File name:

gun.jar

Full analysis: https://app.any.run/tasks/d0950e43-183f-47ad-a2f0-e047908faec2
Verdict: Malicious activity
Analysis date: February 26, 2026, 18:41:12
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
java
auto
generic
arch-doc
arch-html
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

D2F4A63188DB2C577ED4ECB439761A18

SHA1:

605C5B56F6975592AF066D165131249386687BFA

SHA256:

C74C240BA0A0683CEA46978A805673A065DDBD8EAF5AEEF231D8A52811654B43

SSDEEP:

98304:PUh38NtozBXk/Q1gTe0CPUBc3JnWu/RBXL0zKnFMaMD2fBrg0H+gYU03Wyl3MUbB:Pjp3iK/Q1QeMYX3DAb

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • GENERIC has been found (auto)

      • javaw.exe (PID: 8764)

  • SUSPICIOUS

    • The process drops C-runtime libraries

      • javaw.exe (PID: 8764)

    • Starts POWERSHELL.EXE for commands execution

      • javaw.exe (PID: 8764)

    • Executable content was dropped or overwritten

      • javaw.exe (PID: 8764)
      • java.exe (PID: 6804)

    • The process creates files with name similar to system file names

      • javaw.exe (PID: 8764)

  • INFO

    • Creates files in the program directory

      • javaw.exe (PID: 2844)

    • Create files in a temporary directory

      • javaw.exe (PID: 3516)
      • javaw.exe (PID: 2872)
      • javaw.exe (PID: 2844)
      • javaw.exe (PID: 8764)
      • java.exe (PID: 6804)

    • Checks supported languages

      • javaw.exe (PID: 3516)
      • javaw.exe (PID: 2872)
      • javaw.exe (PID: 2844)
      • javaw.exe (PID: 8764)
      • java.exe (PID: 6804)

    • Reads the computer name

      • javaw.exe (PID: 2872)
      • javaw.exe (PID: 8764)
      • java.exe (PID: 6804)

    • Reads security settings of Internet Explorer

      • OpenWith.exe (PID: 4936)
      • javaw.exe (PID: 8764)

    • Creates files or folders in the user directory

      • javaw.exe (PID: 2872)

    • Application based on Java

      • javaw.exe (PID: 3516)
      • javaw.exe (PID: 2872)
      • javaw.exe (PID: 2844)
      • javaw.exe (PID: 8764)

    • Reads the machine GUID from the registry

      • javaw.exe (PID: 2872)
      • javaw.exe (PID: 8764)
      • java.exe (PID: 6804)

    • Reads Microsoft Office registry keys

      • OpenWith.exe (PID: 4936)

    • Manual execution by a user

      • javaw.exe (PID: 3516)
      • javaw.exe (PID: 8764)

    • The sample compiled with english language support

      • javaw.exe (PID: 8764)
      • java.exe (PID: 6804)

    • Checks proxy server information

      • slui.exe (PID: 1424)

    • There is functionality for taking screenshot (YARA)

      • javaw.exe (PID: 8764)

    • Drops script file

      • powershell.exe (PID: 4588)

    • Reads CPU info

      • java.exe (PID: 6804)

    • Script raised an exception (POWERSHELL)

      • powershell.exe (PID: 4588)

    • Process checks computer location settings

      • java.exe (PID: 6804)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.jar | Java Archive (78.3)
.zip | ZIP compressed archive (21.6)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0808
ZipCompression: Deflated
ZipModifyDate: 2026:02:25 08:53:52
ZipCRC: 0x00000000
ZipCompressedSize: 2
ZipUncompressedSize: -
ZipFileName: assets/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
157
Monitored processes
12
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start javaw.exe no specs icacls.exe no specs conhost.exe no specs openwith.exe no specs javaw.exe no specs javaw.exe no specs #GENERIC javaw.exe slui.exe powershell.exe no specs conhost.exe no specs java.exe conhost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1188\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeicacls.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1424C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
2844"C:\Program Files\Java\jre1.8.0_271\bin\javaw.exe" -jar C:\Users\admin\Desktop\gun.jarC:\Program Files\Java\jre1.8.0_271\bin\javaw.exeexplorer.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
1
Version:
8.0.2710.9
Modules
Images
c:\program files\java\jre1.8.0_271\bin\javaw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2872"C:\Program Files\Java\jre1.8.0_271\bin\javaw.exe" -jar "C:\Users\admin\Desktop\Launcher.jar" C:\Program Files\Java\jre1.8.0_271\bin\javaw.exeOpenWith.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
0
Version:
8.0.2710.9
Modules
Images
c:\program files\java\jre1.8.0_271\bin\javaw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
3516"C:\Program Files\Java\jre1.8.0_271\bin\javaw.exe" -jar "C:\Users\admin\Desktop\gun.jar" C:\Program Files\Java\jre1.8.0_271\bin\javaw.exeexplorer.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
1
Version:
8.0.2710.9
Modules
Images
c:\program files\java\jre1.8.0_271\bin\javaw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
4588powershell.exe -Command "$path = [Environment]::GetEnvironmentVariable('PATH','User'); if ($path -notlike '*C:\Users\admin\Desktop\jdk21\jdk-21-socket\bin*') { [Environment]::SetEnvironmentVariable('PATH', "$path;C:\Users\admin\Desktop\jdk21\jdk-21-socket\bin", 'User'); }; [Environment]::SetEnvironmentVariable('JAVA_HOME', 'C:\Users\admin\Desktop\jdk21\jdk-21-socket', 'User')"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exejavaw.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4936C:\WINDOWS\system32\OpenWith.exe -EmbeddingC:\Windows\System32\OpenWith.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Pick an app
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\openwith.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
6804C:\Users\admin\Desktop\jdk21\jdk-21-socket\bin\java.exe -Xmx2G -Xms1G -cp C:\Users\admin\Desktop\.minecraft\versions\1.21.4\1.21.4.jar;C:\Users\admin\Desktop\.minecraft\libraries\com\fasterxml\jackson\core\jackson-annotations\2.13.4\jackson-annotations-2.13.4.jar;C:\Users\admin\Desktop\.minecraft\libraries\com\fasterxml\jackson\core\jackson-core\2.13.4\jackson-core-2.13.4.jar;C:\Users\admin\Desktop\.minecraft\libraries\com\fasterxml\jackson\core\jackson-databind\2.13.4.2\jackson-databind-2.13.4.2.jar;C:\Users\admin\Desktop\.minecraft\libraries\com\github\oshi\oshi-core\6.6.5\oshi-core-6.6.5.jar;C:\Users\admin\Desktop\.minecraft\libraries\com\github\stephenc\jcip\jcip-annotations\1.0-1\jcip-annotations-1.0-1.jar;C:\Users\admin\Desktop\.minecraft\libraries\com\google\code\gson\gson\2.11.0\gson-2.11.0.jar;C:\Users\admin\Desktop\.minecraft\libraries\com\google\guava\failureaccess\1.0.2\failureaccess-1.0.2.jar;C:\Users\admin\Desktop\.minecraft\libraries\com\google\guava\guava\33.3.1-jre\guava-33.3.1-jre.jar;C:\Users\admin\Desktop\.minecraft\libraries\com\ibm\icu\icu4j\76.1\icu4j-76.1.jar;C:\Users\admin\Desktop\.minecraft\libraries\com\microsoft\azure\msal4j\1.17.2\msal4j-1.17.2.jar;C:\Users\admin\Desktop\.minecraft\libraries\com\mojang\authlib\6.0.57\authlib-6.0.57.jar;C:\Users\admin\Desktop\.minecraft\libraries\com\mojang\blocklist\1.0.10\blocklist-1.0.10.jar;C:\Users\admin\Desktop\.minecraft\libraries\com\mojang\brigadier\1.3.10\brigadier-1.3.10.jar;C:\Users\admin\Desktop\.minecraft\libraries\com\mojang\datafixerupper\8.0.16\datafixerupper-8.0.16.jar;C:\Users\admin\Desktop\.minecraft\libraries\com\mojang\jtracy\1.0.29\jtracy-1.0.29.jar;C:\Users\admin\Desktop\.minecraft\libraries\com\mojang\jtracy\1.0.29\jtracy-1.0.29-natives-windows.jar;C:\Users\admin\Desktop\.minecraft\libraries\com\mojang\logging\1.5.10\logging-1.5.10.jar;C:\Users\admin\Desktop\.minecraft\libraries\com\mojang\patchy\2.2.10\patchy-2.2.10.jar;C:\Users\admin\Desktop\.minecraft\libraries\com\mojang\text2speech\1.17.9\text2speech-1.17.9.jar;C:\Users\admin\Desktop\.minecraft\libraries\com\nimbusds\content-type\2.3\content-type-2.3.jar;C:\Users\admin\Desktop\.minecraft\libraries\com\nimbusds\lang-tag\1.7\lang-tag-1.7.jar;C:\Users\admin\Desktop\.minecraft\libraries\com\nimbusds\nimbus-jose-jwt\9.40\nimbus-jose-jwt-9.40.jar;C:\Users\admin\Desktop\.minecraft\libraries\com\nimbusds\oauth2-oidc-sdk\11.18\oauth2-oidc-sdk-11.18.jar;C:\Users\admin\Desktop\.minecraft\libraries\commons-codec\commons-codec\1.17.1\commons-codec-1.17.1.jar;C:\Users\admin\Desktop\.minecraft\libraries\commons-io\commons-io\2.17.0\commons-io-2.17.0.jar;C:\Users\admin\Desktop\.minecraft\libraries\commons-logging\commons-logging\1.3.4\commons-logging-1.3.4.jar;C:\Users\admin\Desktop\.minecraft\libraries\io\netty\netty-buffer\4.1.115.Final\netty-buffer-4.1.115.Final.jar;C:\Users\admin\Desktop\.minecraft\libraries\io\netty\netty-codec\4.1.115.Final\netty-codec-4.1.115.Final.jar;C:\Users\admin\Desktop\.minecraft\libraries\io\netty\netty-common\4.1.115.Final\netty-common-4.1.115.Final.jar;C:\Users\admin\Desktop\.minecraft\libraries\io\netty\netty-handler\4.1.115.Final\netty-handler-4.1.115.Final.jar;C:\Users\admin\Desktop\.minecraft\libraries\io\netty\netty-resolver\4.1.115.Final\netty-resolver-4.1.115.Final.jar;C:\Users\admin\Desktop\.minecraft\libraries\io\netty\netty-transport-classes-epoll\4.1.115.Final\netty-transport-classes-epoll-4.1.115.Final.jar;C:\Users\admin\Desktop\.minecraft\libraries\io\netty\netty-transport-native-unix-common\4.1.115.Final\netty-transport-native-unix-common-4.1.115.Final.jar;C:\Users\admin\Desktop\.minecraft\libraries\io\netty\netty-transport\4.1.115.Final\netty-transport-4.1.115.Final.jar;C:\Users\admin\Desktop\.minecraft\libraries\it\unimi\dsi\fastutil\8.5.15\fastutil-8.5.15.jar;C:\Users\admin\Desktop\.minecraft\libraries\net\java\dev\jna\jna-platform\5.15.0\jna-platform-5.15.0.jar;C:\Users\admin\Desktop\.minecraft\libraries\net\java\dev\jna\jna\5.15.0\jna-5.15.0.jar;C:\Users\admin\Desktop\.minecraft\libraries\net\minidev\accessors-smart\2.5.1\accessors-smart-2.5.1.jar;C:\Users\admin\Desktop\.minecraft\libraries\net\minidev\json-smart\2.5.1\json-smart-2.5.1.jar;C:\Users\admin\Desktop\.minecraft\libraries\net\sf\jopt-simple\jopt-simple\5.0.4\jopt-simple-5.0.4.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\apache\commons\commons-compress\1.27.1\commons-compress-1.27.1.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\apache\commons\commons-lang3\3.17.0\commons-lang3-3.17.0.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\apache\httpcomponents\httpclient\4.5.14\httpclient-4.5.14.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\apache\httpcomponents\httpcore\4.4.16\httpcore-4.4.16.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\apache\logging\log4j\log4j-api\2.24.1\log4j-api-2.24.1.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\apache\logging\log4j\log4j-core\2.24.1\log4j-core-2.24.1.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\apache\logging\log4j\log4j-slf4j2-impl\2.24.1\log4j-slf4j2-impl-2.24.1.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\jcraft\jorbis\0.0.17\jorbis-0.0.17.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\joml\joml\1.10.8\joml-1.10.8.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows-arm64.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows-x86.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows-arm64.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows-x86.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows-arm64.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows-x86.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows-arm64.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows-x86.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows-arm64.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows-x86.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows-arm64.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows-x86.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows-arm64.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows-x86.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows-arm64.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows-x86.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\lz4\lz4-java\1.8.0\lz4-java-1.8.0.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\ow2\asm\asm\9.9\asm-9.9.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\slf4j\slf4j-api\2.0.16\slf4j-api-2.0.16.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\ow2\asm\asm-analysis\9.9\asm-analysis-9.9.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\ow2\asm\asm-commons\9.9\asm-commons-9.9.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\ow2\asm\asm-tree\9.9\asm-tree-9.9.jar;C:\Users\admin\Desktop\.minecraft\libraries\org\ow2\asm\asm-util\9.9\asm-util-9.9.jar;C:\Users\admin\Desktop\.minecraft\libraries\net\fabricmc\sponge-mixin\0.17.0+mixin.0.8.7\sponge-mixin-0.17.0+mixin.0.8.7.jar;C:\Users\admin\Desktop\.minecraft\libraries\net\fabricmc\intermediary\1.21.4\intermediary-1.21.4.jar;C:\Users\admin\Desktop\.minecraft\libraries\net\fabricmc\fabric-loader\0.18.4\fabric-loader-0.18.4.jar net.fabricmc.loader.impl.launch.knot.KnotClient --version Fabric-1.21.4 --gameDir C:\Users\admin\Desktop\.minecraft --assetsDir C:\Users\admin\Desktop\.minecraft\assets --assetIndex 19 --username DevUser --uuid 214a12d12af548f49f6d62685ba75788C:\Users\admin\Desktop\jdk21\jdk-21-socket\bin\java.exe
javaw.exe
User:
admin
Company:
N/A
Integrity Level:
MEDIUM
Description:
OpenJDK Platform binary
Exit code:
0
Version:
21.0.0.0
Modules
Images
c:\users\admin\desktop\jdk21\jdk-21-socket\bin\java.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\users\admin\desktop\jdk21\jdk-21-socket\bin\jli.dll
c:\windows\system32\user32.dll
c:\users\admin\desktop\jdk21\jdk-21-socket\bin\vcruntime140.dll
c:\windows\system32\win32u.dll
c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.3636_none_60b6a03d71f818d5\comctl32.dll
7864\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
8396\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exejava.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
11 786
Read events
11 783
Write events
3
Delete events
0

Modification events

(PID) Process:(4936) OpenWith.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jar\OpenWithProgids
Operation:writeName:jarfile
Value:
Executable files
261
Suspicious files
3 989
Text files
586
Unknown types
5

Dropped files

PID
Process
Filename
Type
8764javaw.exeC:\Users\admin\Desktop\jdk21\jdk.zip
MD5:
SHA256:
2872javaw.exeC:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1693682860-607145093-2874071422-1001\83aa4cc77f591dfc2374580bbd95f6ba_bb926e54-e3ca-40fd-ae90-2764341e7792binary
MD5:C8366AE350E7019AEFC9D1E6E6A498C6
SHA256:11E6ACA8E682C046C83B721EEB5C72C5EF03CB5936C60DF6F4993511DDC61238
8764javaw.exeC:\Users\admin\Desktop\jdk21\jdk-21-socket\bin\api-ms-win-core-datetime-l1-1-0.dllexecutable
MD5:25703479A9CF8CD6DD88F4AC8C00BDE4
SHA256:163138952CF5DC46DC05AED1B5F5B027BD4EA5BDD00A3E5151AFDFB780BF7AEA
8764javaw.exeC:\Users\admin\Desktop\jdk21\jdk-21-socket\bin\api-ms-win-core-debug-l1-1-0.dllexecutable
MD5:0E1744395E9DD184241DC4C893101E18
SHA256:3F36DAA27A99D62A495D2BA7DDCB995EE42E2A0F2AEA3C1F7513FF184AED499A
8764javaw.exeC:\Users\admin\Desktop\jdk21\jdk-21-socket\bin\api-ms-win-core-fibers-l1-1-0.dllexecutable
MD5:6C1C6B86A7DA27838F3A6B079FEB9E3C
SHA256:A545677259BB6BF3EAEE996DE0E7645E8D3DD234333F44E068E71CF62ACD94FF
2844javaw.exeC:\ProgramData\Oracle\Java\.oracle_jre_usage\17dfc292991c8061.timestamptext
MD5:4B92C10FB6631FCBE03E1A5E57C57C4A
SHA256:EEA850232B610371FBB53C6CCBE5E0C5CF81440BB15A473FC7385BA48664AA91
8764javaw.exeC:\Users\admin\Desktop\jdk21\jdk-21-socket\bin\api-ms-win-core-console-l1-2-0.dllexecutable
MD5:5BF470718F3DA333AE485C6DCD24C1D8
SHA256:EE411AC1294979ADB5814E40A97CAADC8904887505E0A21BC04EBEB201841227
8764javaw.exeC:\Users\admin\Desktop\jdk21\jdk-21-socket\bin\api-ms-win-core-console-l1-1-0.dllexecutable
MD5:B60CC4D50DE70129FE77C7CF2FF06598
SHA256:C235EC94CC18531748264BCCE631C8C2931F35B6887C4FED88A21E2C6EFBCDC7
8764javaw.exeC:\Users\admin\Desktop\jdk21\jdk-21-socket\bin\api-ms-win-core-kernel32-legacy-l1-1-1.dllexecutable
MD5:4A2C507A003EF7B7F37C9C12ACD61512
SHA256:5066689BBA608CFF7DCB7EDCA6381C3898076E8D51BBB2F4CDEB593926E9DB50
8764javaw.exeC:\Users\admin\Desktop\jdk21\jdk-21-socket\bin\api-ms-win-core-interlocked-l1-1-0.dllexecutable
MD5:86772A29EB599D76E4A9C8F9AE9D2CB5
SHA256:2A198A0F1CDCCBB3C8660387468B9FE9054ABEBC60B6BD3340A35C40E41633BC
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
30
TCP/UDP connections
944
DNS requests
36
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6768
MoUsoCoreWorker.exe
GET
304
20.73.194.208:443
https://settings-win.data.microsoft.com/settings/v3.0/OneSettings/Client?OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&LocalDeviceID=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&FlightRing=Retail&AttrDataVer=186&OSUILocale=en-US&OSSkuId=48&App=WOSC&AppVer=&IsFlightingEnabled=0&TelemetryLevel=1&DeviceFamily=Windows.Desktop
unknown
whitelisted
5180
svchost.exe
GET
304
20.73.194.208:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/UpdateHealthTools?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3626&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=4294967295&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=SedimentPack&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2
unknown
whitelisted
8916
SIHClient.exe
GET
304
74.178.76.128:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
whitelisted
8916
SIHClient.exe
GET
200
13.95.31.18:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
unknown
whitelisted
8916
SIHClient.exe
GET
200
74.178.76.128:443
https://slscr.update.microsoft.com/sls/ping
unknown
whitelisted
8916
SIHClient.exe
GET
304
74.178.76.128:443
https://slscr.update.microsoft.com/SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
whitelisted
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAjTxtAB8my1oj8MfWpz%2F7Y%3D
unknown
whitelisted
356
svchost.exe
POST
200
20.190.159.64:443
https://login.live.com/RST2.srf
unknown
xml
11.1 Kb
whitelisted
GET
200
204.79.197.203:80
http://oneocsp.microsoft.com/ocsp/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQ3L3%2F%2Fa6ADK8NraY2GXzVaYrHG4AQUb6t%2B2v%2BXQ3LsO2d33oJhNYhHQoUCEzMAAAAGb6JMMcOVb6sAAAAAAAY%3D
unknown
whitelisted
356
svchost.exe
POST
200
20.190.159.64:443
https://login.live.com/RST2.srf
unknown
xml
10.3 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:137
Not routed
whitelisted
8552
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6768
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2.16.204.149:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted
204.79.197.203:80
oneocsp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
356
svchost.exe
20.190.159.64:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 40.127.240.158
  • 20.73.194.208
  • 4.231.128.59
whitelisted
google.com
  • 216.58.206.46
whitelisted
www.bing.com
  • 2.16.204.149
  • 2.16.204.142
  • 2.16.204.148
  • 2.16.204.160
  • 2.16.204.143
  • 2.16.204.135
  • 2.16.204.146
  • 2.16.204.139
  • 2.16.204.138
whitelisted
self.events.data.microsoft.com
  • 13.89.178.26
  • 20.189.173.18
whitelisted
ocsp.digicert.com
  • 184.30.131.245
  • 172.66.2.5
  • 162.159.142.9
whitelisted
oneocsp.microsoft.com
  • 204.79.197.203
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
login.live.com
  • 20.190.159.64
  • 20.190.159.71
  • 20.190.159.4
  • 20.190.159.129
  • 20.190.159.130
  • 20.190.159.68
  • 40.126.31.69
  • 40.126.31.0
  • 40.126.32.72
  • 40.126.32.140
  • 20.190.160.131
  • 40.126.32.136
  • 40.126.32.133
  • 20.190.160.2
  • 40.126.32.138
  • 20.190.160.66
whitelisted
crl.microsoft.com
  • 2.16.164.81
  • 2.16.164.120
  • 2.16.164.96
  • 2.16.164.32
  • 2.16.164.114
  • 2.16.164.58
  • 2.16.164.9
  • 2.16.164.10
  • 2.16.164.34
  • 2.16.164.128
  • 2.16.164.98
  • 2.16.164.18
  • 2.16.164.106
whitelisted
www.microsoft.com
  • 23.59.18.102
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
gun.jar