Windows Analysis Report
12-09-2022 S#U0130PAR#U0130#U015e.docx.doc

Overview

General Information

Sample Name: 12-09-2022 S#U0130PAR#U0130#U015e.docx.doc
Analysis ID: 701320
MD5: 7e8133cf5f56adcfafb9bc91390c9fe7
SHA1: 2cc6471245901e51565ad69df6b8586629965cf1
SHA256: 7859fd95c60a0d76fa99eb42277501b20f76a377c1395b504acff5dd22533027
Tags: doc
Infos:

Detection

AdWind
Score: 80
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Document exploit detected (creates forbidden files)
Multi AV Scanner detection for submitted file
Yara detected AdWind RAT
Document contains OLE streams which likely are hidden ActiveX objects
Document exploit detected (process start blacklist hit)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)
Contains functionality to detect virtual machines (SLDT)
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Creates a process in suspended mode (likely to inject code)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.doc ReversingLabs: Detection: 26%
Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.doc Virustotal: Detection: 17% Perma Link
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE File opened: C:\Windows\SysWOW64\MSVCR100.dll Jump to behavior

Software Vulnerabilities
barindex
Document exploit detected (creates forbidden files)
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE File created: C:\Users\user\AppData\Local\Temp\a0v2H8.jar Jump to behavior
Document exploit detected (process start blacklist hit)
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe
Source: javaw.exe, 0000000D.00000002.340435134.00000000099FB000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.394548246.000000000A3F3000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/
Source: javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/3
Source: javaw.exe, 0000000D.00000002.340435134.00000000099FB000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.394548246.000000000A3F3000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/allow-java-encodings
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.394548246.000000000A3F3000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/continue-after-fatal-error
Source: javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/continue-after-fatal-error=
Source: javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338079307.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.394548246.000000000A3F3000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/create-cdata-nodes
Source: javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338079307.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/create-cdata-nodes:
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/create-cdata-nodesC
Source: javaw.exe, 0000000D.00000003.320744023.0000000000D14000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338103470.0000000000D21000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/disallow-doctype-decl
Source: javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/disallow-doctype-declxcep
Source: javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338079307.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/dom/create-entity-ref-nodes
Source: javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338079307.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/dom/create-entity-ref-nodes?
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/dom/create-entity-ref-nodesc
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansion
Source: javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansion9
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansions
Source: javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338079307.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/dom/include-ignorable-whitespace
Source: javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338079307.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/dom/include-ignorable-whitespace/
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.394548246.000000000A3F3000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations
Source: javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations9
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocations
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocations#j
Source: javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocations1
Source: javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338079307.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/include-comments
Source: javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338079307.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/include-comments0
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/internal/parser-settings
Source: javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/internal/parser-settings7
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicates
Source: javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicatesO
Source: javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicatesc
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.394548246.000000000A3F3000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only
Source: javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only/
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-onlys
Source: javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/namespace-growth
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd3
Source: javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd:
Source: javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtdkZ
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/s
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/scanner/notify-builtin-refs
Source: javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/scanner/notify-builtin-refsK
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs
Source: javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs3
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refsC
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/standard-uri-conformant
Source: javaw.exe, 0000000D.00000003.320744023.0000000000D14000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338103470.0000000000D21000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/standard-uri-conformantut2
Source: javaw.exe, 0000001D.00000002.399242595.0000000015340000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/standard-uri-conformantxe2
Source: javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validate-annotations
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validate-annotations3
Source: javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validate-annotationsKD
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320030158.0000000015939000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320240879.000000001593B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342933460.0000000015952000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-trees
Source: javaw.exe, 0000000D.00000003.320030158.0000000015939000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320240879.000000001593B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342933460.0000000015952000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-trees1
Source: javaw.exe, 0000001D.00000002.399242595.0000000015340000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-trees_S1
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320030158.0000000015939000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320240879.000000001593B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342933460.0000000015952000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/dynamic
Source: javaw.exe, 0000001D.00000002.399242595.0000000015340000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/dynamic_CHAR_R
Source: javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.340435134.00000000099FB000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338079307.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.394548246.000000000A3F3000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/schema
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking
Source: javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking=
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/schema-full-checkingS
Source: javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/schema-full-checkingk
Source: javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/schema/augment-psvi
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/schema/element-default
Source: javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/schema/element-defaultA
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-value
Source: javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-valueB
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/schemaSu
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.394548246.000000000A3F3000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdef
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdef3(
Source: javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdefkb
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdef
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdef3
Source: javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdef:
Source: javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdefKV(
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/warn-on-duplicate-entitydef
Source: javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338079307.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.394548246.000000000A3F3000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/xinclude
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-uris
Source: javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-uris6
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-urisS
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-language
Source: javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-language;
Source: javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338079307.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/xinclude1
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.394548246.000000000A3F3000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/dom/current-element-node
Source: javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/dom/current-element-node9
Source: javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/dom/current-element-nodem
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/dom/document-class-name
Source: javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/dom/document-class-name$
Source: javaw.exe, 0000000D.00000002.340435134.00000000099FB000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.394548246.000000000A3F3000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/input-buffer-size
Source: javaw.exe, 0000000D.00000003.320744023.0000000000D14000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338103470.0000000000D21000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/input-buffer-sizeNamedI
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/input-buffer-sizec
Source: javaw.exe, 0000001D.00000002.399242595.0000000015340000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/input-buffer-sizexerces
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factory
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factoryC.
Source: javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factoryKh(
Source: javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factoryh
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.394548246.000000000A3F3000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/document-scanner
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/document-scanner#
Source: javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/document-scanner7
Source: javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/document-scanner=
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.394548246.000000000A3F3000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor
Source: javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor5
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner
Source: javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner8
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/dtd-scannerc
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/entity-manager
Source: javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/entity-manager8
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver
Source: javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver:
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/error-handler
Source: javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/error-handler6
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/error-reporter
Source: javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/error-reporter:
Source: javaw.exe, 0000000D.00000002.340435134.00000000099FB000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.394548246.000000000A3F3000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/grammar-pool
Source: javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/grammar-pool6
Source: javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/grammar-pool9
Source: javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/namespace-binder
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/namespace-binder39
Source: javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/namespace-binderks
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.394548246.000000000A3F3000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/namespace-context
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/namespace-context#
Source: javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/namespace-context:
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolver
Source: javaw.exe, 0000001D.00000002.399242595.0000000015340000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolvernt=
Source: javaw.exe, 0000000D.00000003.320744023.0000000000D14000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338103470.0000000000D21000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolverro=
Source: javaw.exe, 0000000D.00000002.340435134.00000000099FB000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.394548246.000000000A3F3000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/symbol-table
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/symbol-table#
Source: javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/symbol-table;X(
Source: javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/symbol-tableQ
Source: javaw.exe, 0000000D.00000002.340435134.00000000099FB000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.394548246.000000000A3F3000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/validation-manager
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory
Source: javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory7
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory;
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/validator/dtd
Source: javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/validator/dtd:
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/validator/schema
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/xinclude-handler
Source: javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/xinclude-handler=
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.394548246.000000000A3F3000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/locale
Source: javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/localeJ
Source: javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/localehJ
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation
Source: javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation?
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocationS
Source: javaw.exe, 0000000D.00000002.340435134.00000000099FB000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.394548246.000000000A3F3000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocation
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocation#l
Source: javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocation(
Source: javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338079307.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/security-manager
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/security-manager#W
Source: javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338079307.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/security-manager8
Source: javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/security-managerk
Source: javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymousTypes
Source: javaw.exe, 0000000D.00000002.342562072.00000000158A0000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320466091.00000000158A1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320663164.00000000158B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymousTypes-
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: javaw.exe, 0000000D.00000002.340218954.0000000009957000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.394021383.000000000A356000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://bugreport.sun.com/bugreport/
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: javaw.exe, 0000000D.00000003.320223692.00000000159F2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.319967289.00000000159ED000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.318356501.000000001596B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339138479.00000000045DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.340622834.0000000009A9C000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342990987.0000000015972000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339167926.00000000045FC000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.395111727.000000000A4A4000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.391683809.0000000004FDD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.391742678.0000000004FFC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ipinfo.io/
Source: javaw.exe, 0000001D.00000002.407534942.0000000015A30000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ipinfo.io/aintHea
Source: javaw.exe, 0000000D.00000003.320223692.00000000159F2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.319967289.00000000159ED000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.318356501.000000001596B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339138479.00000000045DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.340622834.0000000009A9C000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342990987.0000000015972000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339167926.00000000045FC000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.395111727.000000000A4A4000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.391683809.0000000004FDD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.391742678.0000000004FFC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ipinfo.io/ip
Source: javaw.exe, 0000001D.00000002.407534942.0000000015A30000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ipinfo.io/ipnt;
Source: javaw.exe, 0000000D.00000002.340231812.000000000995F000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.394053423.000000000A35D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.oracle.com/
Source: javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392140815.00000000050C7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/dtd/properties.dtd
Source: javaw.exe, 0000001D.00000002.392184518.00000000050DD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/dtd/properties.dtd#
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/dtd/properties.dtdS
Source: javaw.exe, 0000000D.00000002.339418652.00000000046DE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/dtd/properties.dtdc
Source: javaw.exe, 0000000D.00000002.339465052.00000000046EF000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342562072.00000000158A0000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320466091.00000000158A1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320663164.00000000158B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392231726.00000000050F0000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/dom/properties/
Source: javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/dom/properties/(
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339418652.00000000046DE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.399242595.0000000015340000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.394548246.000000000A3F3000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392184518.00000000050DD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/dom/properties/ancestor-check
Source: javaw.exe, 0000000D.00000002.342562072.00000000158A0000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320466091.00000000158A1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320663164.00000000158B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/dom/properties/ancestor-checkour
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/jaxp/properties/
Source: javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338079307.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.394548246.000000000A3F3000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguage
Source: javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338079307.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguage4
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguageCI
Source: javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338079307.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.394548246.000000000A3F3000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaSource
Source: javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338079307.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaSource7
Source: javaw.exe, 0000000D.00000002.339465052.00000000046EF000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342562072.00000000158A0000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320466091.00000000158A1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320663164.00000000158B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392231726.00000000050F0000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/schema/features/
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace
Source: javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespaceo
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342562072.00000000158A0000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320466091.00000000158A1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320663164.00000000158B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.394548246.000000000A3F3000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392231726.00000000050F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/stream/properties/
Source: javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/stream/properties/6
Source: javaw.exe, 0000000D.00000002.339465052.00000000046EF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/stream/properties/S
Source: javaw.exe, 0000001D.00000002.399242595.0000000015340000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtdifi
Source: javaw.exe, 0000000D.00000003.320744023.0000000000D14000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338103470.0000000000D21000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtdkin
Source: javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/stream/properties/reader-in-defined-state
Source: javaw.exe, 0000000D.00000002.342562072.00000000158A0000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320466091.00000000158A1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320663164.00000000158B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/stream/properties/reader-in-defined-state/
Source: javaw.exe, 0000001D.00000002.392231726.00000000050F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/stream/properties/reader-in-defined-state;
Source: javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/stream/properties/report-cdata-event
Source: javaw.exe, 0000000D.00000003.320030158.0000000015939000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320240879.000000001593B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342933460.0000000015952000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/stream/properties/report-cdata-eventl/xn
Source: javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338079307.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://javax.xml.XMLConstants/feature/secure-processing
Source: javaw.exe, 0000000D.00000002.339465052.00000000046EF000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.340435134.00000000099FB000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342562072.00000000158A0000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320466091.00000000158A1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320663164.00000000158B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.394548246.000000000A3F3000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392231726.00000000050F0000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://javax.xml.XMLConstants/property/
Source: javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://javax.xml.XMLConstants/property/3
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTD
Source: javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338079307.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTD;
Source: javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338079307.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchema
Source: javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchema;
Source: javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338079307.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchemaD
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchemak
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: http://weather.service.msn.com/data.aspx
Source: javaw.exe, 0000000D.00000002.340622834.0000000009A9C000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339167926.00000000045FC000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.395111727.000000000A4A4000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.391812098.000000000501E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: javaw.exe, 0000000D.00000002.339465052.00000000046EF000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.340435134.00000000099FB000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342562072.00000000158A0000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320466091.00000000158A1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320663164.00000000158B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.394548246.000000000A3F3000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392231726.00000000050F0000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/feature/use-service-mechanism
Source: javaw.exe, 0000000D.00000002.340435134.00000000099FB000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342562072.00000000158A0000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320466091.00000000158A1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320663164.00000000158B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.394548246.000000000A3F3000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/
Source: javaw.exe, 0000000D.00000002.339465052.00000000046EF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/S
Source: javaw.exe, 0000001D.00000002.399242595.0000000015340000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/elementAttributeLimit
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit
Source: javaw.exe, 0000001D.00000002.399242595.0000000015340000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityExpansionLimitn/
Source: javaw.exe, 0000000D.00000003.320744023.0000000000D14000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338103470.0000000000D21000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityExpansionLimitse
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityReplacementLimit
Source: javaw.exe, 0000000D.00000003.320744023.0000000000D14000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338103470.0000000000D21000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.399242595.0000000015340000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityReplacementLimit9
Source: javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityReplacementLimit;
Source: javaw.exe, 0000000D.00000002.339465052.00000000046EF000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.399242595.0000000015340000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.394548246.000000000A3F3000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392231726.00000000050F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/getEntityCountInfo
Source: javaw.exe, 0000000D.00000003.320744023.0000000000D14000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338103470.0000000000D21000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/getEntityCountInfoT
Source: javaw.exe, 0000001D.00000002.392231726.00000000050F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/k
Source: javaw.exe, 0000000D.00000003.320744023.0000000000D14000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.340435134.00000000099FB000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338103470.0000000000D21000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.399242595.0000000015340000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.394548246.000000000A3F3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxElementDepth
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxElementDepthS
Source: javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxElementDepthk
Source: javaw.exe, 0000000D.00000003.320744023.0000000000D14000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.340435134.00000000099FB000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338103470.0000000000D21000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.399242595.0000000015340000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.394548246.000000000A3F3000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxGeneralEntitySizeLimit
Source: javaw.exe, 0000000D.00000003.320744023.0000000000D14000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338103470.0000000000D21000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxOccurLimit
Source: javaw.exe, 0000001D.00000002.399242595.0000000015340000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxOccurLimitWE
Source: javaw.exe, 0000000D.00000003.320744023.0000000000D14000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338103470.0000000000D21000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.399242595.0000000015340000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimit
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimits
Source: javaw.exe, 0000000D.00000003.320744023.0000000000D14000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338103470.0000000000D21000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.399242595.0000000015340000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.394548246.000000000A3F3000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxXMLNameLimit
Source: javaw.exe, 0000000D.00000003.320744023.0000000000D14000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338103470.0000000000D21000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.399242595.0000000015340000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/totalEntitySizeLimit
Source: javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/xmlSecurityPropertyManager
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/xmlSecurityPropertyManagerc
Source: javaw.exe, 0000000D.00000002.340435134.00000000099FB000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342562072.00000000158A0000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320466091.00000000158A1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320663164.00000000158B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.394548246.000000000A3F3000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392231726.00000000050F0000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/
Source: javaw.exe, 0000000D.00000002.339465052.00000000046EF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/S
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTD
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTD#Y
Source: javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTDh
Source: javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTDk
Source: javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTDw=
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/external-general-entities
Source: javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/external-general-entities7
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/external-general-entitiesc
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.394548246.000000000A3F3000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/external-parameter-entities
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/external-parameter-entitiesC)
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.394548246.000000000A3F3000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/namespace-prefixes
Source: javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/namespace-prefixes(
Source: javaw.exe, 0000001D.00000002.399242595.0000000015340000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/namespace-prefixes/s(
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/namespace-prefixesc
Source: javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338079307.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/namespaces
Source: javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338079307.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/namespaces&
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/namespacessZ
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/use-entity-resolver2
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/use-entity-resolver2S
Source: javaw.exe, 0000000D.00000003.320693354.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.338079307.0000000000D07000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.402461340.0000000015414000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/validation
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/validations
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/properties/
Source: javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/properties/(
Source: javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/properties/3
Source: javaw.exe, 0000000D.00000002.339989862.000000000489E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320291966.00000000158DD000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.339346371.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.320060542.00000000158D6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.342740838.00000000158E9000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.393476612.00000000052A2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.392078517.00000000050B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000002.400679296.00000000153CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/properties/xml-string
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://analysis.windows.net/powerbi/api
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://api.aadrm.com
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://api.aadrm.com/
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://api.addins.store.office.com/app/query
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://api.cortana.ai
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://api.diagnostics.office.com
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://api.diagnosticssdf.office.com
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://api.microsoftstream.com/api/
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://api.office.net
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://api.onedrive.com
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://api.powerbi.com/beta/myorg/imports
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://api.scheduler.
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://apis.live.net/v5.0/
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://arc.msn.com/v4/api/selection
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://augloop.office.com
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://augloop.office.com/v2
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://autodiscover-s.outlook.com/
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://cdn.entity.
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://clients.config.office.net/
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://config.edge.skype.com
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://cortana.ai
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://cortana.ai/api
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://cr.office.com
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://dataservice.o365filtering.com
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://dataservice.o365filtering.com/
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://dev.cortana.ai
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://devnull.onenote.com
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://directory.services.
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://ecs.office.com/config/v2/Office
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://enrichment.osi.office.net/
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://entitlement.diagnostics.office.com
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://globaldisco.crm.dynamics.com
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://graph.ppe.windows.net
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://graph.ppe.windows.net/
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://graph.windows.net
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://graph.windows.net/
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://incidents.diagnostics.office.com
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://inclient.store.office.com/gyro/client
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://invites.office.com/
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://lifecycle.office.com
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://login.microsoftonline.com/
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://login.windows.local
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://management.azure.com
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://management.azure.com/
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://messaging.action.office.com/
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://messaging.engagement.office.com/
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://messaging.lifecycle.office.com/
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://messaging.office.com/
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://my.microsoftpersonalcontent.com
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://ncus.contentsync.
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://ncus.pagecontentsync.
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://o365diagnosticsppe-web.cloudapp.net
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://officeapps.live.com
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://officeci.azurewebsites.net/api/
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://onedrive.live.com
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://onedrive.live.com/embed?
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://osi.office.net
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://otelrules.azureedge.net
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://outlook.office.com
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://outlook.office.com/
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://outlook.office365.com
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://outlook.office365.com/
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://pages.store.office.com/review/query
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://powerlift.acompli.net
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://roaming.edog.
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://settings.outlook.com
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://shell.suite.office.com:1443
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://skyapi.live.net/Activity/
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://staging.cortana.ai
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://store.office.cn/addinstemplate
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://store.office.de/addinstemplate
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://tasks.office.com
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://web.microsoftstream.com/video/
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://webshell.suite.office.com
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://wus2.contentsync.
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://wus2.pagecontentsync.
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: C084E00E-2C37-4DA2-8B52-BBC9C24B7D11.0.dr String found in binary or memory: https://www.odwebp.svc.ms

System Summary
barindex
Document contains OLE streams which likely are hidden ActiveX objects
Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.doc Stream path '\x1Ole10Native' : ....a0v2H8.jar.C:\Users\MICROSOFT\AppData\Local\Mi
Detected potential crypto function
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Code function: 13_3_15912789 13_3_15912789
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Code function: 13_3_15913417 13_3_15913417
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Code function: 13_3_15912771 13_3_15912771
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Code function: 13_3_15906079 13_3_15906079
Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.doc ReversingLabs: Detection: 26%
Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.doc Virustotal: Detection: 17%
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA Jump to behavior
Source: unknown Process created: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /Automation -Embedding
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe "C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\a0v2H8.jar"
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
Source: C:\Windows\SysWOW64\icacls.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Process created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic CPU get ProcessorId
Source: C:\Windows\SysWOW64\wbem\WMIC.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Process created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic bios get serialnumber
Source: C:\Windows\SysWOW64\wbem\WMIC.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Process created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic csproduct get name
Source: C:\Windows\SysWOW64\wbem\WMIC.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Process created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic csproduct get UUID
Source: C:\Windows\SysWOW64\wbem\WMIC.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ver
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe "C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\a0v2H8.jar"
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Process created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic CPU get ProcessorId
Source: C:\Windows\SysWOW64\wbem\WMIC.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Process created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic bios get serialnumber
Source: C:\Windows\SysWOW64\wbem\WMIC.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Process created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic csproduct get name
Source: C:\Windows\SysWOW64\wbem\WMIC.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Process created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic csproduct get UUID
Source: C:\Windows\SysWOW64\wbem\WMIC.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ver
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288 Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe "C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\a0v2H8.jar" Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe "C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\a0v2H8.jar" Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Process created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic CPU get ProcessorId Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Process created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic bios get serialnumber Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Process created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic csproduct get name Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Process created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic csproduct get UUID Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ver Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Process created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic CPU get ProcessorId Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Process created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic bios get serialnumber Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Process created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic csproduct get name Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Process created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic csproduct get UUID Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ver Jump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32 Jump to behavior
Source: 12-09-2022 S.LNK.0.dr LNK file: ..\..\..\..\..\Desktop\12-09-2022 S#U0130PAR#U0130#U015e.docx.doc
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6328:120:WilError_01
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6188:120:WilError_01
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6592:120:WilError_01
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6412:120:WilError_01
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6108:120:WilError_01
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6124:120:WilError_01
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6172:120:WilError_01
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6388:120:WilError_01
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6476:120:WilError_01
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6536:120:WilError_01
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:968:120:WilError_01
Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.doc OLE indicator, Word Document stream: true
Source: C:\Windows\SysWOW64\wbem\WMIC.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessorId FROM WIN32_PROCESSOR
Source: C:\Windows\SysWOW64\wbem\WMIC.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessorId FROM WIN32_PROCESSOR
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE File created: C:\Users\user\AppData\Local\Temp\{5CC3E825-F709-4DD0-BB2B-0593311557CB} - OProcSessId.dat Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Section loaded: C:\Program Files (x86)\Java\jre1.8.0_211\bin\client\jvm.dll Jump to behavior
Source: classification engine Classification label: mal80.troj.expl.evad.winDOC@40/10@0/0
Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.doc OLE document summary: title field not present or empty
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE File read: C:\Users\desktop.ini Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.doc Initial sample: OLE zip file path = word/media/image3.emf
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE File opened: C:\Windows\SysWOW64\MSVCR100.dll Jump to behavior
Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.doc Initial sample: OLE indicators vbamacros = False
Uses code obfuscation techniques (call, push, ret)
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Code function: 13_3_1596F00A push B01596F0h; ret 13_3_1596F019
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Code function: 13_3_159748D4 push 5C939D70h; retf 13_3_15974945
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Code function: 13_3_15974947 push 5C939D70h; retf 13_3_15974945
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Code function: 13_3_159743E0 push 0000006Ah; iretd 13_3_15974486
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Code function: 13_3_1590B7E4 push eax; iretd 13_3_1590B7E5
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Code function: 13_3_1590CF2F push eax; iretd 13_3_1590CF45
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Code function: 29_2_02DAD877 push 00000000h; mov dword ptr [esp], esp 29_2_02DAD8A1
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Code function: 29_2_02DAB377 push 00000000h; mov dword ptr [esp], esp 29_2_02DAB39D
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Code function: 29_2_02DABB27 push 00000000h; mov dword ptr [esp], esp 29_2_02DABB4D
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Code function: 29_2_02DAD860 push 00000000h; mov dword ptr [esp], esp 29_2_02DAD8A1
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Code function: 29_2_02DAA1DB push ecx; ret 29_2_02DAA1E5
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Code function: 29_2_02DAA1CA push ecx; ret 29_2_02DAA1DA
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Code function: 29_2_02DAB907 push 00000000h; mov dword ptr [esp], esp 29_2_02DAB92D
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Code function: 29_2_02DAC437 push 00000000h; mov dword ptr [esp], esp 29_2_02DAC45D
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Code function: 29_2_02DB2D44 push eax; retf 29_2_02DB2D45
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Code function: 29_2_02E4F634 push eax; retf 0002h 29_2_02E4F678
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Code function: 29_2_02E4E0DD push ebx; retf 29_2_02E4E17A
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Code function: 29_2_02E4E0D8 push ebx; retf 29_2_02E4E17A
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Code function: 29_2_02E4A44E push 00090081h; retn 0005h 29_2_02E4A46D
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Code function: 29_2_02E4E17B push cs; retf 29_2_02E4E1F1
Uses cacls to modify the permissions of files
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wbem\WMIC.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wbem\WMIC.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wbem\WMIC.exe Process information set: NOOPENFILEERRORBOX
Source: 12-09-2022 S#U0130PAR#U0130#U015e.docx.doc Stream path '\x1Ole10Native' entropy: 7.99740193304 (max. 8.0)

Malware Analysis System Evasion
barindex
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Windows\SysWOW64\wbem\WMIC.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_BIOS
Source: C:\Windows\SysWOW64\wbem\WMIC.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_BIOS
Contains functionality to detect virtual machines (SLDT)
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Code function: 13_3_15912360 sldt word ptr [eax] 13_3_15912360
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Source: C:\Windows\SysWOW64\wbem\WMIC.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessorId FROM WIN32_PROCESSOR
Source: C:\Windows\SysWOW64\wbem\WMIC.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessorId FROM WIN32_PROCESSOR
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Source: C:\Windows\SysWOW64\wbem\WMIC.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Name FROM Win32_ComputerSystemProduct
Source: C:\Windows\SysWOW64\wbem\WMIC.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UUID FROM Win32_ComputerSystemProduct
Source: C:\Windows\SysWOW64\wbem\WMIC.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Name FROM Win32_ComputerSystemProduct
Source: C:\Windows\SysWOW64\wbem\WMIC.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UUID FROM Win32_ComputerSystemProduct
Source: C:\Windows\splwow64.exe Thread delayed: delay time: 120000 Jump to behavior
Source: javaw.exe, 0000001D.00000003.351377071.00000000152FE000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: javaw.exe, 0000001D.00000003.351377071.00000000152FE000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: &com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: javaw.exe, 0000001D.00000002.389760370.0000000002C10000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: ,java/lang/VirtualMachineError
Source: javaw.exe, 0000001D.00000002.389760370.0000000002C10000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: |[Ljava/lang/VirtualMachineError;
Source: javaw.exe, 0000001D.00000003.351377071.00000000152FE000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: org/omg/CORBA/OMGVMCID.classPK
Source: javaw.exe, 0000000D.00000003.304711642.0000000014F14000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001D.00000003.351377071.00000000152FE000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: java/lang/VirtualMachineError.classPK
Source: javaw.exe, 0000000D.00000002.337796781.0000000000C60000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 2[Ljava/lang/VirtualMachineError;
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Memory protected: page read and write | page guard Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Process created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic CPU get ProcessorId Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Process created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic bios get serialnumber Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Process created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic csproduct get name Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Process created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic csproduct get UUID Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ver Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Process created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic CPU get ProcessorId Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Process created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic bios get serialnumber Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Process created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic csproduct get name Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Process created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic csproduct get UUID Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ver Jump to behavior
Contains functionality to query CPU information (cpuid)
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe Code function: 29_2_02DA0380 cpuid 29_2_02DA0380

Stealing of Sensitive Information
barindex
Yara detected AdWind RAT
Source: Yara match File source: 0000001D.00000002.391533154.0000000004F88000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000002.339042980.000000000458C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: javaw.exe PID: 4196, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: javaw.exe PID: 6860, type: MEMORYSTR

Remote Access Functionality
barindex
Yara detected AdWind RAT
Source: Yara match File source: 0000001D.00000002.391533154.0000000004F88000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000002.339042980.000000000458C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: javaw.exe PID: 4196, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: javaw.exe PID: 6860, type: MEMORYSTR
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 701320 Sample: 12-09-2022 S#U0130PAR#U0130... Startdate: 12/09/2022 Architecture: WINDOWS Score: 80 55 Document contains OLE streams which likely are hidden ActiveX objects 2->55 57 Multi AV Scanner detection for submitted file 2->57 59 Yara detected AdWind RAT 2->59 61 Document exploit detected (process start blacklist hit) 2->61 8 WINWORD.EXE 47 43 2->8         started        process3 file4 53 C:\Users\user\AppData\Local\Temp\a0v2H8.jar, Zip 8->53 dropped 65 Document exploit detected (creates forbidden files) 8->65 12 javaw.exe 4 8->12         started        14 javaw.exe 2 8->14         started        16 splwow64.exe 8->16         started        signatures5 process6 process7 18 WMIC.exe 1 12->18         started        21 WMIC.exe 1 12->21         started        23 WMIC.exe 1 12->23         started        31 3 other processes 12->31 25 WMIC.exe 14->25         started        27 WMIC.exe 14->27         started        29 WMIC.exe 14->29         started        33 2 other processes 14->33 signatures8 63 Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) 18->63 35 conhost.exe 18->35         started        37 conhost.exe 21->37         started        39 conhost.exe 23->39         started        41 conhost.exe 25->41         started        43 conhost.exe 27->43         started        45 conhost.exe 29->45         started        47 conhost.exe 31->47         started        49 2 other processes 31->49 51 2 other processes 33->51 process9
No contacted IP infos