Windows Analysis Report
12-09-2022 S#U0130PAR#U0130#U015e.docx.doc

Overview

General Information

Sample Name:	12-09-2022 S#U0130PAR#U0130#U015e.docx.doc
Analysis ID:	701320
MD5:	7e8133cf5f56adcfafb9bc91390c9fe7
SHA1:	2cc6471245901e51565ad69df6b8586629965cf1
SHA256:	7859fd95c60a0d76fa99eb42277501b20f76a377c1395b504acff5dd22533027
Tags:	doc
Infos:

Detection

AdWind

Score:	80
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Document exploit detected (creates forbidden files)

Multi AV Scanner detection for submitted file

Yara detected AdWind RAT

Document contains OLE streams which likely are hidden ActiveX objects

Document exploit detected (process start blacklist hit)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Found inlined nop instructions (likely shell or obfuscated code)

May sleep (evasive loops) to hinder dynamic analysis

Detected potential crypto function

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Creates a process in suspended mode (likely to inject code)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Document misses a certain OLE stream usually present in this Microsoft Office document type

Abnormal high CPU Usage

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.doc	ReversingLabs: Detection: 26%
Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.doc	Virustotal: Detection: 17%			Perma Link

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Software Vulnerabilities

Document exploit detected (creates forbidden files)

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\AppData\Local\Temp\a0v2H8.jar

Jump to behavior

Document exploit detected (process start blacklist hit)

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Process created: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Code function: 5x nop then dec eax		3_2_02A10237
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Code function: 5x nop then dec eax		10_2_029E1477

Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/3
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/;
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/allow-java-encodings
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/allow-java-encodings9
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/continue-after-fatal-error
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/continue-after-fatal-error=
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/create-cdata-nodes
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/create-cdata-nodes:
Source: javaw.exe, 00000003.00000002.1007607362.000000005912A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961135410.0000000059112000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967577855.000000005911F000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1018446449.00000000591B3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1014550524.00000000591AB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1008158290.0000000059149000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.991312019.00000000590C9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1063932993.00000000591BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/disallow-doctype-decl
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/disallow-doctype-decl#
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/dom/create-entity-ref-nodes
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/dom/create-entity-ref-nodes?
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansion
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansion3
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansion9
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/dom/include-ignorable-whitespace
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/dom/include-ignorable-whitespace/
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations9
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocations
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocations;
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/include-comments
Source: javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/include-comments0
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/include-commentsc
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/internal/parser-settings
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/internal/parser-settings7
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/internal/parser-settingss8q
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicates
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicatesO
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicatesY
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only/
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/namespace-growth
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/namespace-growthK
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd:
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/scanner/notify-builtin-refs
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/scanner/notify-builtin-refs7
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs3
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refsC
Source: javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/standard-uri-conformant
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/standard-uri-conformantK
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/standard-uri-conformanter2
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validate-annotations
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validate-annotationss
Source: javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-trees
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-treesK
Source: javaw.exe, 00000003.00000003.962091806.0000000059B79000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.966769903.0000000059B80000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.956399008.0000000059B48000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008163731.0000000059B80000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1018446449.00000000591B3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1014550524.00000000591AB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1008158290.0000000059149000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.991312019.00000000590C9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1063932993.00000000591BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-treesdSkip
Source: javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/dynamic
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/dynamicK
Source: javaw.exe, 00000003.00000003.962091806.0000000059B79000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.966769903.0000000059B80000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.956399008.0000000059B48000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008163731.0000000059B80000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1018446449.00000000591B3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1014550524.00000000591AB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1008158290.0000000059149000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.991312019.00000000590C9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1063932993.00000000591BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/dynamictURI
Source: javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking=
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema-full-checkingP
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema/augment-psvi
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema/augment-psviK
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema/augment-psvic
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema/element-default
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema/element-defaultA
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-value
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-valueB
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdef
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdefD
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdef
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdef:
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdefs
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/warn-on-duplicate-entitydef
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/xinclude
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-uris
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-uris6
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-language
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-language;
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-languageS
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/xinclude1
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/xincludec
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/D
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/dom/current-element-node
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/dom/current-element-node9
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/dom/document-class-name
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/dom/document-class-name$
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/input-buffer-size
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/input-buffer-sizeternal
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factory
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factory:
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factoryK
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/document-scanner
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/document-scanner7
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/document-scannerk
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor5
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor;
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner8
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/entity-manager
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/entity-manager8
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver1
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver7
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/error-handler
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/error-handler6
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/error-reporter
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/error-reporter:
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/grammar-pool
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/grammar-pool#4p
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/grammar-pool6
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/namespace-binder
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/namespace-context
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/namespace-context:
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/namespace-contextV
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/namespace-contextV:
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/namespace-contextk5p
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolver
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolvere;)V
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/symbol-table
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/symbol-tableQ
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validation-manager
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validation-managerF
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory7
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validator/dtd
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validator/dtd:
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validator/schema
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/xinclude-handler
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/xinclude-handler9
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/locale
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/localeJ
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation;
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocation
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocation(
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/security-manager
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/security-manager8
Source: javaw.exe, 00000003.00000002.1048181873.00000000D7576000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymousTypes
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymousTypesnEvent
Source: javaw.exe, 00000003.00000002.1048681741.00000000D7615000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1010127537.00000000D5580000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1067403383.00000000D5580000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://bugreport.sun.com/bugreport/
Source: javaw.exe, 00000003.00000003.962713926.0000000059BA0000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964855770.0000000059A6F000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962091806.0000000059B79000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1048874613.00000000D763A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.966236710.0000000059A76000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008117482.0000000059A95000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1046320748.00000000D745E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1046522557.00000000D747C000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.966642599.0000000059A95000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.958316594.0000000059A6F000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.956399008.0000000059B48000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1115594736.00000000D7648000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1006410957.000000005984C000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1107668636.00000000D7424000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ipinfo.io/
Source: javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ipinfo.io/&
Source: javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ipinfo.io/ip
Source: javaw.exe, 00000003.00000003.958316594.0000000059A6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ipinfo.io/ipX
Source: javaw.exe, 00000003.00000002.1048681741.00000000D7615000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1010127537.00000000D5580000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://java.oracle.com/
Source: javaw.exe, 0000000A.00000002.1067403383.00000000D5580000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://java.oracle.com/sha
Source: javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1048641447.00000000D7608000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1109407547.00000000D755D000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1107668636.00000000D7424000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1109311234.00000000D7549000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/dtd/properties.dtd
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/dtd/properties.dtd3
Source: javaw.exe, 00000003.00000002.1048181873.00000000D7576000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/dom/properties/
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/dom/properties/(
Source: javaw.exe, 00000003.00000003.966821739.0000000059CA4000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1048041021.00000000D7561000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967357824.0000000059CA4000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008328551.0000000059CA4000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1109407547.00000000D755D000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1065071207.0000000059885000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1006601184.000000005986D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/dom/properties/ancestor-check
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguage
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguage4
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguagec
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaSource
Source: javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaSource7
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/schema/features/
Source: javaw.exe, 00000003.00000002.1048181873.00000000D7576000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/schema/features/k
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace0
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace;
Source: javaw.exe, 00000003.00000002.1048181873.00000000D7576000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/stream/properties/
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtdV
Source: javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/stream/properties/reader-in-defined-state
Source: javaw.exe, 00000003.00000002.1048181873.00000000D7576000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/stream/properties/reader-in-defined-state#
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/stream/properties/reader-in-defined-stateeFromDO
Source: javaw.exe, 00000003.00000002.1007607362.000000005912A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961135410.0000000059112000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967577855.000000005911F000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1018446449.00000000591B3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1014550524.00000000591AB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1008158290.0000000059149000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.991312019.00000000590C9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1063932993.00000000591BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/stream/properties/report-cdata-event
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/feature/secure-processing
Source: javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/property/
Source: javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTD
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTD;
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTDs
Source: javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchema
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchemaD
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchemas3p
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/property/e3
Source: javaw.exe, 00000003.00000002.1048181873.00000000D7576000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/property/sRv
Source: javaw.exe, 00000003.00000002.1046522557.00000000D747C000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/feature/use-service-mechanism
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/feature/use-service-mechanismjectI
Source: javaw.exe, 00000003.00000002.1048181873.00000000D7576000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/feature/use-service-mechanismkTv
Source: javaw.exe, 00000003.00000002.1048181873.00000000D7576000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/elementAttributeLimit
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityExpansionLimithe/xerces/
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityReplacementLimit
Source: javaw.exe, 00000003.00000002.1048181873.00000000D7576000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/getEntityCountInfo
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/java/io/Object
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxElementDepth
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxElementDepths
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxGeneralEntitySizeLimit
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxGeneralEntitySizeLimitc3r
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxOccurLimit
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimit
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxXMLNameLimit
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/totalEntitySizeLimit
Source: javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/xmlSecurityPropertyManager
Source: javaw.exe, 00000003.00000002.1048181873.00000000D7576000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTD
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTD=
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/external-general-entities
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/external-general-entities7
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/external-general-entitiesS
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/external-parameter-entities
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/namespaces
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/namespaces&
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/tream$PutFie
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/use-entity-resolver2
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/validation
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/properties/
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/properties/(
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/properties/C
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/properties/xml-string
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/properties/xml-string;

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D9320A51-5E17-41AC-AA14-257027C1CCDA}.tmp

Jump to behavior

System Summary

Document contains OLE streams which likely are hidden ActiveX objects

Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.doc	Stream path '\x1Ole10Native' : ....a0v2H8.jar.C:\Users\MICROSOFT\AppData\Local\Mi
Source: ~WRF{D598F5A9-41E1-44C7-8D38-8B82E1D2FAA1}.tmp.0.dr	Stream path '_1724495465/\x1Ole10Native' : ....a0v2H8.jar.C:\Users\MICROSOFT\AppData\Local\Mi
Source: ~WRF{D598F5A9-41E1-44C7-8D38-8B82E1D2FAA1}.tmp.0.dr	Stream path '_1724495487/\x1Ole10Native' : 4....a0v2H8.jar.C:\Users\MICROSOFT\AppData\Local\M

Detected potential crypto function

Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Code function: 3_2_029336A1	3_2_029336A1
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Code function: 3_2_029344C9	3_2_029344C9
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Code function: 3_2_02A0AB3C	3_2_02A0AB3C
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Code function: 3_2_02A0A6B7	3_2_02A0A6B7
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Code function: 3_2_02A0AFC3	3_2_02A0AFC3
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Code function: 3_2_02A0B481	3_2_02A0B481
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Code function: 10_2_029036A1	10_2_029036A1
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Code function: 10_2_029044C9	10_2_029044C9

Document misses a certain OLE stream usually present in this Microsoft Office document type

Source: ~WRF{D598F5A9-41E1-44C7-8D38-8B82E1D2FAA1}.tmp.0.dr

OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false

Abnormal high CPU Usage

Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe

Process Stats: CPU usage > 98%

Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.doc	ReversingLabs: Detection: 26%
Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.doc	Virustotal: Detection: 17%

Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process created: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe "C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\a0v2H8.jar"
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic CPU get ProcessorId
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic bios get serialnumber
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get name
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process created: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe "C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\a0v2H8.jar"
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get UUID
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic CPU get ProcessorId
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic bios get serialnumber
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get name
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get UUID
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process created: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe "C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\a0v2H8.jar"	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process created: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe "C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\a0v2H8.jar"	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic CPU get ProcessorId	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic bios get serialnumber	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get name	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get UUID	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic CPU get ProcessorId	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic bios get serialnumber	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get name	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get UUID	Jump to behavior

Source: C:\Windows\System32\wbem\WMIC.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32

Jump to behavior

Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.LNK.0.dr

LNK file: ..\..\..\..\..\Desktop\12-09-2022 S#U0130PAR#U0130#U015e.docx.doc

Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.doc

OLE indicator, Word Document stream: true

Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - SELECT ProcessorId FROM WIN32_PROCESSOR
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - SELECT ProcessorId FROM WIN32_PROCESSOR

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\Desktop\~$-09-2022 S#U0130PAR#U0130#U015e.docx.doc

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\AppData\Local\Temp\CVR4FF3.tmp

Jump to behavior

Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe

Section loaded: C:\Program Files\Java\jre1.8.0_121\bin\server\jvm.dll

Jump to behavior

Source: classification engine

Classification label: mal80.troj.expl.evad.winDOC@21/13@0/0

Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.doc	OLE document summary: title field not present or empty
Source: ~WRF{D598F5A9-41E1-44C7-8D38-8B82E1D2FAA1}.tmp.0.dr	OLE document summary: title field not present or empty
Source: ~WRF{D598F5A9-41E1-44C7-8D38-8B82E1D2FAA1}.tmp.0.dr	OLE document summary: author field not present or empty
Source: ~WRF{D598F5A9-41E1-44C7-8D38-8B82E1D2FAA1}.tmp.0.dr	OLE document summary: edited time not present or 0

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.doc

Initial sample: OLE zip file path = word/media/image3.emf

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.doc

Initial sample: OLE indicators vbamacros = False

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX

Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.doc	Stream path '\x1Ole10Native' entropy: 7.99740193304 (max. 8.0)
Source: ~WRF{D598F5A9-41E1-44C7-8D38-8B82E1D2FAA1}.tmp.0.dr	Stream path '_1724495465/\x1Ole10Native' entropy: 7.99740193304 (max. 8.0)
Source: ~WRF{D598F5A9-41E1-44C7-8D38-8B82E1D2FAA1}.tmp.0.dr	Stream path '_1724495487/\x1Ole10Native' entropy: 7.9976081212 (max. 8.0)

Malware Analysis System Evasion

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - SELECT SerialNumber FROM Win32_BIOS
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - SELECT SerialNumber FROM Win32_BIOS

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\System32\wbem\WMIC.exe TID: 1832	Thread sleep time: -240000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe TID: 2448	Thread sleep time: -300000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe TID: 1696	Thread sleep time: -180000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe TID: 2960	Thread sleep time: -240000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe TID: 2420	Thread sleep time: -240000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe TID: 2156	Thread sleep time: -240000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe TID: 1516	Thread sleep time: -180000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe TID: 2324	Thread sleep time: -240000s >= -30000s

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - SELECT ProcessorId FROM WIN32_PROCESSOR
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - SELECT ProcessorId FROM WIN32_PROCESSOR

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - SELECT Name FROM Win32_ComputerSystemProduct
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - SELECT UUID FROM Win32_ComputerSystemProduct
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - SELECT Name FROM Win32_ComputerSystemProduct
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - SELECT UUID FROM Win32_ComputerSystemProduct

Source: javaw.exe, 0000000A.00000002.1068786516.00000000D56B8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware Virtual Platform
Source: WMIC.exe, 00000008.00000002.975345271.00000000004B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <COMMAND SEQUENCENUM="1" ISSUEDFROM="936905" STARTTIME="09-12-2022T13:45:50" EVERYCOUNT="0"><REQUEST><COMMANDLINE> csproduct get name</COMMANDLINE><COMMANDLINECOMPONENTS><NODELIST><NODE>936905</NODE></NODELIST></COMMANDLINECOMPONENTS><CONTEXT><NAMESPACE>root\cimv2</NAMESPACE><ROLE>root\cli</ROLE><IMPLEVEL>IMPERSONATE</IMPLEVEL><AUTHLEVEL>PKTPRIVACY</AUTHLEVEL><LOCALE>ms_409</LOCALE><PRIVILEGES>ENABLE</PRIVILEGES><TRACE>OFF</TRACE><RECORD>N/A</RECORD><INTERACTIVE>OFF</INTERACTIVE><FAILFAST>OFF</FAILFAST><OUTPUT>STDOUT</OUTPUT><APPEND>STDOUT</APPEND><USER>N/A</USER><AGGREGATE>ON</AGGREGATE></CONTEXT></REQUEST><RESULTS NODE="936905"><CIM><INSTANCE CLASSNAME="Win32_ComputerSystemProduct"><PROPERTY NAME="Name" TYPE="string"><VALUE>VMware Virtual Platform</VALUE></PROPERTY></INSTANCE></CIM></RESULTS></COMMAND>[
Source: WMIC.exe, 00000008.00000003.973097257.00000000004B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <COMMAND SEQUENCENUM="1" ISSUEDFROM="936905" STARTTIME="09-12-2022T13:45:50" EVERYCOUNT="0"><REQUEST><COMMANDLINE> csproduct get name</COMMANDLINE><COMMANDLINECOMPONENTS><NODELIST><NODE>936905</NODE></NODELIST></COMMANDLINECOMPONENTS><CONTEXT><NAMESPACE>root\cimv2</NAMESPACE><ROLE>root\cli</ROLE><IMPLEVEL>IMPERSONATE</IMPLEVEL><AUTHLEVEL>PKTPRIVACY</AUTHLEVEL><LOCALE>ms_409</LOCALE><PRIVILEGES>ENABLE</PRIVILEGES><TRACE>OFF</TRACE><RECORD>N/A</RECORD><INTERACTIVE>OFF</INTERACTIVE><FAILFAST>OFF</FAILFAST><OUTPUT>STDOUT</OUTPUT><APPEND>STDOUT</APPEND><USER>N/A</USER><AGGREGATE>ON</AGGREGATE></CONTEXT></REQUEST><RESULTS NODE="936905"><CIM><INSTANCE CLASSNAME="Win32_ComputerSystemProduct"><PROPERTY NAME="Name" TYPE="string"><VALUE>VMware Virtual Platform</VALUE></PROPERTY></INSTANCE></CIM></RESULTS>
Source: WMIC.exe, 00000008.00000003.973024787.000000000047F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: .VMware Virtual Platform\\
Source: javaw.exe, 0000000A.00000002.1068786516.00000000D56B8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware Virtual Platform
Source: javaw.exe, 00000003.00000002.984671724.00000000022E7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [Ljava/lang/VirtualMachineError;
Source: javaw.exe, 00000003.00000002.1011501630.00000000D56B8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: PVMware Virtual Platform
Source: javaw.exe, 0000000A.00000003.973327945.00000000575B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: org/omg/CORBA/OMGVMCID.classPK
Source: WMIC.exe, 00000008.00000002.975345271.00000000004B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: rMMAND SEQUENCENUM="1" ISSUEDFROM="936905" STARTTIME="09-12-2022T13:45:50" EVERYCOUNT="0"><REQUEST><COMMANDLINE> csproduct get name</COMMANDLINE><COMMANDLINECOMPONENTS><NODELIST><NODE>936905</NODE></NODELIST></COMMANDLINECOMPONENTS><CONTEXT><NAMESPACE>root\cimv2</NAMESPACE><ROLE>root\cli</ROLE><IMPLEVEL>IMPERSONATE</IMPLEVEL><AUTHLEVEL>PKTPRIVACY</AUTHLEVEL><LOCALE>ms_409</LOCALE><PRIVILEGES>ENABLE</PRIVILEGES><TRACE>OFF</TRACE><RECORD>N/A</RECORD><INTERACTIVE>OFF</INTERACTIVE><FAILFAST>OFF</FAILFAST><OUTPUT>STDOUT</OUTPUT><APPEND>STDOUT</APPEND><USER>N/A</USER><AGGREGATE>ON</AGGREGATE></CONTEXT></REQUEST><RESULTS NODE="936905"><CIM><INSTANCE CLASSNAME="Win32_ComputerSystemProduct"><PROPERTY NAME="Name" TYPE="string"><VALUE>VMware Virtual Platform</VALUE></PROPERTY></INSTANCE></CIM></RESULTS></COMMAND>
Source: javaw.exe, 00000003.00000003.943495510.0000000057640000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: java/lang/VirtualMachineError.classPK
Source: WMIC.exe, 00000008.00000002.975193932.0000000000494000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C.VMware Virtual Platform
Source: WMIC.exe, 00000008.00000002.975345271.00000000004B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <RESULTS NODE="936905"><CIM><INSTANCE CLASSNAME="Win32_ComputerSystemProduct"><PROPERTY NAME="Name" TYPE="string"><VALUE>VMware Virtual Platform</VALUE></PROPERTY></INSTANCE></CIM></RESULTS>
Source: WMIC.exe, 00000008.00000003.973097257.00000000004B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: HULTS NODE="936905"><CIM><INSTANCE CLASSNAME="Win32_ComputerSystemProduct"><PROPERTY NAME="Name" TYPE="string"><VALUE>VMware Virtual Platform</VALUE></PROPERTY></INSTANCE></CIM>
Source: WMIC.exe, 00000008.00000003.973024787.000000000047F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_ComputerSystemProductVMware Virtual Platform.22
Source: WMIC.exe, 00000008.00000002.974919623.000000000047F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <RESULTS NODE="936905"><CIM><INSTANCE CLASSNAME="Win32_ComputerSystemProduct"><PROPERTY NAME="Name" TYPE="string"><VALUE>VMware Virtual Platform</VALUE></PROPERTY></INSTANCE></CIM></RESULTS>oot\cli</ROLE><IMPLEVEL>IMPERSONATE</IMPLEVEL><AUTHLEVEL>PKTPRIVACY</AUTHLEVEL><LOCALE>ms_409</LOCALE><PRIVILEGES>ENABLE</PRIVILEGES><TRACE>OFF</TRACE><RECORD>N/A</RECORD><INTERACTIVE>OFF</INTERACTIVE><FAILFAST>OFF</FAILFAST><OUTPUT>STDOUT</OUTPUT><APPEND>STDOUT</APPEND><USER>N/A</USER><AGGREGATE>ON</AGGREGATE></CONTEXT>
Source: javaw.exe, 0000000A.00000003.973327945.00000000575B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: javaw.exe, 00000003.00000002.984671724.00000000022E7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: java/lang/VirtualMachineError
Source: WMIC.exe, 00000008.00000003.973024787.000000000047F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 6VMware Virtual Platform
Source: javaw.exe, 0000000A.00000003.973327945.00000000575B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: WMIC.exe, 00000008.00000002.975193932.0000000000494000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: /.VMware Virtual Platform
Source: WMIC.exe, 00000008.00000003.973097257.00000000004B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <COMMAND SEQUENCENUM="1" ISSUEDFROM="936905" STARTTIME="09-12-2022T13:45:50" EVERYCOUNT="0"><REQUEST><COMMANDLINE> csproduct get name</COMMANDLINE><COMMANDLINECOMPONENTS><NODELIST><NODE>936905</NODE></NODELIST></COMMANDLINECOMPONENTS><CONTEXT><NAMESPACE>root\cimv2</NAMESPACE><ROLE>root\cli</ROLE><IMPLEVEL>IMPERSONATE</IMPLEVEL><AUTHLEVEL>PKTPRIVACY</AUTHLEVEL><LOCALE>ms_409</LOCALE><PRIVILEGES>ENABLE</PRIVILEGES><TRACE>OFF</TRACE><RECORD>N/A</RECORD><INTERACTIVE>OFF</INTERACTIVE><FAILFAST>OFF</FAILFAST><OUTPUT>STDOUT</OUTPUT><APPEND>STDOUT</APPEND><USER>N/A</USER><AGGREGATE>ON</AGGREGATE></CONTEXT></REQUEST><RESULTS NODE="936905"><CIM><INSTANCE CLASSNAME="Win32_ComputerSystemProduct"><PROPERTY NAME="Name" TYPE="string"><VALUE>VMware Virtual Platform</VALUE></PROPERTY></INSTANCE></CIM></RESULTS></COMMAND>
Source: javaw.exe, 0000000A.00000002.1068786516.00000000D56B8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: #VMware Virtual Platform#
Source: WMIC.exe, 00000008.00000002.975345271.00000000004B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <CIM><INSTANCE CLASSNAME="Win32_ComputerSystemProduct"><PROPERTY NAME="Name" TYPE="string"><VALUE>VMware Virtual Platform</VALUE></PROPERTY></INSTANCE></CIM>ystem32\cmo
Source: WMIC.exe, 00000008.00000002.975345271.00000000004B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <COMMAND SEQUENCENUM="1" ISSUEDFROM="936905" STARTTIME="09-12-2022T13:45:50" EVERYCOUNT="0"><REQUEST><COMMANDLINE> csproduct get name</COMMANDLINE><COMMANDLINECOMPONENTS><NODELIST><NODE>936905</NODE></NODELIST></COMMANDLINECOMPONENTS><CONTEXT><NAMESPACE>root\cimv2</NAMESPACE><ROLE>root\cli</ROLE><IMPLEVEL>IMPERSONATE</IMPLEVEL><AUTHLEVEL>PKTPRIVACY</AUTHLEVEL><LOCALE>ms_409</LOCALE><PRIVILEGES>ENABLE</PRIVILEGES><TRACE>OFF</TRACE><RECORD>N/A</RECORD><INTERACTIVE>OFF</INTERACTIVE><FAILFAST>OFF</FAILFAST><OUTPUT>STDOUT</OUTPUT><APPEND>STDOUT</APPEND><USER>N/A</USER><AGGREGATE>ON</AGGREGATE></CONTEXT></REQUEST><RESULTS NODE="936905"><CIM><INSTANCE CLASSNAME="Win32_ComputerSystemProduct"><PROPERTY NAME="Name" TYPE="string"><VALUE>VMware Virtual Platform</VALUE></PROPERTY></INSTANCE></CIM></RESULTS>h
Source: WMIC.exe, 00000008.00000002.975345271.00000000004B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CULTS NODE="936905"><CIM><INSTANCE CLASSNAME="Win32_ComputerSystemProduct"><PROPERTY NAME="Name" TYPE="string"><VALUE>VMware Virtual Platform</VALUE></PROPERTY></INSTANCE></CIM>
Source: WMIC.exe, 00000008.00000003.973024787.000000000047F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: .VMware Virtual Platform
Source: WMIC.exe, 00000008.00000003.973216204.000000000047F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <RESULTS NODE="936905"><CIM><INSTANCE CLASSNAME="Win32_ComputerSystemProduct"><PROPERTY NAME="Name" TYPE="string"><VALUE>VMware Virtual Platform</VALUE></PROPERTY></INSTANCE></CIM></RESULTS>oot\cli</ROLE><IMPLEVEL>IMPERSONATE</IMPLEVEL><AUTHLEVEL>PKTPRIVACY</AUTHLEVEL><LOCALE>ms_409</LOCALE><PRIVILEGES>ENABLE</PRIVILEGES><TRACE>OFF</TRACE><RECORD>N/A</RECORD><INTERACTIVE>OFF</INTERACTIVE><FAILFAST>OFF</FAILFAST><OUTPUT>STDOUT</OUTPUT><APPEND>STDOUT</APPEND><USER>N/A</USER><AGGREGATE>ON</AGGREGATE></CONTEXT>j
Source: WMIC.exe, 00000008.00000003.974219765.000000000240B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_ComputerSystemProductVMware Virtual Platformk

Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe

Memory protected: page read and write | page guard

Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic CPU get ProcessorId	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic bios get serialnumber	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get name	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get UUID	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic CPU get ProcessorId	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic bios get serialnumber	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get name	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get UUID	Jump to behavior

Source: C:\Windows\System32\wbem\WMIC.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected AdWind RAT

Source: Yara match	File source: 0000000A.00000002.1107491922.00000000D7403000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1046522557.00000000D747C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.1108130731.00000000D7479000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1045659100.00000000D7407000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: javaw.exe PID: 1952, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: javaw.exe PID: 1316, type: MEMORYSTR

Remote Access Functionality

Yara detected AdWind RAT

Source: Yara match	File source: 0000000A.00000002.1107491922.00000000D7403000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1046522557.00000000D747C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.1108130731.00000000D7479000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1045659100.00000000D7407000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: javaw.exe PID: 1952, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: javaw.exe PID: 1316, type: MEMORYSTR

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

AV Detection

Multi AV Scanner detection for submitted file

Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.doc	ReversingLabs: Detection: 26%
Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.doc	Virustotal: Detection: 17%			Perma Link

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Software Vulnerabilities

Document exploit detected (creates forbidden files)

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\AppData\Local\Temp\a0v2H8.jar

Jump to behavior

Document exploit detected (process start blacklist hit)

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Process created: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Code function: 5x nop then dec eax		3_2_02A10237
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Code function: 5x nop then dec eax		10_2_029E1477

Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/3
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/;
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/allow-java-encodings
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/allow-java-encodings9
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/continue-after-fatal-error
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/continue-after-fatal-error=
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/create-cdata-nodes
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/create-cdata-nodes:
Source: javaw.exe, 00000003.00000002.1007607362.000000005912A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961135410.0000000059112000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967577855.000000005911F000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1018446449.00000000591B3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1014550524.00000000591AB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1008158290.0000000059149000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.991312019.00000000590C9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1063932993.00000000591BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/disallow-doctype-decl
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/disallow-doctype-decl#
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/dom/create-entity-ref-nodes
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/dom/create-entity-ref-nodes?
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansion
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansion3
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansion9
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/dom/include-ignorable-whitespace
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/dom/include-ignorable-whitespace/
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations9
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocations
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocations;
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/include-comments
Source: javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/include-comments0
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/include-commentsc
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/internal/parser-settings
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/internal/parser-settings7
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/internal/parser-settingss8q
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicates
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicatesO
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicatesY
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only/
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/namespace-growth
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/namespace-growthK
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd:
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/scanner/notify-builtin-refs
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/scanner/notify-builtin-refs7
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs3
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refsC
Source: javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/standard-uri-conformant
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/standard-uri-conformantK
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/standard-uri-conformanter2
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validate-annotations
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validate-annotationss
Source: javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-trees
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-treesK
Source: javaw.exe, 00000003.00000003.962091806.0000000059B79000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.966769903.0000000059B80000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.956399008.0000000059B48000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008163731.0000000059B80000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1018446449.00000000591B3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1014550524.00000000591AB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1008158290.0000000059149000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.991312019.00000000590C9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1063932993.00000000591BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-treesdSkip
Source: javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/dynamic
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/dynamicK
Source: javaw.exe, 00000003.00000003.962091806.0000000059B79000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.966769903.0000000059B80000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.956399008.0000000059B48000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008163731.0000000059B80000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1018446449.00000000591B3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1014550524.00000000591AB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1008158290.0000000059149000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.991312019.00000000590C9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1063932993.00000000591BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/dynamictURI
Source: javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking=
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema-full-checkingP
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema/augment-psvi
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema/augment-psviK
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema/augment-psvic
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema/element-default
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema/element-defaultA
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-value
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-valueB
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdef
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdefD
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdef
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdef:
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdefs
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/warn-on-duplicate-entitydef
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/xinclude
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-uris
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-uris6
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-language
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-language;
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-languageS
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/xinclude1
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/xincludec
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/D
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/dom/current-element-node
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/dom/current-element-node9
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/dom/document-class-name
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/dom/document-class-name$
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/input-buffer-size
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/input-buffer-sizeternal
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factory
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factory:
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factoryK
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/document-scanner
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/document-scanner7
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/document-scannerk
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor5
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor;
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner8
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/entity-manager
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/entity-manager8
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver1
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver7
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/error-handler
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/error-handler6
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/error-reporter
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/error-reporter:
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/grammar-pool
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/grammar-pool#4p
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/grammar-pool6
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/namespace-binder
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/namespace-context
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/namespace-context:
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/namespace-contextV
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/namespace-contextV:
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/namespace-contextk5p
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolver
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolvere;)V
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/symbol-table
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/symbol-tableQ
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validation-manager
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validation-managerF
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory7
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validator/dtd
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validator/dtd:
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validator/schema
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/xinclude-handler
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/xinclude-handler9
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/locale
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/localeJ
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation;
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocation
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocation(
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/security-manager
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/security-manager8
Source: javaw.exe, 00000003.00000002.1048181873.00000000D7576000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymousTypes
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymousTypesnEvent
Source: javaw.exe, 00000003.00000002.1048681741.00000000D7615000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1010127537.00000000D5580000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1067403383.00000000D5580000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://bugreport.sun.com/bugreport/
Source: javaw.exe, 00000003.00000003.962713926.0000000059BA0000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964855770.0000000059A6F000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962091806.0000000059B79000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1048874613.00000000D763A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.966236710.0000000059A76000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008117482.0000000059A95000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1046320748.00000000D745E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1046522557.00000000D747C000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.966642599.0000000059A95000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.958316594.0000000059A6F000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.956399008.0000000059B48000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1115594736.00000000D7648000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1006410957.000000005984C000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1107668636.00000000D7424000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ipinfo.io/
Source: javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ipinfo.io/&
Source: javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ipinfo.io/ip
Source: javaw.exe, 00000003.00000003.958316594.0000000059A6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ipinfo.io/ipX
Source: javaw.exe, 00000003.00000002.1048681741.00000000D7615000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1010127537.00000000D5580000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://java.oracle.com/
Source: javaw.exe, 0000000A.00000002.1067403383.00000000D5580000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://java.oracle.com/sha
Source: javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1048641447.00000000D7608000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1109407547.00000000D755D000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1107668636.00000000D7424000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1109311234.00000000D7549000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/dtd/properties.dtd
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/dtd/properties.dtd3
Source: javaw.exe, 00000003.00000002.1048181873.00000000D7576000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/dom/properties/
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/dom/properties/(
Source: javaw.exe, 00000003.00000003.966821739.0000000059CA4000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1048041021.00000000D7561000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967357824.0000000059CA4000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008328551.0000000059CA4000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1109407547.00000000D755D000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1065071207.0000000059885000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1006601184.000000005986D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/dom/properties/ancestor-check
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguage
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguage4
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguagec
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaSource
Source: javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaSource7
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/schema/features/
Source: javaw.exe, 00000003.00000002.1048181873.00000000D7576000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/schema/features/k
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace0
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace;
Source: javaw.exe, 00000003.00000002.1048181873.00000000D7576000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/stream/properties/
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtdV
Source: javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/stream/properties/reader-in-defined-state
Source: javaw.exe, 00000003.00000002.1048181873.00000000D7576000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/stream/properties/reader-in-defined-state#
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/stream/properties/reader-in-defined-stateeFromDO
Source: javaw.exe, 00000003.00000002.1007607362.000000005912A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961135410.0000000059112000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967577855.000000005911F000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1018446449.00000000591B3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1014550524.00000000591AB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1008158290.0000000059149000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.991312019.00000000590C9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1063932993.00000000591BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/stream/properties/report-cdata-event
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/feature/secure-processing
Source: javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/property/
Source: javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTD
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTD;
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTDs
Source: javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchema
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchemaD
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchemas3p
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/property/e3
Source: javaw.exe, 00000003.00000002.1048181873.00000000D7576000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/property/sRv
Source: javaw.exe, 00000003.00000002.1046522557.00000000D747C000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/feature/use-service-mechanism
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/feature/use-service-mechanismjectI
Source: javaw.exe, 00000003.00000002.1048181873.00000000D7576000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/feature/use-service-mechanismkTv
Source: javaw.exe, 00000003.00000002.1048181873.00000000D7576000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/elementAttributeLimit
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityExpansionLimithe/xerces/
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityReplacementLimit
Source: javaw.exe, 00000003.00000002.1048181873.00000000D7576000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/getEntityCountInfo
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/java/io/Object
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxElementDepth
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxElementDepths
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxGeneralEntitySizeLimit
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxGeneralEntitySizeLimitc3r
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxOccurLimit
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimit
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxXMLNameLimit
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/totalEntitySizeLimit
Source: javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/xmlSecurityPropertyManager
Source: javaw.exe, 00000003.00000002.1048181873.00000000D7576000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTD
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTD=
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/external-general-entities
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/external-general-entities7
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/external-general-entitiesS
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/external-parameter-entities
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/namespaces
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/namespaces&
Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/tream$PutFie
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/use-entity-resolver2
Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/validation
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/properties/
Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/properties/(
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/properties/C
Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/properties/xml-string
Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/properties/xml-string;

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D9320A51-5E17-41AC-AA14-257027C1CCDA}.tmp

Jump to behavior

System Summary

Document contains OLE streams which likely are hidden ActiveX objects

Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.doc	Stream path '\x1Ole10Native' : ....a0v2H8.jar.C:\Users\MICROSOFT\AppData\Local\Mi
Source: ~WRF{D598F5A9-41E1-44C7-8D38-8B82E1D2FAA1}.tmp.0.dr	Stream path '_1724495465/\x1Ole10Native' : ....a0v2H8.jar.C:\Users\MICROSOFT\AppData\Local\Mi
Source: ~WRF{D598F5A9-41E1-44C7-8D38-8B82E1D2FAA1}.tmp.0.dr	Stream path '_1724495487/\x1Ole10Native' : 4....a0v2H8.jar.C:\Users\MICROSOFT\AppData\Local\M

Detected potential crypto function

Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Code function: 3_2_029336A1	3_2_029336A1
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Code function: 3_2_029344C9	3_2_029344C9
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Code function: 3_2_02A0AB3C	3_2_02A0AB3C
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Code function: 3_2_02A0A6B7	3_2_02A0A6B7
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Code function: 3_2_02A0AFC3	3_2_02A0AFC3
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Code function: 3_2_02A0B481	3_2_02A0B481
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Code function: 10_2_029036A1	10_2_029036A1
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Code function: 10_2_029044C9	10_2_029044C9

Document misses a certain OLE stream usually present in this Microsoft Office document type

Source: ~WRF{D598F5A9-41E1-44C7-8D38-8B82E1D2FAA1}.tmp.0.dr

OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false

Abnormal high CPU Usage

Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe

Process Stats: CPU usage > 98%

Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.doc	ReversingLabs: Detection: 26%
Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.doc	Virustotal: Detection: 17%

Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process created: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe "C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\a0v2H8.jar"
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic CPU get ProcessorId
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic bios get serialnumber
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get name
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process created: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe "C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\a0v2H8.jar"
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get UUID
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic CPU get ProcessorId
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic bios get serialnumber
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get name
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get UUID
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process created: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe "C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\a0v2H8.jar"	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process created: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe "C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\a0v2H8.jar"	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic CPU get ProcessorId	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic bios get serialnumber	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get name	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get UUID	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic CPU get ProcessorId	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic bios get serialnumber	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get name	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get UUID	Jump to behavior

Source: C:\Windows\System32\wbem\WMIC.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32

Jump to behavior

Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.LNK.0.dr

LNK file: ..\..\..\..\..\Desktop\12-09-2022 S#U0130PAR#U0130#U015e.docx.doc

Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.doc

OLE indicator, Word Document stream: true

Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - SELECT ProcessorId FROM WIN32_PROCESSOR
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - SELECT ProcessorId FROM WIN32_PROCESSOR

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\Desktop\~$-09-2022 S#U0130PAR#U0130#U015e.docx.doc

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\AppData\Local\Temp\CVR4FF3.tmp

Jump to behavior

Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe

Section loaded: C:\Program Files\Java\jre1.8.0_121\bin\server\jvm.dll

Jump to behavior

Source: classification engine

Classification label: mal80.troj.expl.evad.winDOC@21/13@0/0

Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.doc	OLE document summary: title field not present or empty
Source: ~WRF{D598F5A9-41E1-44C7-8D38-8B82E1D2FAA1}.tmp.0.dr	OLE document summary: title field not present or empty
Source: ~WRF{D598F5A9-41E1-44C7-8D38-8B82E1D2FAA1}.tmp.0.dr	OLE document summary: author field not present or empty
Source: ~WRF{D598F5A9-41E1-44C7-8D38-8B82E1D2FAA1}.tmp.0.dr	OLE document summary: edited time not present or 0

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.doc

Initial sample: OLE zip file path = word/media/image3.emf

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.doc

Initial sample: OLE indicators vbamacros = False

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX

Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.doc	Stream path '\x1Ole10Native' entropy: 7.99740193304 (max. 8.0)
Source: ~WRF{D598F5A9-41E1-44C7-8D38-8B82E1D2FAA1}.tmp.0.dr	Stream path '_1724495465/\x1Ole10Native' entropy: 7.99740193304 (max. 8.0)
Source: ~WRF{D598F5A9-41E1-44C7-8D38-8B82E1D2FAA1}.tmp.0.dr	Stream path '_1724495487/\x1Ole10Native' entropy: 7.9976081212 (max. 8.0)

Malware Analysis System Evasion

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - SELECT SerialNumber FROM Win32_BIOS
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - SELECT SerialNumber FROM Win32_BIOS

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\System32\wbem\WMIC.exe TID: 1832	Thread sleep time: -240000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe TID: 2448	Thread sleep time: -300000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe TID: 1696	Thread sleep time: -180000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe TID: 2960	Thread sleep time: -240000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe TID: 2420	Thread sleep time: -240000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe TID: 2156	Thread sleep time: -240000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe TID: 1516	Thread sleep time: -180000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe TID: 2324	Thread sleep time: -240000s >= -30000s

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - SELECT ProcessorId FROM WIN32_PROCESSOR
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - SELECT ProcessorId FROM WIN32_PROCESSOR

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - SELECT Name FROM Win32_ComputerSystemProduct
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - SELECT UUID FROM Win32_ComputerSystemProduct
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - SELECT Name FROM Win32_ComputerSystemProduct
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - SELECT UUID FROM Win32_ComputerSystemProduct

Source: javaw.exe, 0000000A.00000002.1068786516.00000000D56B8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware Virtual Platform
Source: WMIC.exe, 00000008.00000002.975345271.00000000004B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <COMMAND SEQUENCENUM="1" ISSUEDFROM="936905" STARTTIME="09-12-2022T13:45:50" EVERYCOUNT="0"><REQUEST><COMMANDLINE> csproduct get name</COMMANDLINE><COMMANDLINECOMPONENTS><NODELIST><NODE>936905</NODE></NODELIST></COMMANDLINECOMPONENTS><CONTEXT><NAMESPACE>root\cimv2</NAMESPACE><ROLE>root\cli</ROLE><IMPLEVEL>IMPERSONATE</IMPLEVEL><AUTHLEVEL>PKTPRIVACY</AUTHLEVEL><LOCALE>ms_409</LOCALE><PRIVILEGES>ENABLE</PRIVILEGES><TRACE>OFF</TRACE><RECORD>N/A</RECORD><INTERACTIVE>OFF</INTERACTIVE><FAILFAST>OFF</FAILFAST><OUTPUT>STDOUT</OUTPUT><APPEND>STDOUT</APPEND><USER>N/A</USER><AGGREGATE>ON</AGGREGATE></CONTEXT></REQUEST><RESULTS NODE="936905"><CIM><INSTANCE CLASSNAME="Win32_ComputerSystemProduct"><PROPERTY NAME="Name" TYPE="string"><VALUE>VMware Virtual Platform</VALUE></PROPERTY></INSTANCE></CIM></RESULTS></COMMAND>[
Source: WMIC.exe, 00000008.00000003.973097257.00000000004B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <COMMAND SEQUENCENUM="1" ISSUEDFROM="936905" STARTTIME="09-12-2022T13:45:50" EVERYCOUNT="0"><REQUEST><COMMANDLINE> csproduct get name</COMMANDLINE><COMMANDLINECOMPONENTS><NODELIST><NODE>936905</NODE></NODELIST></COMMANDLINECOMPONENTS><CONTEXT><NAMESPACE>root\cimv2</NAMESPACE><ROLE>root\cli</ROLE><IMPLEVEL>IMPERSONATE</IMPLEVEL><AUTHLEVEL>PKTPRIVACY</AUTHLEVEL><LOCALE>ms_409</LOCALE><PRIVILEGES>ENABLE</PRIVILEGES><TRACE>OFF</TRACE><RECORD>N/A</RECORD><INTERACTIVE>OFF</INTERACTIVE><FAILFAST>OFF</FAILFAST><OUTPUT>STDOUT</OUTPUT><APPEND>STDOUT</APPEND><USER>N/A</USER><AGGREGATE>ON</AGGREGATE></CONTEXT></REQUEST><RESULTS NODE="936905"><CIM><INSTANCE CLASSNAME="Win32_ComputerSystemProduct"><PROPERTY NAME="Name" TYPE="string"><VALUE>VMware Virtual Platform</VALUE></PROPERTY></INSTANCE></CIM></RESULTS>
Source: WMIC.exe, 00000008.00000003.973024787.000000000047F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: .VMware Virtual Platform\\
Source: javaw.exe, 0000000A.00000002.1068786516.00000000D56B8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware Virtual Platform
Source: javaw.exe, 00000003.00000002.984671724.00000000022E7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [Ljava/lang/VirtualMachineError;
Source: javaw.exe, 00000003.00000002.1011501630.00000000D56B8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: PVMware Virtual Platform
Source: javaw.exe, 0000000A.00000003.973327945.00000000575B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: org/omg/CORBA/OMGVMCID.classPK
Source: WMIC.exe, 00000008.00000002.975345271.00000000004B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: rMMAND SEQUENCENUM="1" ISSUEDFROM="936905" STARTTIME="09-12-2022T13:45:50" EVERYCOUNT="0"><REQUEST><COMMANDLINE> csproduct get name</COMMANDLINE><COMMANDLINECOMPONENTS><NODELIST><NODE>936905</NODE></NODELIST></COMMANDLINECOMPONENTS><CONTEXT><NAMESPACE>root\cimv2</NAMESPACE><ROLE>root\cli</ROLE><IMPLEVEL>IMPERSONATE</IMPLEVEL><AUTHLEVEL>PKTPRIVACY</AUTHLEVEL><LOCALE>ms_409</LOCALE><PRIVILEGES>ENABLE</PRIVILEGES><TRACE>OFF</TRACE><RECORD>N/A</RECORD><INTERACTIVE>OFF</INTERACTIVE><FAILFAST>OFF</FAILFAST><OUTPUT>STDOUT</OUTPUT><APPEND>STDOUT</APPEND><USER>N/A</USER><AGGREGATE>ON</AGGREGATE></CONTEXT></REQUEST><RESULTS NODE="936905"><CIM><INSTANCE CLASSNAME="Win32_ComputerSystemProduct"><PROPERTY NAME="Name" TYPE="string"><VALUE>VMware Virtual Platform</VALUE></PROPERTY></INSTANCE></CIM></RESULTS></COMMAND>
Source: javaw.exe, 00000003.00000003.943495510.0000000057640000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: java/lang/VirtualMachineError.classPK
Source: WMIC.exe, 00000008.00000002.975193932.0000000000494000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C.VMware Virtual Platform
Source: WMIC.exe, 00000008.00000002.975345271.00000000004B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <RESULTS NODE="936905"><CIM><INSTANCE CLASSNAME="Win32_ComputerSystemProduct"><PROPERTY NAME="Name" TYPE="string"><VALUE>VMware Virtual Platform</VALUE></PROPERTY></INSTANCE></CIM></RESULTS>
Source: WMIC.exe, 00000008.00000003.973097257.00000000004B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: HULTS NODE="936905"><CIM><INSTANCE CLASSNAME="Win32_ComputerSystemProduct"><PROPERTY NAME="Name" TYPE="string"><VALUE>VMware Virtual Platform</VALUE></PROPERTY></INSTANCE></CIM>
Source: WMIC.exe, 00000008.00000003.973024787.000000000047F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_ComputerSystemProductVMware Virtual Platform.22
Source: WMIC.exe, 00000008.00000002.974919623.000000000047F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <RESULTS NODE="936905"><CIM><INSTANCE CLASSNAME="Win32_ComputerSystemProduct"><PROPERTY NAME="Name" TYPE="string"><VALUE>VMware Virtual Platform</VALUE></PROPERTY></INSTANCE></CIM></RESULTS>oot\cli</ROLE><IMPLEVEL>IMPERSONATE</IMPLEVEL><AUTHLEVEL>PKTPRIVACY</AUTHLEVEL><LOCALE>ms_409</LOCALE><PRIVILEGES>ENABLE</PRIVILEGES><TRACE>OFF</TRACE><RECORD>N/A</RECORD><INTERACTIVE>OFF</INTERACTIVE><FAILFAST>OFF</FAILFAST><OUTPUT>STDOUT</OUTPUT><APPEND>STDOUT</APPEND><USER>N/A</USER><AGGREGATE>ON</AGGREGATE></CONTEXT>
Source: javaw.exe, 0000000A.00000003.973327945.00000000575B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: javaw.exe, 00000003.00000002.984671724.00000000022E7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: java/lang/VirtualMachineError
Source: WMIC.exe, 00000008.00000003.973024787.000000000047F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 6VMware Virtual Platform
Source: javaw.exe, 0000000A.00000003.973327945.00000000575B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: WMIC.exe, 00000008.00000002.975193932.0000000000494000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: /.VMware Virtual Platform
Source: WMIC.exe, 00000008.00000003.973097257.00000000004B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <COMMAND SEQUENCENUM="1" ISSUEDFROM="936905" STARTTIME="09-12-2022T13:45:50" EVERYCOUNT="0"><REQUEST><COMMANDLINE> csproduct get name</COMMANDLINE><COMMANDLINECOMPONENTS><NODELIST><NODE>936905</NODE></NODELIST></COMMANDLINECOMPONENTS><CONTEXT><NAMESPACE>root\cimv2</NAMESPACE><ROLE>root\cli</ROLE><IMPLEVEL>IMPERSONATE</IMPLEVEL><AUTHLEVEL>PKTPRIVACY</AUTHLEVEL><LOCALE>ms_409</LOCALE><PRIVILEGES>ENABLE</PRIVILEGES><TRACE>OFF</TRACE><RECORD>N/A</RECORD><INTERACTIVE>OFF</INTERACTIVE><FAILFAST>OFF</FAILFAST><OUTPUT>STDOUT</OUTPUT><APPEND>STDOUT</APPEND><USER>N/A</USER><AGGREGATE>ON</AGGREGATE></CONTEXT></REQUEST><RESULTS NODE="936905"><CIM><INSTANCE CLASSNAME="Win32_ComputerSystemProduct"><PROPERTY NAME="Name" TYPE="string"><VALUE>VMware Virtual Platform</VALUE></PROPERTY></INSTANCE></CIM></RESULTS></COMMAND>
Source: javaw.exe, 0000000A.00000002.1068786516.00000000D56B8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: #VMware Virtual Platform#
Source: WMIC.exe, 00000008.00000002.975345271.00000000004B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <CIM><INSTANCE CLASSNAME="Win32_ComputerSystemProduct"><PROPERTY NAME="Name" TYPE="string"><VALUE>VMware Virtual Platform</VALUE></PROPERTY></INSTANCE></CIM>ystem32\cmo
Source: WMIC.exe, 00000008.00000002.975345271.00000000004B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <COMMAND SEQUENCENUM="1" ISSUEDFROM="936905" STARTTIME="09-12-2022T13:45:50" EVERYCOUNT="0"><REQUEST><COMMANDLINE> csproduct get name</COMMANDLINE><COMMANDLINECOMPONENTS><NODELIST><NODE>936905</NODE></NODELIST></COMMANDLINECOMPONENTS><CONTEXT><NAMESPACE>root\cimv2</NAMESPACE><ROLE>root\cli</ROLE><IMPLEVEL>IMPERSONATE</IMPLEVEL><AUTHLEVEL>PKTPRIVACY</AUTHLEVEL><LOCALE>ms_409</LOCALE><PRIVILEGES>ENABLE</PRIVILEGES><TRACE>OFF</TRACE><RECORD>N/A</RECORD><INTERACTIVE>OFF</INTERACTIVE><FAILFAST>OFF</FAILFAST><OUTPUT>STDOUT</OUTPUT><APPEND>STDOUT</APPEND><USER>N/A</USER><AGGREGATE>ON</AGGREGATE></CONTEXT></REQUEST><RESULTS NODE="936905"><CIM><INSTANCE CLASSNAME="Win32_ComputerSystemProduct"><PROPERTY NAME="Name" TYPE="string"><VALUE>VMware Virtual Platform</VALUE></PROPERTY></INSTANCE></CIM></RESULTS>h
Source: WMIC.exe, 00000008.00000002.975345271.00000000004B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CULTS NODE="936905"><CIM><INSTANCE CLASSNAME="Win32_ComputerSystemProduct"><PROPERTY NAME="Name" TYPE="string"><VALUE>VMware Virtual Platform</VALUE></PROPERTY></INSTANCE></CIM>
Source: WMIC.exe, 00000008.00000003.973024787.000000000047F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: .VMware Virtual Platform
Source: WMIC.exe, 00000008.00000003.973216204.000000000047F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <RESULTS NODE="936905"><CIM><INSTANCE CLASSNAME="Win32_ComputerSystemProduct"><PROPERTY NAME="Name" TYPE="string"><VALUE>VMware Virtual Platform</VALUE></PROPERTY></INSTANCE></CIM></RESULTS>oot\cli</ROLE><IMPLEVEL>IMPERSONATE</IMPLEVEL><AUTHLEVEL>PKTPRIVACY</AUTHLEVEL><LOCALE>ms_409</LOCALE><PRIVILEGES>ENABLE</PRIVILEGES><TRACE>OFF</TRACE><RECORD>N/A</RECORD><INTERACTIVE>OFF</INTERACTIVE><FAILFAST>OFF</FAILFAST><OUTPUT>STDOUT</OUTPUT><APPEND>STDOUT</APPEND><USER>N/A</USER><AGGREGATE>ON</AGGREGATE></CONTEXT>j
Source: WMIC.exe, 00000008.00000003.974219765.000000000240B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_ComputerSystemProductVMware Virtual Platformk

Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe

Memory protected: page read and write | page guard

Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic CPU get ProcessorId	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic bios get serialnumber	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get name	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get UUID	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic CPU get ProcessorId	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic bios get serialnumber	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get name	Jump to behavior
Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get UUID	Jump to behavior

Source: C:\Windows\System32\wbem\WMIC.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected AdWind RAT

Source: Yara match	File source: 0000000A.00000002.1107491922.00000000D7403000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1046522557.00000000D747C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.1108130731.00000000D7479000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1045659100.00000000D7407000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: javaw.exe PID: 1952, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: javaw.exe PID: 1316, type: MEMORYSTR

Remote Access Functionality

Yara detected AdWind RAT

Source: Yara match	File source: 0000000A.00000002.1107491922.00000000D7403000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1046522557.00000000D747C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.1108130731.00000000D7479000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1045659100.00000000D7407000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: javaw.exe PID: 1952, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: javaw.exe PID: 1316, type: MEMORYSTR

ID:	701320
Product:	CloudBasic
Start time:	13:44:10
Start date:	12.09.2022
Sample:	12-09-2022 S#U0130PAR#U0130#U015e.docx.doc
Cookbook:	defaultwindowsofficecookbook.jbs
System description:	Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Architecture:	WINDOWS
MD5:	7e8133cf5f56adcfafb9bc91390c9fe7
SHA1:	2cc6471245901e51565ad69df6b8586629965cf1
SHA256:	7859fd95c60a0d76fa99eb42277501b20f76a377c1395b504acff5dd22533027
Filetype:	Word Microsoft Office Open XML Format document (49504/1) 49.01%

Name	Type	MD5	SHA1	SHA256
C:\ProgramData\Oracle\Java\.oracle_jre_usage\17dfc292991c7c05.timestamp	ASCII text, with CRLF line terminators	B346612A2A15D30EF8E4899093BD9C1D	8ECA61C2A0C83684C036F5D22A002C129DF3AD2A	C24A7ABE525ABD5426D3782990E37ABBCF6F28AB41E64F3132A1162B8019488D
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\37821B9D.emf	Windows Enhanced Metafile (EMF) image data version 0x10000	C2D8244DD18F565035212FC52D3F4E75	8C85DDF7655242B178D77F7BEB81D2E3BEB9F35B	89CB85E37E9623CD2B091B539C6E1280AA39E21CF7B6B0A54F5FDA180A197B98
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5AF0F4FA.png	PNG image data, 706 x 366, 8-bit/color RGBA, non-interlaced	94C3E4696F04CB7960042417CF39FE07	EC45840F87B3AC5812F9CE765CD398AEEB2A659C	A1566D12B7BEE123511040635AE34D71E23AE1F73706347EB5926A61AB72BDB7
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8C420CB3.PNG	PNG image data, 1037 x 72, 8-bit/color RGBA, non-interlaced	25902859A8786C02C68F6AA66C151C7C	8829DDF4BC5CB5AB8A4C510CAD67B27FE3EE2BE9	67BA24DD3354C3E058B032FBAF799D9F0D11FD35FA9B80A9DEDAA3ABFFE32893
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{D598F5A9-41E1-44C7-8D38-8B82E1D2FAA1}.tmp	Composite Document File V2 Document, Cannot read section info	799293EED30AE65B8A03E2BF2C14EFB2	643FA005DC68F0345A6E1EDD37D0745C0855A3CC	D0CE7CA37043D297A7D9082FAD159D71E1E3732B38D41C3CBD9CA9C855AB93EE
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{4FFCC0C1-FAE9-48A2-A197-5DE81C053074}.tmp	data	82C21E9F7253A902ACA51C429967E6B0	9FA5A85CAA74390218B1C00A5361C91F82EAFD06	0DC9AC96F8D916E28E48EDD9826229319C2CEA698101748FA4263C9C35E710D5
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D9320A51-5E17-41AC-AA14-257027C1CCDA}.tmp	data	5D4D94EE7E06BBB0AF9584119797B23A	DBB111419C704F116EFA8E72471DD83E86E49677	4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
C:\Users\user\AppData\Local\Temp\a0v2H8.jar	Zip archive data, at least v2.0 to extract	5FCE04720A34D47CE0D474F4571AE901	66F0FF1759880EE5AFC62968A4D135743A4B6888	8CB74BD01205DF1E777CC8C1A343AA65287909CD72AA7B8388F4C32024DCE624
C:\Users\user\AppData\Local\Temp\a0v2H8.jar:Zone.Identifier	ASCII text, with CRLF line terminators	FBCCF14D504B7B2DBCB5A5BDA75BD93B	D59FC84CDD5217C6CF74785703655F78DA6B582B	EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\12-09-2022 S#U0130PAR#U0130#U015e.docx.LNK	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Mar 8 15:45:52 2022, mtime=Tue Mar 8 15:45:52 2022, atime=Mon Sep 12 19:45:10 2022, length=258604, window=hide	03CDF502971DEBC9402065E8991080CB	A43BC44AA0394871BDDAAF05EE16119775EAE103	AD1C2338FE7FCF5BEC6158C701A16F5EEBAB8A0EC754EB1A96D7014366C8A5D6
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat	ASCII text, with CRLF line terminators	CD2C2025F8A0A79B19C38C6E5471BF29	14CBE217A0F3E0328FA0C8832123C09FCB715CBB	8B250686B3B3AAD7A382D06FCA7D7F3C3BD334D5A24A1C2B9D7A0F1ADFAC1A62
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm	data	7CFA404FD881AF8DF49EA584FE153C61	32D9BF92626B77999E5E44780BF24130F3D23D66	248DB6BD8C5CD3542A5C0AE228D3ACD6D8A7FA0C0C62ABC3E178E57267F6CCD7
C:\Users\user\Desktop\~$-09-2022 S#U0130PAR#U0130#U015e.docx.doc	data	7CFA404FD881AF8DF49EA584FE153C61	32D9BF92626B77999E5E44780BF24130F3D23D66	248DB6BD8C5CD3542A5C0AE228D3ACD6D8A7FA0C0C62ABC3E178E57267F6CCD7

Windows Analysis Report
12-09-2022 S#U0130PAR#U0130#U015e.docx.doc

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Windows Analysis Report 12-09-2022 S#U0130PAR#U0130#U015e.docx.doc

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
12-09-2022 S#U0130PAR#U0130#U015e.docx.doc