Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
12-09-2022 S#U0130PAR#U0130#U015e.docx.doc

Overview

General Information

Sample Name:12-09-2022 S#U0130PAR#U0130#U015e.docx.doc
Analysis ID:701320
MD5:7e8133cf5f56adcfafb9bc91390c9fe7
SHA1:2cc6471245901e51565ad69df6b8586629965cf1
SHA256:7859fd95c60a0d76fa99eb42277501b20f76a377c1395b504acff5dd22533027
Tags:doc
Infos:

Detection

AdWind
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Document exploit detected (creates forbidden files)
Multi AV Scanner detection for submitted file
Yara detected AdWind RAT
Document contains OLE streams which likely are hidden ActiveX objects
Document exploit detected (process start blacklist hit)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Found inlined nop instructions (likely shell or obfuscated code)
May sleep (evasive loops) to hinder dynamic analysis
Detected potential crypto function
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Creates a process in suspended mode (likely to inject code)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Document misses a certain OLE stream usually present in this Microsoft Office document type
Abnormal high CPU Usage

Classification

Process Tree

  • System is w7x64
  • WINWORD.EXE (PID: 1216 cmdline: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
    • javaw.exe (PID: 1952 cmdline: "C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\a0v2H8.jar" MD5: 7F0467C3AA5BDAF44BBC824AC81359D0)
      • WMIC.exe (PID: 2452 cmdline: wmic CPU get ProcessorId MD5: FD902835DEAEF4091799287736F3A028)
      • WMIC.exe (PID: 2308 cmdline: wmic bios get serialnumber MD5: FD902835DEAEF4091799287736F3A028)
      • WMIC.exe (PID: 772 cmdline: wmic csproduct get name MD5: FD902835DEAEF4091799287736F3A028)
      • WMIC.exe (PID: 1916 cmdline: wmic csproduct get UUID MD5: FD902835DEAEF4091799287736F3A028)
    • javaw.exe (PID: 1316 cmdline: "C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\a0v2H8.jar" MD5: 7F0467C3AA5BDAF44BBC824AC81359D0)
      • WMIC.exe (PID: 2016 cmdline: wmic CPU get ProcessorId MD5: FD902835DEAEF4091799287736F3A028)
      • WMIC.exe (PID: 2344 cmdline: wmic bios get serialnumber MD5: FD902835DEAEF4091799287736F3A028)
      • WMIC.exe (PID: 316 cmdline: wmic csproduct get name MD5: FD902835DEAEF4091799287736F3A028)
      • WMIC.exe (PID: 2496 cmdline: wmic csproduct get UUID MD5: FD902835DEAEF4091799287736F3A028)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000A.00000002.1107491922.00000000D7403000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AdWind_2Yara detected AdWind RATJoe Security
    00000003.00000002.1046522557.00000000D747C000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AdWind_2Yara detected AdWind RATJoe Security
      0000000A.00000002.1108130731.00000000D7479000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AdWind_2Yara detected AdWind RATJoe Security
        00000003.00000002.1045659100.00000000D7407000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AdWind_2Yara detected AdWind RATJoe Security
          Process Memory Space: javaw.exe PID: 1952JoeSecurity_AdWind_2Yara detected AdWind RATJoe Security
            Click to see the 1 entries

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.docReversingLabs: Detection: 26%
            Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.docVirustotal: Detection: 17%Perma Link
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

            Software Vulnerabilities

            barindex
            Document exploit detected (creates forbidden files)
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\a0v2H8.jarJump to behavior
            Document exploit detected (process start blacklist hit)
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeCode function: 5x nop then dec eax
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeCode function: 5x nop then dec eax
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/
            Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/3
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/;
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/allow-java-encodings
            Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/allow-java-encodings9
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/continue-after-fatal-error
            Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/continue-after-fatal-error=
            Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/create-cdata-nodes
            Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/create-cdata-nodes:
            Source: javaw.exe, 00000003.00000002.1007607362.000000005912A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961135410.0000000059112000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967577855.000000005911F000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1018446449.00000000591B3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1014550524.00000000591AB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1008158290.0000000059149000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.991312019.00000000590C9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1063932993.00000000591BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/disallow-doctype-decl
            Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/disallow-doctype-decl#
            Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/create-entity-ref-nodes
            Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/create-entity-ref-nodes?
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansion
            Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansion3
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansion9
            Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/include-ignorable-whitespace
            Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/include-ignorable-whitespace/
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations
            Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations9
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocations
            Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocations;
            Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/include-comments
            Source: javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/include-comments0
            Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/include-commentsc
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/parser-settings
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/parser-settings7
            Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/parser-settingss8q
            Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicates
            Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicatesO
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicatesY
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only/
            Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/namespace-growth
            Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/namespace-growthK
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd
            Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd:
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-builtin-refs
            Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-builtin-refs7
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs3
            Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refsC
            Source: javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/standard-uri-conformant
            Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/standard-uri-conformantK
            Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/standard-uri-conformanter2
            Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validate-annotations
            Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validate-annotationss
            Source: javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-trees
            Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-treesK
            Source: javaw.exe, 00000003.00000003.962091806.0000000059B79000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.966769903.0000000059B80000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.956399008.0000000059B48000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008163731.0000000059B80000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1018446449.00000000591B3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1014550524.00000000591AB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1008158290.0000000059149000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.991312019.00000000590C9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1063932993.00000000591BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-treesdSkip
            Source: javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/dynamic
            Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/dynamicK
            Source: javaw.exe, 00000003.00000003.962091806.0000000059B79000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.966769903.0000000059B80000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.956399008.0000000059B48000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008163731.0000000059B80000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1018446449.00000000591B3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1014550524.00000000591AB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1008158290.0000000059149000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.991312019.00000000590C9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1063932993.00000000591BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/dynamictURI
            Source: javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking
            Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking=
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema-full-checkingP
            Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/augment-psvi
            Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/augment-psviK
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/augment-psvic
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/element-default
            Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/element-defaultA
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-value
            Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-valueB
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdef
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdefD
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdef
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdef:
            Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdefs
            Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/warn-on-duplicate-entitydef
            Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-uris
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-uris6
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-language
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-language;
            Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-languageS
            Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude1
            Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xincludec
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/
            Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/D
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/dom/current-element-node
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/dom/current-element-node9
            Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/dom/document-class-name
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/dom/document-class-name$
            Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/input-buffer-size
            Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/input-buffer-sizeternal
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factory
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factory:
            Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factoryK
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/document-scanner
            Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/document-scanner7
            Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/document-scannerk
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor5
            Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor;
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner8
            Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-manager
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-manager8
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver
            Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver1
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver7
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-handler
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-handler6
            Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-reporter
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-reporter:
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/grammar-pool
            Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/grammar-pool#4p
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/grammar-pool6
            Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-binder
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-context
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-context:
            Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-contextV
            Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-contextV:
            Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-contextk5p
            Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolver
            Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolvere;)V
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/symbol-table
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/symbol-tableQ
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation-manager
            Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation-managerF
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory7
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/dtd
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/dtd:
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/schema
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/xinclude-handler
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/xinclude-handler9
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/locale
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/localeJ
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation
            Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation;
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocation
            Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocation(
            Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/security-manager
            Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/security-manager8
            Source: javaw.exe, 00000003.00000002.1048181873.00000000D7576000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymousTypes
            Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymousTypesnEvent
            Source: javaw.exe, 00000003.00000002.1048681741.00000000D7615000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1010127537.00000000D5580000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1067403383.00000000D5580000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bugreport.sun.com/bugreport/
            Source: javaw.exe, 00000003.00000003.962713926.0000000059BA0000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964855770.0000000059A6F000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962091806.0000000059B79000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1048874613.00000000D763A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.966236710.0000000059A76000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008117482.0000000059A95000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1046320748.00000000D745E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1046522557.00000000D747C000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.966642599.0000000059A95000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.958316594.0000000059A6F000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.956399008.0000000059B48000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1115594736.00000000D7648000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1006410957.000000005984C000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1107668636.00000000D7424000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ipinfo.io/
            Source: javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ipinfo.io/&
            Source: javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ipinfo.io/ip
            Source: javaw.exe, 00000003.00000003.958316594.0000000059A6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ipinfo.io/ipX
            Source: javaw.exe, 00000003.00000002.1048681741.00000000D7615000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1010127537.00000000D5580000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.oracle.com/
            Source: javaw.exe, 0000000A.00000002.1067403383.00000000D5580000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.oracle.com/sha
            Source: javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1048641447.00000000D7608000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1109407547.00000000D755D000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1107668636.00000000D7424000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1109311234.00000000D7549000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/dtd/properties.dtd
            Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/dtd/properties.dtd3
            Source: javaw.exe, 00000003.00000002.1048181873.00000000D7576000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/dom/properties/
            Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/dom/properties/(
            Source: javaw.exe, 00000003.00000003.966821739.0000000059CA4000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1048041021.00000000D7561000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967357824.0000000059CA4000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008328551.0000000059CA4000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1109407547.00000000D755D000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1065071207.0000000059885000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1006601184.000000005986D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/dom/properties/ancestor-check
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/
            Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguage
            Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguage4
            Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguagec
            Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaSource
            Source: javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaSource7
            Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/
            Source: javaw.exe, 00000003.00000002.1048181873.00000000D7576000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/k
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace0
            Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace;
            Source: javaw.exe, 00000003.00000002.1048181873.00000000D7576000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/
            Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtdV
            Source: javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/reader-in-defined-state
            Source: javaw.exe, 00000003.00000002.1048181873.00000000D7576000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/reader-in-defined-state#
            Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/reader-in-defined-stateeFromDO
            Source: javaw.exe, 00000003.00000002.1007607362.000000005912A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961135410.0000000059112000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967577855.000000005911F000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1018446449.00000000591B3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1014550524.00000000591AB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1008158290.0000000059149000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.991312019.00000000590C9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1063932993.00000000591BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/report-cdata-event
            Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/feature/secure-processing
            Source: javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/
            Source: javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTD
            Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTD;
            Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTDs
            Source: javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchema
            Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchemaD
            Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchemas3p
            Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/e3
            Source: javaw.exe, 00000003.00000002.1048181873.00000000D7576000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/sRv
            Source: javaw.exe, 00000003.00000002.1046522557.00000000D747C000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
            Source: javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/feature/use-service-mechanism
            Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/feature/use-service-mechanismjectI
            Source: javaw.exe, 00000003.00000002.1048181873.00000000D7576000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/feature/use-service-mechanismkTv
            Source: javaw.exe, 00000003.00000002.1048181873.00000000D7576000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/
            Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/elementAttributeLimit
            Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit
            Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityExpansionLimithe/xerces/
            Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityReplacementLimit
            Source: javaw.exe, 00000003.00000002.1048181873.00000000D7576000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/getEntityCountInfo
            Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/java/io/Object
            Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxElementDepth
            Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxElementDepths
            Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxGeneralEntitySizeLimit
            Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxGeneralEntitySizeLimitc3r
            Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxOccurLimit
            Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimit
            Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxXMLNameLimit
            Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/totalEntitySizeLimit
            Source: javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/xmlSecurityPropertyManager
            Source: javaw.exe, 00000003.00000002.1048181873.00000000D7576000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTD
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTD=
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-general-entities
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-general-entities7
            Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-general-entitiesS
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-parameter-entities
            Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespaces
            Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespaces&
            Source: javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/tream$PutFie
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/use-entity-resolver2
            Source: javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/validation
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/
            Source: javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/(
            Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/C
            Source: javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/xml-string
            Source: javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/xml-string;
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D9320A51-5E17-41AC-AA14-257027C1CCDA}.tmpJump to behavior

            System Summary

            barindex
            Document contains OLE streams which likely are hidden ActiveX objects
            Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.docStream path '\x1Ole10Native' : ....a0v2H8.jar.C:\Users\MICROSOFT\AppData\Local\Mi
            Source: ~WRF{D598F5A9-41E1-44C7-8D38-8B82E1D2FAA1}.tmp.0.drStream path '_1724495465/\x1Ole10Native' : ....a0v2H8.jar.C:\Users\MICROSOFT\AppData\Local\Mi
            Source: ~WRF{D598F5A9-41E1-44C7-8D38-8B82E1D2FAA1}.tmp.0.drStream path '_1724495487/\x1Ole10Native' : 4....a0v2H8.jar.C:\Users\MICROSOFT\AppData\Local\M
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeCode function: 3_2_029336A1
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeCode function: 3_2_029344C9
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeCode function: 3_2_02A0AB3C
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeCode function: 3_2_02A0A6B7
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeCode function: 3_2_02A0AFC3
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeCode function: 3_2_02A0B481
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeCode function: 10_2_029036A1
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeCode function: 10_2_029044C9
            Source: ~WRF{D598F5A9-41E1-44C7-8D38-8B82E1D2FAA1}.tmp.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeProcess Stats: CPU usage > 98%
            Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.docReversingLabs: Detection: 26%
            Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.docVirustotal: Detection: 17%
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
            Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe "C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\a0v2H8.jar"
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic CPU get ProcessorId
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get serialnumber
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get name
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe "C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\a0v2H8.jar"
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get UUID
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic CPU get ProcessorId
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get serialnumber
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get name
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get UUID
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe "C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\a0v2H8.jar"
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe "C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\a0v2H8.jar"
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic CPU get ProcessorId
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get serialnumber
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get name
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get UUID
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic CPU get ProcessorId
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get serialnumber
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get name
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get UUID
            Source: C:\Windows\System32\wbem\WMIC.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
            Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.LNK.0.drLNK file: ..\..\..\..\..\Desktop\12-09-2022 S#U0130PAR#U0130#U015e.docx.doc
            Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.docOLE indicator, Word Document stream: true
            Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - SELECT ProcessorId FROM WIN32_PROCESSOR
            Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - SELECT ProcessorId FROM WIN32_PROCESSOR
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\Desktop\~$-09-2022 S#U0130PAR#U0130#U015e.docx.docJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\CVR4FF3.tmpJump to behavior
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeSection loaded: C:\Program Files\Java\jre1.8.0_121\bin\server\jvm.dll
            Source: classification engineClassification label: mal80.troj.expl.evad.winDOC@21/13@0/0
            Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.docOLE document summary: title field not present or empty
            Source: ~WRF{D598F5A9-41E1-44C7-8D38-8B82E1D2FAA1}.tmp.0.drOLE document summary: title field not present or empty
            Source: ~WRF{D598F5A9-41E1-44C7-8D38-8B82E1D2FAA1}.tmp.0.drOLE document summary: author field not present or empty
            Source: ~WRF{D598F5A9-41E1-44C7-8D38-8B82E1D2FAA1}.tmp.0.drOLE document summary: edited time not present or 0
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.docInitial sample: OLE zip file path = word/media/image3.emf
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll
            Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.docInitial sample: OLE indicators vbamacros = False
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
            Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.docStream path '\x1Ole10Native' entropy: 7.99740193304 (max. 8.0)
            Source: ~WRF{D598F5A9-41E1-44C7-8D38-8B82E1D2FAA1}.tmp.0.drStream path '_1724495465/\x1Ole10Native' entropy: 7.99740193304 (max. 8.0)
            Source: ~WRF{D598F5A9-41E1-44C7-8D38-8B82E1D2FAA1}.tmp.0.drStream path '_1724495487/\x1Ole10Native' entropy: 7.9976081212 (max. 8.0)

            Malware Analysis System Evasion

            barindex
            Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
            Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - SELECT SerialNumber FROM Win32_BIOS
            Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - SELECT SerialNumber FROM Win32_BIOS
            Source: C:\Windows\System32\wbem\WMIC.exe TID: 1832Thread sleep time: -240000s >= -30000s
            Source: C:\Windows\System32\wbem\WMIC.exe TID: 2448Thread sleep time: -300000s >= -30000s
            Source: C:\Windows\System32\wbem\WMIC.exe TID: 1696Thread sleep time: -180000s >= -30000s
            Source: C:\Windows\System32\wbem\WMIC.exe TID: 2960Thread sleep time: -240000s >= -30000s
            Source: C:\Windows\System32\wbem\WMIC.exe TID: 2420Thread sleep time: -240000s >= -30000s
            Source: C:\Windows\System32\wbem\WMIC.exe TID: 2156Thread sleep time: -240000s >= -30000s
            Source: C:\Windows\System32\wbem\WMIC.exe TID: 1516Thread sleep time: -180000s >= -30000s
            Source: C:\Windows\System32\wbem\WMIC.exe TID: 2324Thread sleep time: -240000s >= -30000s
            Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - SELECT ProcessorId FROM WIN32_PROCESSOR
            Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - SELECT ProcessorId FROM WIN32_PROCESSOR
            Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - SELECT Name FROM Win32_ComputerSystemProduct
            Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - SELECT UUID FROM Win32_ComputerSystemProduct
            Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - SELECT Name FROM Win32_ComputerSystemProduct
            Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - SELECT UUID FROM Win32_ComputerSystemProduct
            Source: javaw.exe, 0000000A.00000002.1068786516.00000000D56B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware Virtual Platform
            Source: WMIC.exe, 00000008.00000002.975345271.00000000004B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <COMMAND SEQUENCENUM="1" ISSUEDFROM="936905" STARTTIME="09-12-2022T13:45:50" EVERYCOUNT="0"><REQUEST><COMMANDLINE> csproduct get name</COMMANDLINE><COMMANDLINECOMPONENTS><NODELIST><NODE>936905</NODE></NODELIST></COMMANDLINECOMPONENTS><CONTEXT><NAMESPACE>root\cimv2</NAMESPACE><ROLE>root\cli</ROLE><IMPLEVEL>IMPERSONATE</IMPLEVEL><AUTHLEVEL>PKTPRIVACY</AUTHLEVEL><LOCALE>ms_409</LOCALE><PRIVILEGES>ENABLE</PRIVILEGES><TRACE>OFF</TRACE><RECORD>N/A</RECORD><INTERACTIVE>OFF</INTERACTIVE><FAILFAST>OFF</FAILFAST><OUTPUT>STDOUT</OUTPUT><APPEND>STDOUT</APPEND><USER>N/A</USER><AGGREGATE>ON</AGGREGATE></CONTEXT></REQUEST><RESULTS NODE="936905"><CIM><INSTANCE CLASSNAME="Win32_ComputerSystemProduct"><PROPERTY NAME="Name" TYPE="string"><VALUE>VMware Virtual Platform</VALUE></PROPERTY></INSTANCE></CIM></RESULTS></COMMAND>[
            Source: WMIC.exe, 00000008.00000003.973097257.00000000004B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <COMMAND SEQUENCENUM="1" ISSUEDFROM="936905" STARTTIME="09-12-2022T13:45:50" EVERYCOUNT="0"><REQUEST><COMMANDLINE> csproduct get name</COMMANDLINE><COMMANDLINECOMPONENTS><NODELIST><NODE>936905</NODE></NODELIST></COMMANDLINECOMPONENTS><CONTEXT><NAMESPACE>root\cimv2</NAMESPACE><ROLE>root\cli</ROLE><IMPLEVEL>IMPERSONATE</IMPLEVEL><AUTHLEVEL>PKTPRIVACY</AUTHLEVEL><LOCALE>ms_409</LOCALE><PRIVILEGES>ENABLE</PRIVILEGES><TRACE>OFF</TRACE><RECORD>N/A</RECORD><INTERACTIVE>OFF</INTERACTIVE><FAILFAST>OFF</FAILFAST><OUTPUT>STDOUT</OUTPUT><APPEND>STDOUT</APPEND><USER>N/A</USER><AGGREGATE>ON</AGGREGATE></CONTEXT></REQUEST><RESULTS NODE="936905"><CIM><INSTANCE CLASSNAME="Win32_ComputerSystemProduct"><PROPERTY NAME="Name" TYPE="string"><VALUE>VMware Virtual Platform</VALUE></PROPERTY></INSTANCE></CIM></RESULTS>
            Source: WMIC.exe, 00000008.00000003.973024787.000000000047F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .VMware Virtual Platform\\
            Source: javaw.exe, 0000000A.00000002.1068786516.00000000D56B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware Virtual Platform
            Source: javaw.exe, 00000003.00000002.984671724.00000000022E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [Ljava/lang/VirtualMachineError;
            Source: javaw.exe, 00000003.00000002.1011501630.00000000D56B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: PVMware Virtual Platform
            Source: javaw.exe, 0000000A.00000003.973327945.00000000575B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: org/omg/CORBA/OMGVMCID.classPK
            Source: WMIC.exe, 00000008.00000002.975345271.00000000004B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rMMAND SEQUENCENUM="1" ISSUEDFROM="936905" STARTTIME="09-12-2022T13:45:50" EVERYCOUNT="0"><REQUEST><COMMANDLINE> csproduct get name</COMMANDLINE><COMMANDLINECOMPONENTS><NODELIST><NODE>936905</NODE></NODELIST></COMMANDLINECOMPONENTS><CONTEXT><NAMESPACE>root\cimv2</NAMESPACE><ROLE>root\cli</ROLE><IMPLEVEL>IMPERSONATE</IMPLEVEL><AUTHLEVEL>PKTPRIVACY</AUTHLEVEL><LOCALE>ms_409</LOCALE><PRIVILEGES>ENABLE</PRIVILEGES><TRACE>OFF</TRACE><RECORD>N/A</RECORD><INTERACTIVE>OFF</INTERACTIVE><FAILFAST>OFF</FAILFAST><OUTPUT>STDOUT</OUTPUT><APPEND>STDOUT</APPEND><USER>N/A</USER><AGGREGATE>ON</AGGREGATE></CONTEXT></REQUEST><RESULTS NODE="936905"><CIM><INSTANCE CLASSNAME="Win32_ComputerSystemProduct"><PROPERTY NAME="Name" TYPE="string"><VALUE>VMware Virtual Platform</VALUE></PROPERTY></INSTANCE></CIM></RESULTS></COMMAND>
            Source: javaw.exe, 00000003.00000003.943495510.0000000057640000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: java/lang/VirtualMachineError.classPK
            Source: WMIC.exe, 00000008.00000002.975193932.0000000000494000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C.VMware Virtual Platform
            Source: WMIC.exe, 00000008.00000002.975345271.00000000004B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <RESULTS NODE="936905"><CIM><INSTANCE CLASSNAME="Win32_ComputerSystemProduct"><PROPERTY NAME="Name" TYPE="string"><VALUE>VMware Virtual Platform</VALUE></PROPERTY></INSTANCE></CIM></RESULTS>
            Source: WMIC.exe, 00000008.00000003.973097257.00000000004B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HULTS NODE="936905"><CIM><INSTANCE CLASSNAME="Win32_ComputerSystemProduct"><PROPERTY NAME="Name" TYPE="string"><VALUE>VMware Virtual Platform</VALUE></PROPERTY></INSTANCE></CIM>
            Source: WMIC.exe, 00000008.00000003.973024787.000000000047F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_ComputerSystemProductVMware Virtual Platform.22
            Source: WMIC.exe, 00000008.00000002.974919623.000000000047F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <RESULTS NODE="936905"><CIM><INSTANCE CLASSNAME="Win32_ComputerSystemProduct"><PROPERTY NAME="Name" TYPE="string"><VALUE>VMware Virtual Platform</VALUE></PROPERTY></INSTANCE></CIM></RESULTS>oot\cli</ROLE><IMPLEVEL>IMPERSONATE</IMPLEVEL><AUTHLEVEL>PKTPRIVACY</AUTHLEVEL><LOCALE>ms_409</LOCALE><PRIVILEGES>ENABLE</PRIVILEGES><TRACE>OFF</TRACE><RECORD>N/A</RECORD><INTERACTIVE>OFF</INTERACTIVE><FAILFAST>OFF</FAILFAST><OUTPUT>STDOUT</OUTPUT><APPEND>STDOUT</APPEND><USER>N/A</USER><AGGREGATE>ON</AGGREGATE></CONTEXT>
            Source: javaw.exe, 0000000A.00000003.973327945.00000000575B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: com/sun/corba/se/impl/util/SUNVMCID.classPK
            Source: javaw.exe, 00000003.00000002.984671724.00000000022E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: java/lang/VirtualMachineError
            Source: WMIC.exe, 00000008.00000003.973024787.000000000047F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 6VMware Virtual Platform
            Source: javaw.exe, 0000000A.00000003.973327945.00000000575B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %com/sun/corba/se/impl/util/SUNVMCID.classPK
            Source: WMIC.exe, 00000008.00000002.975193932.0000000000494000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: /.VMware Virtual Platform
            Source: WMIC.exe, 00000008.00000003.973097257.00000000004B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <COMMAND SEQUENCENUM="1" ISSUEDFROM="936905" STARTTIME="09-12-2022T13:45:50" EVERYCOUNT="0"><REQUEST><COMMANDLINE> csproduct get name</COMMANDLINE><COMMANDLINECOMPONENTS><NODELIST><NODE>936905</NODE></NODELIST></COMMANDLINECOMPONENTS><CONTEXT><NAMESPACE>root\cimv2</NAMESPACE><ROLE>root\cli</ROLE><IMPLEVEL>IMPERSONATE</IMPLEVEL><AUTHLEVEL>PKTPRIVACY</AUTHLEVEL><LOCALE>ms_409</LOCALE><PRIVILEGES>ENABLE</PRIVILEGES><TRACE>OFF</TRACE><RECORD>N/A</RECORD><INTERACTIVE>OFF</INTERACTIVE><FAILFAST>OFF</FAILFAST><OUTPUT>STDOUT</OUTPUT><APPEND>STDOUT</APPEND><USER>N/A</USER><AGGREGATE>ON</AGGREGATE></CONTEXT></REQUEST><RESULTS NODE="936905"><CIM><INSTANCE CLASSNAME="Win32_ComputerSystemProduct"><PROPERTY NAME="Name" TYPE="string"><VALUE>VMware Virtual Platform</VALUE></PROPERTY></INSTANCE></CIM></RESULTS></COMMAND>
            Source: javaw.exe, 0000000A.00000002.1068786516.00000000D56B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: #VMware Virtual Platform#
            Source: WMIC.exe, 00000008.00000002.975345271.00000000004B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <CIM><INSTANCE CLASSNAME="Win32_ComputerSystemProduct"><PROPERTY NAME="Name" TYPE="string"><VALUE>VMware Virtual Platform</VALUE></PROPERTY></INSTANCE></CIM>ystem32\cmo
            Source: WMIC.exe, 00000008.00000002.975345271.00000000004B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <COMMAND SEQUENCENUM="1" ISSUEDFROM="936905" STARTTIME="09-12-2022T13:45:50" EVERYCOUNT="0"><REQUEST><COMMANDLINE> csproduct get name</COMMANDLINE><COMMANDLINECOMPONENTS><NODELIST><NODE>936905</NODE></NODELIST></COMMANDLINECOMPONENTS><CONTEXT><NAMESPACE>root\cimv2</NAMESPACE><ROLE>root\cli</ROLE><IMPLEVEL>IMPERSONATE</IMPLEVEL><AUTHLEVEL>PKTPRIVACY</AUTHLEVEL><LOCALE>ms_409</LOCALE><PRIVILEGES>ENABLE</PRIVILEGES><TRACE>OFF</TRACE><RECORD>N/A</RECORD><INTERACTIVE>OFF</INTERACTIVE><FAILFAST>OFF</FAILFAST><OUTPUT>STDOUT</OUTPUT><APPEND>STDOUT</APPEND><USER>N/A</USER><AGGREGATE>ON</AGGREGATE></CONTEXT></REQUEST><RESULTS NODE="936905"><CIM><INSTANCE CLASSNAME="Win32_ComputerSystemProduct"><PROPERTY NAME="Name" TYPE="string"><VALUE>VMware Virtual Platform</VALUE></PROPERTY></INSTANCE></CIM></RESULTS>h
            Source: WMIC.exe, 00000008.00000002.975345271.00000000004B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CULTS NODE="936905"><CIM><INSTANCE CLASSNAME="Win32_ComputerSystemProduct"><PROPERTY NAME="Name" TYPE="string"><VALUE>VMware Virtual Platform</VALUE></PROPERTY></INSTANCE></CIM>
            Source: WMIC.exe, 00000008.00000003.973024787.000000000047F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .VMware Virtual Platform
            Source: WMIC.exe, 00000008.00000003.973216204.000000000047F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <RESULTS NODE="936905"><CIM><INSTANCE CLASSNAME="Win32_ComputerSystemProduct"><PROPERTY NAME="Name" TYPE="string"><VALUE>VMware Virtual Platform</VALUE></PROPERTY></INSTANCE></CIM></RESULTS>oot\cli</ROLE><IMPLEVEL>IMPERSONATE</IMPLEVEL><AUTHLEVEL>PKTPRIVACY</AUTHLEVEL><LOCALE>ms_409</LOCALE><PRIVILEGES>ENABLE</PRIVILEGES><TRACE>OFF</TRACE><RECORD>N/A</RECORD><INTERACTIVE>OFF</INTERACTIVE><FAILFAST>OFF</FAILFAST><OUTPUT>STDOUT</OUTPUT><APPEND>STDOUT</APPEND><USER>N/A</USER><AGGREGATE>ON</AGGREGATE></CONTEXT>j
            Source: WMIC.exe, 00000008.00000003.974219765.000000000240B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_ComputerSystemProductVMware Virtual Platformk
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeMemory protected: page read and write | page guard
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic CPU get ProcessorId
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get serialnumber
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get name
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get UUID
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic CPU get ProcessorId
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get serialnumber
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get name
            Source: C:\Program Files\Java\jre1.8.0_121\bin\javaw.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get UUID
            Source: C:\Windows\System32\wbem\WMIC.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

            Stealing of Sensitive Information

            barindex
            Yara detected AdWind RAT
            Source: Yara matchFile source: 0000000A.00000002.1107491922.00000000D7403000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1046522557.00000000D747C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.1108130731.00000000D7479000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1045659100.00000000D7407000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: javaw.exe PID: 1952, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: javaw.exe PID: 1316, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected AdWind RAT
            Source: Yara matchFile source: 0000000A.00000002.1107491922.00000000D7403000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1046522557.00000000D747C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.1108130731.00000000D7479000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1045659100.00000000D7407000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: javaw.exe PID: 1952, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: javaw.exe PID: 1316, type: MEMORYSTR

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid Accounts121
            Windows Management Instrumentation            		Path Interception11
            Process Injection            		1
            Masquerading            		OS Credential Dumping21
            Security Software Discovery            		Remote Services1
            Archive Collected Data            		Exfiltration Over Other Network Medium1
            Encrypted Channel            		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
            Default Accounts2
            Exploitation for Client Execution            		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts3
            Virtualization/Sandbox Evasion            		LSASS Memory3
            Virtualization/Sandbox Evasion            		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
            Ingress Tool Transfer            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
            Disable or Modify Tools            		Security Account Manager1
            File and Directory Discovery            		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)11
            Process Injection            		NTDS114
            System Information Discovery            		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script11
            Obfuscated Files or Information            		LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 signatures2 2 Behavior Graph ID: 701320 Sample: 12-09-2022 S#U0130PAR#U0130... Startdate: 12/09/2022 Architecture: WINDOWS Score: 80 34 Document contains OLE streams which likely are hidden ActiveX objects 2->34 36 Multi AV Scanner detection for submitted file 2->36 38 Yara detected AdWind RAT 2->38 40 Document exploit detected (process start blacklist hit) 2->40 7 WINWORD.EXE 310 42 2->7         started        process3 file4 32 C:\Users\user\AppData\Local\Temp\a0v2H8.jar, Zip 7->32 dropped 42 Document exploit detected (creates forbidden files) 7->42 11 javaw.exe 2 7->11         started        13 javaw.exe 2 7->13         started        signatures5 process6 process7 15 WMIC.exe 11->15         started        18 WMIC.exe 11->18         started        20 WMIC.exe 11->20         started        22 WMIC.exe 11->22         started        24 WMIC.exe 13->24         started        26 WMIC.exe 13->26         started        28 WMIC.exe 13->28         started        30 WMIC.exe 13->30         started        signatures8 44 Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) 15->44

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            12-09-2022 S#U0130PAR#U0130#U015e.docx.doc27%ReversingLabsByteCode-JAVA.Downloader.BanLoad
            12-09-2022 S#U0130PAR#U0130#U015e.docx.doc17%VirustotalBrowse

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://java.sun.com/xml/dom/properties/(0%URL Reputationsafe
            http://java.sun.com/xml/dom/properties/(0%URL Reputationsafe
            http://java.sun.com/xml/schema/features/0%URL Reputationsafe
            http://java.sun.com/xml/dom/properties/0%URL Reputationsafe
            http://javax.xml.XMLConstants/feature/secure-processing0%URL Reputationsafe
            http://javax.xml.XMLConstants/property/accessExternalSchema0%URL Reputationsafe
            http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace00%URL Reputationsafe
            http://java.sun.com/xml/stream/properties/report-cdata-event0%URL Reputationsafe
            http://bugreport.sun.com/bugreport/0%URL Reputationsafe
            http://bugreport.sun.com/bugreport/0%URL Reputationsafe
            http://java.sun.com/dtd/properties.dtd0%URL Reputationsafe
            http://javax.xml.XMLConstants/property/accessExternalDTD;0%URL Reputationsafe
            http://java.sun.com/xml/dom/properties/ancestor-check0%URL Reputationsafe
            http://java.sun.com/xml/stream/properties/0%URL Reputationsafe
            http://javax.xml.XMLConstants/property/accessExternalSchemas3p0%Avira URL Cloudsafe
            http://java.sun.com/xml/stream/properties/ignore-external-dtdV0%Avira URL Cloudsafe
            http://javax.xml.XMLConstants/property/accessExternalDTDs0%Avira URL Cloudsafe
            http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace;0%Avira URL Cloudsafe
            http://java.sun.com/dtd/properties.dtd30%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            No contacted domains info

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://javax.xml.XMLConstants/property/accessExternalSchemas3pjavaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://apache.org/xml/features/dom/create-entity-ref-nodesjavaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              http://java.sun.com/xml/dom/properties/(javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              • URL Reputation: safe
              		unknown
              http://apache.org/xml/features/validation/dynamicjavaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                http://apache.org/xml/features/validation/schema/augment-psvijavaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  http://java.sun.com/xml/schema/features/javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://xml.org/sax/features/tream$PutFiejavaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    http://apache.org/xml/properties/internal/validator/dtdjavaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://apache.org/xml/properties/input-buffer-sizejavaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://apache.org/xml/properties/internal/datatype-validator-factoryjavaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://apache.org/xml/properties/internal/validator/schemajavaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://apache.org/xml/features/internal/parser-settingss8qjavaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://apache.org/xml/features/internal/tolerate-duplicatesOjavaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://apache.org/xml/features/validate-annotationsjavaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://apache.org/xml/features/standard-uri-conformantKjavaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://apache.org/xml/properties/schema/external-schemaLocation(javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://java.oracle.com/shajavaw.exe, 0000000A.00000002.1067403383.00000000D5580000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://apache.org/xml/properties/internal/namespace-contextVjavaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://apache.org/xml/properties/internal/entity-managerjavaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://apache.org/xml/features/dom/create-entity-ref-nodes?javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://apache.org/xml/properties/internal/dtd-processorjavaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://apache.org/xml/features/namespace-growthjavaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://apache.org/xml/properties/dom/document-class-name$javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://apache.org/xml/properties/internal/symbol-tableQjavaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://apache.org/xml/features/internal/parser-settingsjavaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://apache.org/xml/features/dom/include-ignorable-whitespacejavaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://apache.org/xml/properties/internal/document-scanner7javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://xml.org/sax/features/allow-dtd-events-after-endDTD=javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://apache.org/xml/features/create-cdata-nodesjavaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://java.sun.com/xml/dom/properties/javaw.exe, 00000003.00000002.1048181873.00000000D7576000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://apache.org/xml/properties/internal/document-scannerkjavaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://javax.xml.XMLConstants/property/accessExternalDTDsjavaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://apache.org/xml/properties/internal/stax-entity-resolverjavaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://apache.org/xml/features/scanner/notify-char-refs3javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://apache.org/xml/features/3javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://apache.org/xml/features/xinclude/fixup-base-uris6javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://javax.xml.XMLConstants/feature/secure-processingjavaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://apache.org/xml/features/xinclude/fixup-base-urisjavaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://apache.org/xml/properties/internal/grammar-pool6javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocationjavaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://apache.org/xml/properties/internal/error-reporterjavaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://apache.org/xml/properties/internal/namespace-contextjavaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://apache.org/xml/features/warn-on-duplicate-entitydefjavaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://apache.org/xml/features/;javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://ipinfo.io/javaw.exe, 00000003.00000003.962713926.0000000059BA0000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964855770.0000000059A6F000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962091806.0000000059B79000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1048874613.00000000D763A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.966236710.0000000059A76000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008117482.0000000059A95000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1046320748.00000000D745E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1046522557.00000000D747C000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.966642599.0000000059A95000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.958316594.0000000059A6F000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.956399008.0000000059B48000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1115594736.00000000D7648000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1006410957.000000005984C000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1107668636.00000000D7424000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://java.sun.com/dtd/properties.dtd3javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://apache.org/xml/features/scanner/notify-char-refsCjavaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://javax.xml.XMLConstants/property/accessExternalSchemajavaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace;javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://xml.org/sax/properties/(javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://apache.org/xml/features/include-commentsjavaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://apache.org/xml/features/scanner/notify-char-refsjavaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://apache.org/xml/features/internal/tolerate-duplicatesYjavaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://apache.org/xml/properties/dom/current-element-node9javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace0javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      http://java.sun.com/xml/stream/properties/report-cdata-eventjavaw.exe, 00000003.00000002.1007607362.000000005912A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961135410.0000000059112000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967577855.000000005911F000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1018446449.00000000591B3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1014550524.00000000591AB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1008158290.0000000059149000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.991312019.00000000590C9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1063932993.00000000591BA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      http://apache.org/xml/features/nonvalidating/load-external-dtd:javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://apache.org/xml/features/validation/schema/normalized-valueBjavaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://apache.org/xml/features/continue-after-fatal-errorjavaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://apache.org/xml/features/standard-uri-conformantjavaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://apache.org/xml/properties/internal/document-scannerjavaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://apache.org/xml/properties/internal/validation/schema/dv-factory7javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://xml.org/sax/features/use-entity-resolver2javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://bugreport.sun.com/bugreport/javaw.exe, 00000003.00000002.1048681741.00000000D7615000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1010127537.00000000D5580000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1067403383.00000000D5580000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://apache.org/xml/properties/internal/entity-resolverjavaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://java.oracle.com/javaw.exe, 00000003.00000002.1048681741.00000000D7615000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1010127537.00000000D5580000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://xml.org/sax/properties/Cjavaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://apache.org/xml/features/javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://apache.org/xml/features/generate-synthetic-annotationsjavaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://apache.org/xml/features/standard-uri-conformanter2javaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://java.sun.com/dtd/properties.dtdjavaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1048641447.00000000D7608000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1109407547.00000000D755D000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1107668636.00000000D7424000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1109311234.00000000D7549000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                http://xml.org/sax/features/allow-dtd-events-after-endDTDjavaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://apache.org/xml/features/validation/balance-syntax-treesjavaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://java.sun.com/xml/stream/properties/ignore-external-dtdVjavaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1009441017.0000000059731000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1002287620.00000000596C2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064752540.0000000059731000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    http://apache.org/xml/features/include-comments0javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-onlyjavaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation;javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://apache.org/xml/features/validation/balance-syntax-treesKjavaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://apache.org/xml/properties/internal/namespace-binderjavaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://javax.xml.XMLConstants/property/accessExternalDTD;javaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              		unknown
                                                                                                                                              http://ipinfo.io/ipXjavaw.exe, 00000003.00000003.958316594.0000000059A6F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://apache.org/xml/features/validation/schema/augment-psviKjavaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://apache.org/xml/properties/internal/namespace-contextk5pjavaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://xml.org/sax/features/validationjavaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://apache.org/xml/features/scanner/notify-builtin-refs7javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://apache.org/xml/properties/internal/namespace-context:javaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://apache.org/xml/properties/internal/xinclude-handlerjavaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://apache.org/xml/properties/security-managerjavaw.exe, 00000003.00000003.967137901.0000000058DE3000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.961343704.0000000058DB2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.963476262.0000000058DD5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1006841983.0000000058DEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962280568.0000000058DCE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.965067072.0000000058DDC000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.989124167.00000000591DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://apache.org/xml/features/validation/schema/augment-psvicjavaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://java.sun.com/xml/dom/properties/ancestor-checkjavaw.exe, 00000003.00000003.966821739.0000000059CA4000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1048041021.00000000D7561000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967357824.0000000059CA4000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008328551.0000000059CA4000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1109407547.00000000D755D000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1065071207.0000000059885000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.1006601184.000000005986D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                • URL Reputation: safe
                                                                                                                                                                		unknown
                                                                                                                                                                http://apache.org/xml/features/namespace-growthKjavaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://java.sun.com/xml/stream/properties/javaw.exe, 00000003.00000002.1048181873.00000000D7576000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                                  		unknown
                                                                                                                                                                  http://www.oracle.com/feature/use-service-mechanismjectIjavaw.exe, 00000003.00000003.963573067.000000005900B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.967436542.000000005901A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.962440979.0000000058FFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960930096.0000000058FC6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://apache.org/xml/features/validation/schemajavaw.exe, 0000000A.00000002.1064044169.0000000059262000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://apache.org/xml/properties/internal/dtd-scannerjavaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://apache.org/xml/features/validation/warn-on-undeclared-elemdefsjavaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://apache.org/xml/properties/schema/external-schemaLocationjavaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://xml.org/sax/features/javaw.exe, 00000003.00000002.1048181873.00000000D7576000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://apache.org/xml/properties/internal/error-handlerjavaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1047788279.00000000D7534000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1049410615.00000000D7693000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000003.987388038.0000000059ABA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000A.00000002.1116728587.00000000D76EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://apache.org/xml/features/validation/schema-full-checkingPjavaw.exe, 00000003.00000003.966664801.0000000059A11000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964657582.00000000599EA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.960812434.00000000599CA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.964787205.0000000059A0A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1008031716.0000000059A19000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high

                                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                                  No contacted IP infos

                                                                                                                                                                                  General Information

                                                                                                                                                                                  Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                                                                                                                                  Analysis ID:701320
                                                                                                                                                                                  Start date and time:2022-09-12 13:44:10 +02:00
                                                                                                                                                                                  Joe Sandbox Product:CloudBasic
                                                                                                                                                                                  Overall analysis duration:0h 7m 6s
                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                  Report type:light
                                                                                                                                                                                  Sample file name:12-09-2022 S#U0130PAR#U0130#U015e.docx.doc
                                                                                                                                                                                  Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                                                  Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                                                                                                                                  Number of analysed new started processes analysed:21
                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                  Technologies:
                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                  • HDC enabled
                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                  Classification:mal80.troj.expl.evad.winDOC@21/13@0/0
                                                                                                                                                                                  EGA Information:Failed
                                                                                                                                                                                  HDC Information:Failed
                                                                                                                                                                                  HCA Information:
                                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                                  • Number of executed functions: 0
                                                                                                                                                                                  • Number of non-executed functions: 0
                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                  • Found application associated with file extension: .doc
                                                                                                                                                                                  • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                                                  • Attach to Office via COM
                                                                                                                                                                                  • Active ActiveX Object
                                                                                                                                                                                  • Scroll down
                                                                                                                                                                                  • Close Viewer

                                                                                                                                                                                  Warnings

                                                                                                                                                                                  • Exclude process from analysis (whitelisted): dllhost.exe, conhost.exe
                                                                                                                                                                                  • Execution Graph export aborted for target javaw.exe, PID 1316 because it is empty
                                                                                                                                                                                  • Execution Graph export aborted for target javaw.exe, PID 1952 because it is empty
                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                  • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                  • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                  • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                  • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                                                                                  Simulations

                                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                                  13:45:42API Interceptor158x Sleep call for process: WMIC.exe modified

                                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                                  IPs

                                                                                                                                                                                  No context

                                                                                                                                                                                  Domains

                                                                                                                                                                                  No context

                                                                                                                                                                                  ASNs

                                                                                                                                                                                  No context

                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                  No context

                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                  No context

                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                  C:\ProgramData\Oracle\Java\.oracle_jre_usage\17dfc292991c7c05.timestamp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe
                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):51
                                                                                                                                                                                  Entropy (8bit):4.666852547556904
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:oFjQvN1SkQVy:oy1rAy
                                                                                                                                                                                  MD5:B346612A2A15D30EF8E4899093BD9C1D
                                                                                                                                                                                  SHA1:8ECA61C2A0C83684C036F5D22A002C129DF3AD2A
                                                                                                                                                                                  SHA-256:C24A7ABE525ABD5426D3782990E37ABBCF6F28AB41E64F3132A1162B8019488D
                                                                                                                                                                                  SHA-512:0ADEEEC8F52D912698DCA98D127381922959C5D02B706523C18C88C4E04668BB1A2601FC55CE427A13C29BF0BBFEAE6C07BB66E6A40FDE9C8420631CA7169E21
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:C:\Program Files\Java\jre1.8.0_121..1663015551990..

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\37821B9D.emf

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                                                  File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):5464
                                                                                                                                                                                  Entropy (8bit):0.8660964834720057
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12:YaFmecr6gSbfMqH18JM8XqVlwcb1KCu6Tj/4KCJfBoWLBzbmYXi6UgoemYJ:Ya0r6gSbfm/qVuCREkWLB+B6Ug4y
                                                                                                                                                                                  MD5:C2D8244DD18F565035212FC52D3F4E75
                                                                                                                                                                                  SHA1:8C85DDF7655242B178D77F7BEB81D2E3BEB9F35B
                                                                                                                                                                                  SHA-256:89CB85E37E9623CD2B091B539C6E1280AA39E21CF7B6B0A54F5FDA180A197B98
                                                                                                                                                                                  SHA-512:4EBA9EC61253B67231E854906AEA3DB0D37276ED9A7034661781612C5D69A41B8917ABEC40FACD9A2C6A4A3CD2220019A360B9AF6F01F52C118658C52D81324C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:....l...#.......B... ................... EMF....X.......................V.......i..................................................M...$...#.......B... ...#....... ... ..................?...........?................l...0........... ... ...(... ..."...............................................................................................................................................................................M.......#.......B... ...#....... ... ...F.f............?...........?................l...4........... ... ...(... ... ..... .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5AF0F4FA.png

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                                                  File Type:PNG image data, 706 x 366, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):68893
                                                                                                                                                                                  Entropy (8bit):7.903401375792054
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:BsvJG1S1KOhGCAZmweGEjZv9mX+DZL8mI2dEN2vT4q+b:OvJM0AZUr1v9BZQOsq+b
                                                                                                                                                                                  MD5:94C3E4696F04CB7960042417CF39FE07
                                                                                                                                                                                  SHA1:EC45840F87B3AC5812F9CE765CD398AEEB2A659C
                                                                                                                                                                                  SHA-256:A1566D12B7BEE123511040635AE34D71E23AE1F73706347EB5926A61AB72BDB7
                                                                                                                                                                                  SHA-512:8FBDE178BA6DFD021B9E43CA6ADC205F6AB8939E6FE93807C20E9FA8D808DFED1E13D4EE485A3B13932452070FABA749E83EF7795A70F1A75B26081C86C399DA
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.PNG........IHDR.......n......$~.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.....%|..K?.k...f..eU/U.......RR.D..8...N.8.$@. .. @..<..D &L...o...[..#B....e..?...a....q...v...;..~.f..........3w8s+xe.Bpbz4."8>v...M./.N.Go..^...^.q3xi.w.,.]...:.........D...T.B.~.......r.....e..0.]M8:......uF.L,('...NO..^.<.......t-x... .6..s..W......t.V/o.^...t.t}....+A....V......&n...52..z.....>.:..y}&x........sg.....#Amv/.w/.N..z.......N...P{....qk...qld..m..}^.0........c....zqix...`.....C.....>6..w.5....^;.....`...t....^.mh\nN..u..E.:^\\.....q.>...0>:..p.J..p..e.igV..t..w.......>.............Pk.Z..Z...K=..pl.r...^O....H.....[S.K.....S..S....9}..gN..N]...5.;..L.^..<z$..>.v...^.e..._..~......t.....[.................9..j...+=.2.....#..7'....{;.NO].....,.H...q..^....8W..0o.{.....;....|..x...r..#...w.S7o...=.t...=.6.^...c...O_8.....^..tC...7z?$f..g....?.t..^4.^...:.....O....,..q.f..g.:..{.2...W/.G....9....:r.m..#=.<K..s}...n..<q.dp

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8C420CB3.PNG

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                                                  File Type:PNG image data, 1037 x 72, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):8976
                                                                                                                                                                                  Entropy (8bit):7.80633939156706
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:r/UrdFouQWn/Mjnh2LqFNB7pf/VVC8dOx9MRMbQMAIimhM6we4RxCofEq:jUrQuQJELc1VI8sx6MbQMAIVGRxdcq
                                                                                                                                                                                  MD5:25902859A8786C02C68F6AA66C151C7C
                                                                                                                                                                                  SHA1:8829DDF4BC5CB5AB8A4C510CAD67B27FE3EE2BE9
                                                                                                                                                                                  SHA-256:67BA24DD3354C3E058B032FBAF799D9F0D11FD35FA9B80A9DEDAA3ABFFE32893
                                                                                                                                                                                  SHA-512:895801C640F737FF5F1DB6A14A91AC2B91A3CC2CA5070C9B97D2F3C4EE2097E2ADCA219496E8EE120CCEA58B88BE435FA256AA1D699D7D413A3F1C5ACE2A1F7E
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.PNG........IHDR.......H........!....sRGB.........gAMA......a.....pHYs..........+....".IDATx^.....y.}...}..!.....:..;....EH1.$.;N..2!.p.S.H..P.J..Bd....?.qB.......H...e..QH\9.OXHB>.t .t.{...ggg.n{gwN{..w....<.w4.7_w'...............H.............(.........................J.......................B..J........0..........4J.B~.F..h..(...V..Q"I.T....)..?fJ.............4(..b90<p......7...oR2..t&GM.....iJ..m\....4..............V.h.~..8y. ....L7Q:;..3...@...M..x.8.QF...........\i..AA........n.{....y...%.'3...\.|.~.y.J7.].F..p.}I2..V.H@9.............]i...F.O..o.r...O.h.........R9JO.C.3.......D3 {.V..*.W....,`..............P=1*.....=....:.......z....}....w...)J..(.4E.g..{...y...Dd.6b@...,.<.L..+............$...X$.7~E...P"..dJ9...xJ....'.4.O%).Pq.'.W....qj#..O..&...j.2*p.....|..3.J^....e.E........`....@.^.N..A..0...Q.$.&.Ti.}V..Q... .S.(g4.v8..00.......!.w.o...\@MMM*......{GL..........|.6<....C.Xz..<.u....p.....2...W.&T.f...$M9..X=...J........z.|D........`R...

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{D598F5A9-41E1-44C7-8D38-8B82E1D2FAA1}.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):337464
                                                                                                                                                                                  Entropy (8bit):7.97260257732735
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:PHtmJnbEwVak+5BoY6/KcWbokztmJnbEwVak+5BoY6/KcWbon:/MJnbEwYkUoYRpMSMJnbEwYkUoYRpMn
                                                                                                                                                                                  MD5:799293EED30AE65B8A03E2BF2C14EFB2
                                                                                                                                                                                  SHA1:643FA005DC68F0345A6E1EDD37D0745C0855A3CC
                                                                                                                                                                                  SHA-256:D0CE7CA37043D297A7D9082FAD159D71E1E3732B38D41C3CBD9CA9C855AB93EE
                                                                                                                                                                                  SHA-512:8A13024D23F3D0F10061956AC08D2E8D8EF4C254EB89825BE7417039844903FA46AB79F40006A48F83DEDE3D81B9951750BA6F01E70663C24F09C832D35A17A8
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:......................>...............................................................M...N...O...............................................................................................................................................................................................................................................................................................................................................................................................................................................J........................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{4FFCC0C1-FAE9-48A2-A197-5DE81C053074}.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1536
                                                                                                                                                                                  Entropy (8bit):0.8299261240595344
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:vlFg7NNKElClDK/lFlpY/4wltfvauldl5l/Hbl5l/cE///TzNM/wPxZlhWu/m7NH:vlapUElClDK/KFlgELW/wPxZSudxZSuq
                                                                                                                                                                                  MD5:82C21E9F7253A902ACA51C429967E6B0
                                                                                                                                                                                  SHA1:9FA5A85CAA74390218B1C00A5361C91F82EAFD06
                                                                                                                                                                                  SHA-256:0DC9AC96F8D916E28E48EDD9826229319C2CEA698101748FA4263C9C35E710D5
                                                                                                                                                                                  SHA-512:20A6973CB188AA313DB8D9A0D54CF2FCB1F47375F72761E6753F88772F35C212C49CBB65ACF89FB74848237A3C3176D21D68DF5A391E4A8C2CF30DE7BA9CEC1D
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:../.......E.M.B.E.D. .P.a.c.k.a.g.e..... . .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D9320A51-5E17-41AC-AA14-257027C1CCDA}.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1024
                                                                                                                                                                                  Entropy (8bit):0.05390218305374581
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:ol3lYdn:4Wn
                                                                                                                                                                                  MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                                                                                                                                                                  SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                                                                                                                                                                  SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                                                                                                                                                                  SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\a0v2H8.jar

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):164473
                                                                                                                                                                                  Entropy (8bit):7.998227410119545
                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                  SSDEEP:3072:nHtZMJGepfzX0wzh3ai4MhIcm3o9wpqmkAiye3Y6/tocHRXiIsWckuHvDdbFjW0V:nHtmJnbEwVak+5BoY6/KcWbog
                                                                                                                                                                                  MD5:5FCE04720A34D47CE0D474F4571AE901
                                                                                                                                                                                  SHA1:66F0FF1759880EE5AFC62968A4D135743A4B6888
                                                                                                                                                                                  SHA-256:8CB74BD01205DF1E777CC8C1A343AA65287909CD72AA7B8388F4C32024DCE624
                                                                                                                                                                                  SHA-512:6F0E3D750EFEB829E9CA00180AC0EF64B39A86A2B6BC6B087E917D65E89248EAB4CDB91EB2E81EF1144E799CB7186A26E947CB89044D3AD80A9606C600075EF7
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Preview:PK.........+U....~...........META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%...,x..s...u..K2.........].J.v.=.xc.C.$.K......T..........y..\...y.`#..|.|.r.3..<y.x..PK.........+U;EC..@...r......uBT1nphWVB.class.}.\TG.xu..f.`f.A..o....O./...Q..AE...hN../.4*.x!..>.(*.dc..$........$..9.w.{o.....}.~B........|...2..G. 0......pnlL....}^....isz..&,^......!.A..iu..~#..-J.2....FK.8....7m..p.....3.g.&......97=i..9g^..1..,O.F..\....{t..Q..Y.%..Q#.ED..*..a.....6.U......1...........C-KI.=2%59"m.L.89a.k..`..>..eN.....F>.,u..>....5*)iJtf.8..0p..y..#........'n..~..Cr...Q.1..H.n1...l#..J^....&.C..'A.t.3.).......%.Hl.`...'..S.ehOk.......t....F..zf"...gb.%}.RF!.X.b_E.K.7..[.......{e.*...l.9Pr....ug..A.tY....d.E.k#..O.GgsP...d.>.`.....6...w.S.{.....y.......+[YYx.wy.wY.@ ..W.{...uk....We..+[WYx.f.........5.V.^....{k..Te..+[UYx.f.....>]...xIkn..=w{..[k.VWe].W....b.....>Y....y.=...oo<.{..._YXT.e.....u.....Yz{cA.....UYe..r*..k.l.9p...K..(..kn...k..-..z

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\a0v2H8.jar:Zone.Identifier

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):26
                                                                                                                                                                                  Entropy (8bit):3.95006375643621
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:gAWY3n:qY3n
                                                                                                                                                                                  MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                                                                                                                                                                                  SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                                                                                                                                                                                  SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                                                                                                                                                                                  SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:[ZoneTransfer]..ZoneId=3..

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\12-09-2022 S#U0130PAR#U0130#U015e.docx.LNK

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Mar 8 15:45:52 2022, mtime=Tue Mar 8 15:45:52 2022, atime=Mon Sep 12 19:45:10 2022, length=258604, window=hide
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1154
                                                                                                                                                                                  Entropy (8bit):4.508288966876625
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:8GJ/XThOxqu/xfblueQ8DdNAlZDv3qIu7D:8GJ/XT4xjxfbQ18AyI0D
                                                                                                                                                                                  MD5:03CDF502971DEBC9402065E8991080CB
                                                                                                                                                                                  SHA1:A43BC44AA0394871BDDAAF05EE16119775EAE103
                                                                                                                                                                                  SHA-256:AD1C2338FE7FCF5BEC6158C701A16F5EEBAB8A0EC754EB1A96D7014366C8A5D6
                                                                                                                                                                                  SHA-512:FDB1316DCD2339EAD41163923DE0617109EA1F5D9C717FDB1D562D254E2BC1863F82169A43FD5ECB21C2608D75CBAD28B4F54B7F3A447D241702A377D9F77150
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:L..................F.... ...z.V..3..z.V..3..x.......,............................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X*...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1.....hT....user.8......QK.XhT..*...&=....U...............A.l.b.u.s.....z.1.....hT....Desktop.d......QK.XhT..*..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.......2.,...,U.. .12-09-~1.DOC.........hT..hT..*...r.....'...............1.2.-.0.9.-.2.0.2.2. .S.#.U.0.1.3.0.P.A.R.#.U.0.1.3.0.#.U.0.1.5.e...d.o.c.x...d.o.c.......................-...8...[............?J......C:\Users\..#...................\\936905\Users.user\Desktop\12-09-2022 S#U0130PAR#U0130#U015e.docx.doc.A.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.1.2.-.0.9.-.2.0.2.2. .S.#.U.0.1.3.0.P.A.R.#.U.0.1.3.0.#.U.0.1.5.e...d.o.c.x...d.o.c.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):127
                                                                                                                                                                                  Entropy (8bit):4.825539665366856
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:bDuMJltcuHQ+S19gUPLFSmX1UXBuHQ+S19gUPLFSv:bCYc6sRzFGXB6sRzFc
                                                                                                                                                                                  MD5:CD2C2025F8A0A79B19C38C6E5471BF29
                                                                                                                                                                                  SHA1:14CBE217A0F3E0328FA0C8832123C09FCB715CBB
                                                                                                                                                                                  SHA-256:8B250686B3B3AAD7A382D06FCA7D7F3C3BD334D5A24A1C2B9D7A0F1ADFAC1A62
                                                                                                                                                                                  SHA-512:D113D6ADED11C44F2DB0EC7CF374F7BB51316C2D4AE7FF4F023BAE1EA79F1F6ECA2586F6834EA08B066C4C22DEA6F5DF52A80AAB4502A45820C222F628CD8D76
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:[folders]..Templates.LNK=0..12-09-2022 S#U0130PAR#U0130#U015e.docx.LNK=0..[doc]..12-09-2022 S#U0130PAR#U0130#U015e.docx.LNK=0..

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):162
                                                                                                                                                                                  Entropy (8bit):2.503835550707525
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:vrJlaCkWtVyaJybdJylp2bG/WWNJbilFGUld/ln:vdsCkWtz8Oz2q/rViXdH/l
                                                                                                                                                                                  MD5:7CFA404FD881AF8DF49EA584FE153C61
                                                                                                                                                                                  SHA1:32D9BF92626B77999E5E44780BF24130F3D23D66
                                                                                                                                                                                  SHA-256:248DB6BD8C5CD3542A5C0AE228D3ACD6D8A7FA0C0C62ABC3E178E57267F6CCD7
                                                                                                                                                                                  SHA-512:F7CEC1177D4FF3F84F6F2A2A702E96713322AA56C628B49F728CD608E880255DA3EF412DE15BB58DF66D65560C03E68BA2A0DD6FDFA533BC9E428B0637562AEA
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.user..................................................A.l.b.u.s.............p........1h..............2h.............@3h..............3h.....z.......p4h.....x...

                                                                                                                                                                                  C:\Users\user\Desktop\~$-09-2022 S#U0130PAR#U0130#U015e.docx.doc

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):162
                                                                                                                                                                                  Entropy (8bit):2.503835550707525
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:vrJlaCkWtVyaJybdJylp2bG/WWNJbilFGUld/ln:vdsCkWtz8Oz2q/rViXdH/l
                                                                                                                                                                                  MD5:7CFA404FD881AF8DF49EA584FE153C61
                                                                                                                                                                                  SHA1:32D9BF92626B77999E5E44780BF24130F3D23D66
                                                                                                                                                                                  SHA-256:248DB6BD8C5CD3542A5C0AE228D3ACD6D8A7FA0C0C62ABC3E178E57267F6CCD7
                                                                                                                                                                                  SHA-512:F7CEC1177D4FF3F84F6F2A2A702E96713322AA56C628B49F728CD608E880255DA3EF412DE15BB58DF66D65560C03E68BA2A0DD6FDFA533BC9E428B0637562AEA
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.user..................................................A.l.b.u.s.............p........1h..............2h.............@3h..............3h.....z.......p4h.....x...

                                                                                                                                                                                  Static File Info

                                                                                                                                                                                  General

                                                                                                                                                                                  File type:Microsoft Word 2007+
                                                                                                                                                                                  Entropy (8bit):7.97914499665771
                                                                                                                                                                                  TrID:
                                                                                                                                                                                  • Word Microsoft Office Open XML Format document (49504/1) 49.01%
                                                                                                                                                                                  • Word Microsoft Office Open XML Format document (43504/1) 43.07%
                                                                                                                                                                                  • ZIP compressed archive (8000/1) 7.92%
                                                                                                                                                                                  File name:12-09-2022 S#U0130PAR#U0130#U015e.docx.doc
                                                                                                                                                                                  File size:258604
                                                                                                                                                                                  MD5:7e8133cf5f56adcfafb9bc91390c9fe7
                                                                                                                                                                                  SHA1:2cc6471245901e51565ad69df6b8586629965cf1
                                                                                                                                                                                  SHA256:7859fd95c60a0d76fa99eb42277501b20f76a377c1395b504acff5dd22533027
                                                                                                                                                                                  SHA512:943c44eb826863181891fa7f3eaba59546656c10aad65815f9a21d0ac277d21ec3715f71b1359b962c2057ee234f16be2edc0629e6a5889ff1abd4d2fd1f6d67
                                                                                                                                                                                  SSDEEP:6144:CsjU1vruW+UztmXtb2wDayQ7B4Y6/EcKbiCW:tjaumMXtb2w+yM4YhVWCW
                                                                                                                                                                                  TLSH:09442358C8204D84D8654636A8A9B9F392EF9020B322C11B7F5CC6EDDF6272E47AE513
                                                                                                                                                                                  File Content Preview:PK..........!.........T.......[Content_Types].xml ...(.........................................................................................................................................................................................................

                                                                                                                                                                                  File Icon

                                                                                                                                                                                  Icon Hash:e4eea2aaa4b4b4a4

                                                                                                                                                                                  Static OLE Info

                                                                                                                                                                                  General

                                                                                                                                                                                  Document Type:OpenXML
                                                                                                                                                                                  Number of OLE Files:1

                                                                                                                                                                                  OLE File "/opt/package/joesandbox/database/analysis/701320/sample/12-09-2022 S#U0130PAR#U0130#U015e.docx.doc"

                                                                                                                                                                                  Indicators
                                                                                                                                                                                  Has Summary Info:
                                                                                                                                                                                  Application Name:
                                                                                                                                                                                  Encrypted Document:False
                                                                                                                                                                                  Contains Word Document Stream:True
                                                                                                                                                                                  Contains Workbook/Book Stream:False
                                                                                                                                                                                  Contains PowerPoint Document Stream:False
                                                                                                                                                                                  Contains Visio Document Stream:False
                                                                                                                                                                                  Contains ObjectPool Stream:False
                                                                                                                                                                                  Flash Objects Count:0
                                                                                                                                                                                  Contains VBA Macros:False
                                                                                                                                                                                  Summary
                                                                                                                                                                                  Author:
                                                                                                                                                                                  Template:
                                                                                                                                                                                  Last Saved By:
                                                                                                                                                                                  Revion Number:1
                                                                                                                                                                                  Total Edit Time:1
                                                                                                                                                                                  Create Time:2022-09-11T20:26:00Z
                                                                                                                                                                                  Last Saved Time:2022-09-11T20:27:00Z
                                                                                                                                                                                  Number of Pages:1
                                                                                                                                                                                  Number of Words:3
                                                                                                                                                                                  Number of Characters:21
                                                                                                                                                                                  Creating Application:
                                                                                                                                                                                  Security:0
                                                                                                                                                                                  Document Summary
                                                                                                                                                                                  Number of Lines:1
                                                                                                                                                                                  Number of Paragraphs:1
                                                                                                                                                                                  Thumbnail Scaling Desired:false
                                                                                                                                                                                  Company:
                                                                                                                                                                                  Contains Dirty Links:false
                                                                                                                                                                                  Shared Document:false
                                                                                                                                                                                  Changed Hyperlinks:false
                                                                                                                                                                                  Application Version:14.0000

                                                                                                                                                                                  Streams

                                                                                                                                                                                  Stream Path: \x1CompObj, File Type: data, Stream Size: 72
                                                                                                                                                                                  General
                                                                                                                                                                                  Stream Path:\x1CompObj
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Stream Size:72
                                                                                                                                                                                  Entropy:3.8231129765226823
                                                                                                                                                                                  Base64 Encoded:False
                                                                                                                                                                                  Data ASCII:. . . . . . . / . { . . . Z @ . . . . P a c k a g e . . . . . . . . . P a c k a g e . 9 q . . . . . . . . . . . .
                                                                                                                                                                                  Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 a7 0d f2 2f c0 ce 11 92 7b 08 00 09 5a e3 40 08 00 00 00 50 61 63 6b 61 67 65 00 00 00 00 00 08 00 00 00 50 61 63 6b 61 67 65 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                  Stream Path: \x1Ole, File Type: data, Stream Size: 20
                                                                                                                                                                                  General
                                                                                                                                                                                  Stream Path:\x1Ole
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Stream Size:20
                                                                                                                                                                                  Entropy:0.8475846798245739
                                                                                                                                                                                  Base64 Encoded:False
                                                                                                                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . .
                                                                                                                                                                                  Data Raw:01 00 00 02 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                  Stream Path: \x1Ole10Native, File Type: data, Stream Size: 165046
                                                                                                                                                                                  General
                                                                                                                                                                                  Stream Path:\x1Ole10Native
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Stream Size:165046
                                                                                                                                                                                  Entropy:7.9974019330364134
                                                                                                                                                                                  Base64 Encoded:True
                                                                                                                                                                                  Data ASCII:. . . . a 0 v 2 H 8 . j a r . C : \\ U s e r s \\ M I C R O S O F T \\ A p p D a t a \\ L o c a l \\ M i c r o s o f t \\ W i n d o w s \\ I N e t C a c h e \\ C o n t e n t . W o r d \\ a 0 v 2 H 8 . j a r . . . . . W . . . C : \\ U s e r s \\ M I C R O S ~ 1 \\ A p p D a t a \\ L o c a l \\ T e m p \\ { 6 1 6 8 B 7 1 6 - 2 6 0 4 - 4 F 6 B - B 0 F 1 - C C A D 4 0 6 6 7 2 3 F } \\ a 0 v 2 H 8 . j a r . y . . P K . . . . . . . . . + U ~ . . . . . . . . . . M E T A - I N F / M A N I F E S T . M F M L K - . . K - * . R 0 3 r
                                                                                                                                                                                  Data Raw:b2 84 02 00 02 00 61 30 76 32 48 38 2e 6a 61 72 00 43 3a 5c 55 73 65 72 73 5c 4d 49 43 52 4f 53 4f 46 54 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 4d 69 63 72 6f 73 6f 66 74 5c 57 69 6e 64 6f 77 73 5c 49 4e 65 74 43 61 63 68 65 5c 43 6f 6e 74 65 6e 74 2e 57 6f 72 64 5c 61 30 76 32 48 38 2e 6a 61 72 00 00 00 03 00 57 00 00 00 43 3a 5c 55 73 65 72 73 5c 4d 49 43 52 4f 53 7e 31 5c
                                                                                                                                                                                  Stream Path: \x3ObjInfo, File Type: data, Stream Size: 6
                                                                                                                                                                                  General
                                                                                                                                                                                  Stream Path:\x3ObjInfo
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Stream Size:6
                                                                                                                                                                                  Entropy:1.7924812503605778
                                                                                                                                                                                  Base64 Encoded:False
                                                                                                                                                                                  Data ASCII:@ . . . . .
                                                                                                                                                                                  Data Raw:40 00 03 00 01 00

                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                  No network behavior found

                                                                                                                                                                                  Statistics

                                                                                                                                                                                  Behavior

                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                  System Behavior

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                  Start time:13:45:10
                                                                                                                                                                                  Start date:12/09/2022
                                                                                                                                                                                  Path:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
                                                                                                                                                                                  Imagebase:0x13fcc0000
                                                                                                                                                                                  File size:1423704 bytes
                                                                                                                                                                                  MD5 hash:9EE74859D22DAE61F1750B3A1BACB6F5
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:3
                                                                                                                                                                                  Start time:13:45:36
                                                                                                                                                                                  Start date:12/09/2022
                                                                                                                                                                                  Path:C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\a0v2H8.jar"
                                                                                                                                                                                  Imagebase:0x13f680000
                                                                                                                                                                                  File size:206912 bytes
                                                                                                                                                                                  MD5 hash:7F0467C3AA5BDAF44BBC824AC81359D0
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:Java
                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                  • Rule: JoeSecurity_AdWind_2, Description: Yara detected AdWind RAT, Source: 00000003.00000002.1046522557.00000000D747C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                  • Rule: JoeSecurity_AdWind_2, Description: Yara detected AdWind RAT, Source: 00000003.00000002.1045659100.00000000D7407000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                  Reputation:moderate

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:4
                                                                                                                                                                                  Start time:13:45:40
                                                                                                                                                                                  Start date:12/09/2022
                                                                                                                                                                                  Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:wmic CPU get ProcessorId
                                                                                                                                                                                  Imagebase:0xff5a0000
                                                                                                                                                                                  File size:566272 bytes
                                                                                                                                                                                  MD5 hash:FD902835DEAEF4091799287736F3A028
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:6
                                                                                                                                                                                  Start time:13:45:46
                                                                                                                                                                                  Start date:12/09/2022
                                                                                                                                                                                  Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:wmic bios get serialnumber
                                                                                                                                                                                  Imagebase:0xff4f0000
                                                                                                                                                                                  File size:566272 bytes
                                                                                                                                                                                  MD5 hash:FD902835DEAEF4091799287736F3A028
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:8
                                                                                                                                                                                  Start time:13:45:49
                                                                                                                                                                                  Start date:12/09/2022
                                                                                                                                                                                  Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:wmic csproduct get name
                                                                                                                                                                                  Imagebase:0xff970000
                                                                                                                                                                                  File size:566272 bytes
                                                                                                                                                                                  MD5 hash:FD902835DEAEF4091799287736F3A028
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:10
                                                                                                                                                                                  Start time:13:45:50
                                                                                                                                                                                  Start date:12/09/2022
                                                                                                                                                                                  Path:C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\a0v2H8.jar"
                                                                                                                                                                                  Imagebase:0x13f680000
                                                                                                                                                                                  File size:206912 bytes
                                                                                                                                                                                  MD5 hash:7F0467C3AA5BDAF44BBC824AC81359D0
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                  • Rule: JoeSecurity_AdWind_2, Description: Yara detected AdWind RAT, Source: 0000000A.00000002.1107491922.00000000D7403000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                  • Rule: JoeSecurity_AdWind_2, Description: Yara detected AdWind RAT, Source: 0000000A.00000002.1108130731.00000000D7479000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                  Reputation:moderate

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:11
                                                                                                                                                                                  Start time:13:45:52
                                                                                                                                                                                  Start date:12/09/2022
                                                                                                                                                                                  Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:wmic csproduct get UUID
                                                                                                                                                                                  Imagebase:0xff4a0000
                                                                                                                                                                                  File size:566272 bytes
                                                                                                                                                                                  MD5 hash:FD902835DEAEF4091799287736F3A028
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:13
                                                                                                                                                                                  Start time:13:45:56
                                                                                                                                                                                  Start date:12/09/2022
                                                                                                                                                                                  Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:wmic CPU get ProcessorId
                                                                                                                                                                                  Imagebase:0xff920000
                                                                                                                                                                                  File size:566272 bytes
                                                                                                                                                                                  MD5 hash:FD902835DEAEF4091799287736F3A028
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:15
                                                                                                                                                                                  Start time:13:46:08
                                                                                                                                                                                  Start date:12/09/2022
                                                                                                                                                                                  Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:wmic bios get serialnumber
                                                                                                                                                                                  Imagebase:0xff3b0000
                                                                                                                                                                                  File size:566272 bytes
                                                                                                                                                                                  MD5 hash:FD902835DEAEF4091799287736F3A028
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:17
                                                                                                                                                                                  Start time:13:46:13
                                                                                                                                                                                  Start date:12/09/2022
                                                                                                                                                                                  Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:wmic csproduct get name
                                                                                                                                                                                  Imagebase:0xff880000
                                                                                                                                                                                  File size:566272 bytes
                                                                                                                                                                                  MD5 hash:FD902835DEAEF4091799287736F3A028
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:19
                                                                                                                                                                                  Start time:13:46:17
                                                                                                                                                                                  Start date:12/09/2022
                                                                                                                                                                                  Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:wmic csproduct get UUID
                                                                                                                                                                                  Imagebase:0xffd70000
                                                                                                                                                                                  File size:566272 bytes
                                                                                                                                                                                  MD5 hash:FD902835DEAEF4091799287736F3A028
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                                                                  Disassembly

                                                                                                                                                                                  No disassembly