math/BigInteger................run...r...(ILjava/lang/Object;)V.............java/lang/Exception......java/lang/Object............ ...[B.."...[I..$..~..................................................................................................................................&...java/lang/String..(...toCharArray...()[C..*.+..).,.......|..............................................................................

                                                                                                                                                                          C:\jar\h.class

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\7za.exe
                                                                                                                                                                          File Type:compiled Java class data, version 51.0 (Java 1.7)
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):96073
                                                                                                                                                                          Entropy (8bit):6.367069960012185
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:5J0pQIWCVCxkRO7TG0qjwiYonnOKcaekrUKW75w0:P0VWCCXeGGNWf
                                                                                                                                                                          MD5:B33963A682E20D5C8838F65B096AB353
                                                                                                                                                                          SHA1:69E0421F31AE0EF82A7FBA6F180736334416443D
                                                                                                                                                                          SHA-256:414C4BA07402F52EA87002D873A4A51C73CED807B17FA798CF86DEF494919C5D
                                                                                                                                                                          SHA-512:13F95860F5951B43E955662FE42138845074C1CA976A14EE1087117344F6B45AFA54D5B944DDACE642F15DCA60C9E4AC68C048686D816A261714720CB3770B27
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.......3."...h......java/lang/ClassLoader......9Mezld4jLnNt...Ljava/lang/String;...8BZRygj0Zoaw...khZvQrm1rtyQ...AdelG3kb8OZ7...jKF4bMXAuTbH...UKBqTAOPXZ50...9fqw3uobLEX7...RWKdjHoOXXu0...xREaoAWwRaib...yH5l6gEiiD3w...SlBBPdYAAyb3...[B...aCWWGQ3Ekg3I...vQ6fU2SX4Lz9...qWQjRzelu2yL...Y6iu9DfNownL...IjX6g6DMhkfw...UETgR8ogoTPm...eWwDKaLFFzsJ...inNUUxhnWsX0...9PHD620JLUe5...101WFsSpdnXQ...xrRZCmp2SLdI...ZFZ92iYj2uWR...HgeQ2Pwb40oq...guxpt4b08nIq...u67BWUPGteUh...WrzHgTx67xCk...VlxXhoBXMCxs...3EyC4NxTX2q6...YBQMyUu1qLCB...4aymjjpjTCGK...PwvIIj3cfJuB...JAopKUonO18A...W3GWWY09fKI3...ywg8vNeR8Zzn...bgMuMqSFc1uy...xaUQVogdvaL6...YeZHEvozSrAc...TTlCdERaTiK8...czvtwIK8YONe...ewQKcMkF14Cp...WzSElg2hA7YL...AkwF463hyS9M...I5U9gMHAW2ZE...v1NRqqU95Oy9...w1xBy2OLTw6H...wxezy4zi2SIu...1UIfhzgdUaKj...9FFpWCtAyVPH...F25wqcf2QV3N...Q2Yguy0SVMkg...k8NOeDOOvabQ...pGJ112iWSrbJ...tAVM6P6e1q1b...sWX3W2jknq7J...s2KKEGcHVmpd...Ljava/util/HashMap;...oVdzmV7AgNqh...dLcma1hZ5jSb...iEL4PbBvYu3Z...H6B9Tb05ugj4...2M1IT

                                                                                                                                                                          C:\jar\i.class

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\7za.exe
                                                                                                                                                                          File Type:compiled Java class data, version 51.0 (Java 1.7)
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):92451
                                                                                                                                                                          Entropy (8bit):5.63652685164869
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:J9YAsMe+nZ53JaLiop//zqy20IMUOJAkHOznzjo:7XdeqNILvR/zqyPUOJAkyA
                                                                                                                                                                          MD5:F9492E32D72F79E213C65680AB81E17E
                                                                                                                                                                          SHA1:1E2713FAD36DADA526BA6EF9C23ECBF7DC3DF757
                                                                                                                                                                          SHA-256:16DB6475B660CDD2BE3BF5013B882D791E415B1E50F9FE1E8076A95B06803EB1
                                                                                                                                                                          SHA-512:645CDE1BE4E07E4075E91174D43B823719DCE0980795B39CB8F8C5624504009244482C240D46B80CEC73B6DE49F19D0D675096C57D134948FDD1DE31E80C7B4D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.......3.....i......java/lang/Object......O14KCE1B0Hl1...()V...oGN03Xk8vJ6s...java/lang/Throwable......344kesGdFxP8.................v......Q..&(Ljava/lang/Object;)Ljava/lang/String;.............zA..J(Ljava/lang/Object;Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;.................1dem919.................................................................!...-1j8jn1e..'(Ljava/lang/Object;Ljava/lang/Object;)Z..#.$....%..-#....uy..(...L...(I)Ljava/lang/Object;..*.+..).,...java/io/PrintStream.....0..................0...14448sg..'(Ljava/lang/Object;Ljava/lang/Object;)V..2.3....4...java/lang/String..6..0..................8...efg8se..:.$....;..0..................=...1f6kFsdlY16C...0ZnKyF0WbkKn...zCSDkFLSR4Xy...main...([Ljava/lang/String;)V.@(.......@S.......@V@........[Ljava/lang/String;..J.. ........

                                                                                                                                                                          C:\jar\jn.class

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\7za.exe
                                                                                                                                                                          File Type:compiled Java class data, version 49.0 (Java 1.5)
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6729
                                                                                                                                                                          Entropy (8bit):6.569279980038616
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:wnjzZCmDO3nrTG16K1WfVhSZRosf8Fz017N3gLWBkZt5vB21/H+jjSCl:wn3ZChnrC0HV4nosmG7uLgkb5JSv+3
                                                                                                                                                                          MD5:A9EAD374D8C54A8DA5C85E39977613C3
                                                                                                                                                                          SHA1:DFD332F451F6A92537A0E1788AE067457DDE6EE5
                                                                                                                                                                          SHA-256:40C9100F313EAB069272032B2EAF89E925C6608283AAF49E3A76E0E8B43A7D63
                                                                                                                                                                          SHA-512:FF8DF43B3D6784CBD8593FEF67885A2105BD26C07C0A5D513728CF4E6C5733619F50DAF66EAD7BB8E99C11916AAE29F60555B431BDDD49682D1538FB0384D455
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.......1.....jn......java/lang/Thread......S...[Ljava/lang/Object;...r...I...Z...[Ljava/math/BigInteger;...<init>...(I)V...()V.......................<clinit>...java/math/BigInteger................run...O...(ILjava/lang/Object;)V.............java/lang/Exception......java/lang/Object............ ...[B.."...[I..$..z..........................P.......................................................................................................&...java/lang/String..(...toCharArray...()[C..*.+..).,.......|...................................................................................

                                                                                                                                                                          C:\jar\uy.class

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\7za.exe
                                                                                                                                                                          File Type:compiled Java class data, version 49.0 (Java 1.5)
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):7313
                                                                                                                                                                          Entropy (8bit):6.5454893593082115
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:h9K2kc56TLX/kRQ5j8coX8F4Mah4w42cZp0Msm+TJ:W3fTLeOj8n8Flah4w42cZp0Msm+t
                                                                                                                                                                          MD5:12CEF1A893B3D0FBF1F5EF5D214ECAD8
                                                                                                                                                                          SHA1:5C7EF982BB89A5BF81E28BD840A87DA1F7892C38
                                                                                                                                                                          SHA-256:3A1D8A32A5F6F77DDDBB268F31440AB65A834252058F0B059A1048CF8DDE6554
                                                                                                                                                                          SHA-512:3D1FFAB7F2CE54FD5FF5A7168C6A13F40E934D35EC0AEF6903253C066A2555790AC54960CBA468E2494BDFE463DC3A7E593D80642A930E354F83D8B31543FF75
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.......1.....uy......java/lang/Object......i...[Ljava/lang/Object;...H...[Ljava/lang/Class;...a...[I...t...[S...Y...I...q...<clinit>...()V.................v......Q..&(Ljava/lang/Object;)Ljava/lang/String;.............java/lang/Integer......parseInt...(Ljava/lang/String;)I................... ...............".........$.........&...java/lang/Class..(.........*.........,..8..............................................................................................................java/lang/String..0...toCharArray...()[C..2.3..1.4.........6.........................................................8...<init>..:......;...y...(II)Ljava/lang/Class;.......

                                                                                                                                                                          C:\jar\v.class

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\7za.exe
                                                                                                                                                                          File Type:compiled Java class data, version 49.0 (Java 1.5)
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6728
                                                                                                                                                                          Entropy (8bit):6.573927731010761
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:vyjexUiTELKOhuRlQksZlSzK1WfVhSZRxr8Fz017N3grWY5QEvB21/H+jjSzl:vyKRAKRlUH2HV4nxyG7urVJSv+0
                                                                                                                                                                          MD5:75973E2B70F78D7DD0F8AC587135DC79
                                                                                                                                                                          SHA1:DA654D8ECD756328CE682A476D1ED1313B1E3CEF
                                                                                                                                                                          SHA-256:92730B79F99B73D738CB84B201A52D5354EA26F1F0B67981BD31A725AAF8B1C1
                                                                                                                                                                          SHA-512:DE657D9EFC4DCAAB4610D6692B6272D7EDD5C970B7006A3ABEE9B691BAA0B7EAF5744231F741DB65747EE240F86FB9F4E064127400DA3ECE69491FBC667A9C9F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.......1.....v......java/lang/Thread......t...[Ljava/lang/Object;...T...I...h...[Ljava/math/BigInteger;...<init>...(I)V...()V.......................<clinit>...java/math/BigInteger................run...x...(ILjava/lang/Object;)V.............java/lang/Exception......java/lang/Object............ ...[B.."...[I..$..|..................................................................................................................................&...java/lang/String..(...toCharArray...()[C..*.+..).,.......}..................................................................................

                                                                                                                                                                          Static File Info

                                                                                                                                                                          General

                                                                                                                                                                          File type:Zip archive data, at least v2.0 to extract
                                                                                                                                                                          Entropy (8bit):7.998158113500637
                                                                                                                                                                          TrID:
                                                                                                                                                                          • Java Archive (13504/1) 62.80%
                                                                                                                                                                          • ZIP compressed archive (8000/1) 37.20%
                                                                                                                                                                          File name:CMTNGTFESJRKMAMSPWITGCAGOVGAFQODETEHLFVAACNQUJQP.jar
                                                                                                                                                                          File size:189561
                                                                                                                                                                          MD5:8535942f58ba61ce5ce0755d7570f22f
                                                                                                                                                                          SHA1:fb6c95fa16c2e91f22ac4e8d73233962e645c6bd
                                                                                                                                                                          SHA256:308dcf6540932d062dd10a24fefd25d6660afe60dea76c9fa5612ae0f4cb4cda
                                                                                                                                                                          SHA512:9ac96be4ae70460ee80918598584d88e765173b5f143eb094c0f66c5d4a942370c45ff60599aedcee38fbf15901a0e198f11057821bf2b8907c4a9a9387e10c9
                                                                                                                                                                          SSDEEP:3072:CFysmYDJzvFDX7kwZcOPgDffPJpVww1CtoVZQzDeQ15vChXbn24RmTzIBTjIg:lsdJzdksPgDf3jVpCtoj6DeQ112XjEoD
                                                                                                                                                                          TLSH:7004133C51562C0AC0FA51F69924CAFBEFEE083BE45758B12FF715CEA4416839F6124A
                                                                                                                                                                          File Content Preview:PK........pO.UJ..1s...........META-INF/MANIFEST.MF.M..LK-...K-*....R0.3..r.C.q,HL.HU...%...,x..s...u..K2..........].J.v.=.x#.C.$.K.......T..........y..\...y.`#..2y..PK.........N.U..L.....Iw......h.class..gtk.u&..xU~...$..$..yd.9Xj..s...s..n/1. .... .&....

                                                                                                                                                                          File Icon

                                                                                                                                                                          Icon Hash:d28c8e8ea2868ad6

                                                                                                                                                                          Network Behavior

                                                                                                                                                                          No network behavior found

                                                                                                                                                                          Statistics

                                                                                                                                                                          Behavior

                                                                                                                                                                          Click to jump to process

                                                                                                                                                                          System Behavior

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:1
                                                                                                                                                                          Start time:15:05:53
                                                                                                                                                                          Start date:05/08/2022
                                                                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:C:\Windows\system32\cmd.exe /c 7za.exe x -y -oC:\jar "C:\Users\user\Desktop\CMTNGTFESJRKMAMSPWITGCAGOVGAFQODETEHLFVAACNQUJQP.jar"
                                                                                                                                                                          Imagebase:0x7ff6edbd0000
                                                                                                                                                                          File size:273920 bytes
                                                                                                                                                                          MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:high

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:3
                                                                                                                                                                          Start time:15:05:53
                                                                                                                                                                          Start date:05/08/2022
                                                                                                                                                                          Path:C:\Windows\System32\7za.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:7za.exe x -y -oC:\jar "C:\Users\user\Desktop\CMTNGTFESJRKMAMSPWITGCAGOVGAFQODETEHLFVAACNQUJQP.jar"
                                                                                                                                                                          Imagebase:0xab0000
                                                                                                                                                                          File size:289792 bytes
                                                                                                                                                                          MD5 hash:77E556CDFDC5C592F5C46DB4127C6F4C
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:high

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:5
                                                                                                                                                                          Start time:15:05:56
                                                                                                                                                                          Start date:05/08/2022
                                                                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:"C:\Windows\System32\cmd.exe" /c java.exe -jar "C:\Users\user\Desktop\CMTNGTFESJRKMAMSPWITGCAGOVGAFQODETEHLFVAACNQUJQP.jar" i >> C:\cmdlinestart.log 2>&1
                                                                                                                                                                          Imagebase:0x7ff6edbd0000
                                                                                                                                                                          File size:273920 bytes
                                                                                                                                                                          MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:high

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:6
                                                                                                                                                                          Start time:15:05:57
                                                                                                                                                                          Start date:05/08/2022
                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                          Imagebase:0x7ff6406f0000
                                                                                                                                                                          File size:625664 bytes
                                                                                                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:high

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:7
                                                                                                                                                                          Start time:15:05:57
                                                                                                                                                                          Start date:05/08/2022
                                                                                                                                                                          Path:C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:java.exe -jar "C:\Users\user\Desktop\CMTNGTFESJRKMAMSPWITGCAGOVGAFQODETEHLFVAACNQUJQP.jar" i
                                                                                                                                                                          Imagebase:0x2e0000
                                                                                                                                                                          File size:192376 bytes
                                                                                                                                                                          MD5 hash:28733BA8C383E865338638DF5196E6FE
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:Java
                                                                                                                                                                          Reputation:high

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:8
                                                                                                                                                                          Start time:15:05:59
                                                                                                                                                                          Start date:05/08/2022
                                                                                                                                                                          Path:C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
                                                                                                                                                                          Imagebase:0x380000
                                                                                                                                                                          File size:29696 bytes
                                                                                                                                                                          MD5 hash:FF0D1D4317A44C951240FAE75075D501
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:high

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:10
                                                                                                                                                                          Start time:15:05:59
                                                                                                                                                                          Start date:05/08/2022
                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                          Imagebase:0x7ff6406f0000
                                                                                                                                                                          File size:625664 bytes
                                                                                                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:high

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:11
                                                                                                                                                                          Start time:15:06:01
                                                                                                                                                                          Start date:05/08/2022
                                                                                                                                                                          Path:C:\Windows\SysWOW64\wbem\WMIC.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:wmic CPU get ProcessorId
                                                                                                                                                                          Imagebase:0xaa0000
                                                                                                                                                                          File size:391680 bytes
                                                                                                                                                                          MD5 hash:79A01FCD1C8166C5642F37D1E0FB7BA8
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:high

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:12
                                                                                                                                                                          Start time:15:06:02
                                                                                                                                                                          Start date:05/08/2022
                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                          Imagebase:0x7ff6406f0000
                                                                                                                                                                          File size:625664 bytes
                                                                                                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:13
                                                                                                                                                                          Start time:15:06:03
                                                                                                                                                                          Start date:05/08/2022
                                                                                                                                                                          Path:C:\Windows\SysWOW64\wbem\WMIC.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:wmic bios get serialnumber
                                                                                                                                                                          Imagebase:0xaa0000
                                                                                                                                                                          File size:391680 bytes
                                                                                                                                                                          MD5 hash:79A01FCD1C8166C5642F37D1E0FB7BA8
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:14
                                                                                                                                                                          Start time:15:06:04
                                                                                                                                                                          Start date:05/08/2022
                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                          Imagebase:0x7ff6406f0000
                                                                                                                                                                          File size:625664 bytes
                                                                                                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:15
                                                                                                                                                                          Start time:15:06:06
                                                                                                                                                                          Start date:05/08/2022
                                                                                                                                                                          Path:C:\Windows\SysWOW64\wbem\WMIC.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:wmic csproduct get name
                                                                                                                                                                          Imagebase:0xaa0000
                                                                                                                                                                          File size:391680 bytes
                                                                                                                                                                          MD5 hash:79A01FCD1C8166C5642F37D1E0FB7BA8
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:16
                                                                                                                                                                          Start time:15:06:06
                                                                                                                                                                          Start date:05/08/2022
                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                          Imagebase:0x7ff6406f0000
                                                                                                                                                                          File size:625664 bytes
                                                                                                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:17
                                                                                                                                                                          Start time:15:06:11
                                                                                                                                                                          Start date:05/08/2022
                                                                                                                                                                          Path:C:\Windows\SysWOW64\wbem\WMIC.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:wmic csproduct get UUID
                                                                                                                                                                          Imagebase:0xaa0000
                                                                                                                                                                          File size:391680 bytes
                                                                                                                                                                          MD5 hash:79A01FCD1C8166C5642F37D1E0FB7BA8
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:18
                                                                                                                                                                          Start time:15:06:11
                                                                                                                                                                          Start date:05/08/2022
                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                          Imagebase:0x7ff6406f0000
                                                                                                                                                                          File size:625664 bytes
                                                                                                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:19
                                                                                                                                                                          Start time:15:06:13
                                                                                                                                                                          Start date:05/08/2022
                                                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:cmd.exe /c ver
                                                                                                                                                                          Imagebase:0xed0000
                                                                                                                                                                          File size:232960 bytes
                                                                                                                                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:20
                                                                                                                                                                          Start time:15:06:13
                                                                                                                                                                          Start date:05/08/2022
                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                          Imagebase:0x7ff6406f0000
                                                                                                                                                                          File size:625664 bytes
                                                                                                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                                                                          Disassembly

                                                                                                                                                                          No disassembly