First, it’s inside ZIP archives. That’s why it wasn’t reported by the Standard Shield (which does not unpack ZIPs by default).

Second, it’s in the Java packages. ClassLoader means it’s a (possibly malicious) code that’s trying to do some stuff with Java classes - and these probably contain such code.

In other words - Much Ado About Nothing, as Shakespeare would’ve said. :wink:

Vlk