General Info

File name

iCapture.jnlp

Full analysis
https://app.any.run/tasks/39b7b7dc-9eb0-402e-8ad5-77ce91138b0a
Verdict
Malicious activity
Analysis date
11/8/2018, 13:53:24
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
text/xml
File info:
XML 1.0 document, ASCII text, with CRLF line terminators
MD5

374c3c4f82e4b9dacdd47ddbeb3f75cc

SHA1

9630d19478a97135e7fd926995837ce75f2aa73d

SHA256

d5e48bec5f07fc3fb83b5ed2d1cc8f0c13ae233980250fe99f0ea8817b7e6b3c

SSDEEP

24:2daMgR4BIpU2p4Fa8jGPAZkLgYUzY4HBEQsR4BoVEsR4BoZom9zvn:caYB4uPBEQDBoyDBoZomJ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
180 seconds
Additional time used
120 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

Creates files in the user directory
  • jp2launcher.exe (PID: 1264)
Connects to unusual port
  • jp2launcher.exe (PID: 1264)
Executes JAVA applets
  • javaws.exe (PID: 3672)
Application launched itself
  • javaws.exe (PID: 3672)
Check for Java to be installed
  • javaws.exe (PID: 3672)

No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.jnlp
|   Java Web Start application descriptor (88.3%)
.xml
|   Generic XML (ASCII) (11.6%)
EXIF
XMP
JnlpSpec:
1.0+
JnlpCodebase:
https://remotedeposit.myfirstfarmers.com:8443/iCapWeb
JnlpHref:
iCapture.jnlp
JnlpInformationTitle:
iCapture Thin Client
JnlpInformationVendor:
SEI 3.2.12.5
JnlpInformationHomepageHref:
http://www.softwareearnings.com
JnlpInformationDescription:
iCapture Thin Client
JnlpInformationDescriptionKind:
short
JnlpInformationOffline-allowed:
null
JnlpSecurityAll-permissions:
null
JnlpResourcesOs:
Windows
JnlpResourcesJ2seVersion:
1.6+
JnlpResourcesJ2seHref:
http://java.sun.com/products/autodl/j2se
JnlpResourcesJarHref:
sThinClient.jar
JnlpResourcesJarMain:
true
JnlpApplication-descMain-class:
com.sei.swing.client.MainFrame
JnlpApplication-descArgument:
remotedeposit.myfirstfarmers.com

Screenshots

Processes

Total processes
36
Monitored processes
6
Malicious processes
2
Suspicious processes
0

Behavior graph

+
start javaws.exe no specs javaw.exe no specs javaw.exe no specs javaw.exe no specs javaws.exe jp2launcher.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3672
CMD
"C:\Program Files\Java\jre1.8.0_92\bin\javaws.exe" "C:\Users\admin\AppData\Local\Temp\iCapture.jnlp"
Path
C:\Program Files\Java\jre1.8.0_92\bin\javaws.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Oracle Corporation
Description
Java(TM) Web Start Launcher
Version
11.92.2.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\javaws.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\progra~1\java\jre18~1.0_9\bin\msvcr100.dll
c:\progra~1\java\jre18~1.0_9\bin\deploy.dll
c:\windows\system32\wininet.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\duser.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\program files\java\jre1.8.0_92\bin\jp2launcher.exe

PID
2584
CMD
"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_9\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.11.92.2" "later"
Path
C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe
Indicators
No indicators
Parent process
javaws.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Oracle Corporation
Description
Java(TM) Platform SE binary
Version
8.0.920.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\progra~1\java\jre18~1.0_9\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\program files\java\jre1.8.0_92\bin\verify.dll
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\program files\java\jre1.8.0_92\bin\zip.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\program files\java\jre1.8.0_92\bin\awt.dll
c:\windows\system32\oleaut32.dll
c:\progra~1\java\jre18~1.0_9\bin\deploy.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\java\jre1.8.0_92\bin\net.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\program files\java\jre1.8.0_92\bin\nio.dll

PID
2908
CMD
"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_9\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.timestamp.11.92.2" "1541681623"
Path
C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe
Indicators
No indicators
Parent process
javaws.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Oracle Corporation
Description
Java(TM) Platform SE binary
Version
8.0.920.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\progra~1\java\jre18~1.0_9\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\program files\java\jre1.8.0_92\bin\verify.dll
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\program files\java\jre1.8.0_92\bin\zip.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\program files\java\jre1.8.0_92\bin\awt.dll
c:\windows\system32\oleaut32.dll
c:\progra~1\java\jre18~1.0_9\bin\deploy.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\java\jre1.8.0_92\bin\net.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\program files\java\jre1.8.0_92\bin\nio.dll

PID
3304
CMD
"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_9\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.suppression.11.92.2" "false"
Path
C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe
Indicators
No indicators
Parent process
javaws.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Oracle Corporation
Description
Java(TM) Platform SE binary
Version
8.0.920.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\progra~1\java\jre18~1.0_9\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\program files\java\jre1.8.0_92\bin\verify.dll
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\program files\java\jre1.8.0_92\bin\zip.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\program files\java\jre1.8.0_92\bin\awt.dll
c:\windows\system32\oleaut32.dll
c:\progra~1\java\jre18~1.0_9\bin\deploy.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\java\jre1.8.0_92\bin\net.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\program files\java\jre1.8.0_92\bin\nio.dll

PID
3668
CMD
JavaWSSplashScreen -splash 49220 "C:\Program Files\Java\jre1.8.0_92\lib\deploy\splash.gif"
Path
C:\Program Files\Java\jre1.8.0_92\bin\javaws.exe
Indicators
Parent process
javaws.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Oracle Corporation
Description
Java(TM) Web Start Launcher
Version
11.92.2.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\javaws.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\progra~1\java\jre18~1.0_9\bin\msvcr100.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\program files\java\jre1.8.0_92\bin\splashscreen.dll
c:\windows\system32\cryptbase.dll

PID
1264
CMD
"C:\Program Files\Java\jre1.8.0_92\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_92" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfOTJcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF85MlxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF85MlxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURqbmxweC5vcmlnRmlsZW5hbWVBcmc9QzpcVXNlcnNcYWRtaW5cQXBwRGF0YVxMb2NhbFxUZW1wXGlDYXB0dXJlLmpubHAALURqbmxweC5yZW1vdmU9dHJ1ZQAtRHN1bi5hd3Qud2FybXVwPXRydWUALVhib290Y2xhc3NwYXRoL2E6QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzkyXGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF85MlxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfOTJcbGliXHBsdWdpbi5qYXIALURqbmxweC5zcGxhc2hwb3J0PTQ5MjIyAC1Eam5scHguanZtPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF85MlxiaW5camF2YXcuZXhl -ma QzpcVXNlcnNcYWRtaW5cQXBwRGF0YVxMb2NhbFxUZW1wXGphdmF3czI=
Path
C:\Program Files\Java\jre1.8.0_92\bin\jp2launcher.exe
Indicators
Parent process
javaws.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Oracle Corporation
Description
Java(TM) Web Launcher
Version
11.92.2.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\jp2launcher.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\progra~1\java\jre18~1.0_9\bin\msvcr100.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\java\jre1.8.0_92\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\program files\java\jre1.8.0_92\bin\verify.dll
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\program files\java\jre1.8.0_92\bin\awt.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\dwmapi.dll
c:\program files\java\jre1.8.0_92\bin\jli.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\program files\java\jre1.8.0_92\bin\zip.dll
c:\windows\system32\vga.dll
c:\progra~1\java\jre18~1.0_9\bin\deploy.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imagehlp.dll
c:\program files\java\jre1.8.0_92\bin\net.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\program files\java\jre1.8.0_92\bin\nio.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\program files\java\jre1.8.0_92\bin\sunec.dll
c:\program files\java\jre1.8.0_92\bin\sunmscapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\program files\java\jre1.8.0_92\bin\fontmanager.dll
c:\program files\java\jre1.8.0_92\bin\t2k.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\program files\java\jre1.8.0_92\bin\dcpr.dll
c:\program files\java\jre1.8.0_92\bin\management.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll

Registry activity

Total events
214
Read events
104
Write events
100
Delete events
10

Modification events

PID
Process
Operation
Key
Name
Value
2584
javaw.exe
delete key
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
2584
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.modified.timestamp
1535457890299
2584
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.roaming.profile
false
2584
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.version
8
2584
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expired.version
11.92.2
2584
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.browser.path
C:\Program Files\Internet Explorer\iexplore.exe
2584
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expiration.decision.11.92.2
later
2908
javaw.exe
delete key
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
2908
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.modified.timestamp
1541681623235
2908
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.roaming.profile
false
2908
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.version
8
2908
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expiration.decision.11.92.2
later
2908
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expired.version
11.92.2
2908
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.browser.path
C:\Program Files\Internet Explorer\iexplore.exe
2908
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expiration.decision.timestamp.11.92.2
1541681623
3304
javaw.exe
delete key
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
3304
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.modified.timestamp
1541681623610
3304
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.roaming.profile
false
3304
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.version
8
3304
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expiration.decision.11.92.2
later
3304
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expired.version
11.92.2
3304
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expiration.decision.timestamp.11.92.2
1541681623
3304
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.browser.path
C:\Program Files\Internet Explorer\iexplore.exe
3304
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expiration.decision.suppression.11.92.2
false
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
jp2launcher.exe
1264
jp2launcher.exe
delete key
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.modified.timestamp
1541681624000
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.roaming.profile
false
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expiration.decision.suppression.11.92.2
false
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.version
8
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expiration.decision.11.92.2
later
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expired.version
11.92.2
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expiration.decision.timestamp.11.92.2
1541681623
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.browser.path
C:\Program Files\Internet Explorer\iexplore.exe
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1264
jp2launcher.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jp2launcher_RASAPI32
EnableFileTracing
0
1264
jp2launcher.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jp2launcher_RASAPI32
EnableConsoleTracing
0
1264
jp2launcher.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jp2launcher_RASAPI32
FileTracingMask
4294901760
1264
jp2launcher.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jp2launcher_RASAPI32
ConsoleTracingMask
4294901760
1264
jp2launcher.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jp2launcher_RASAPI32
MaxFileSize
1048576
1264
jp2launcher.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jp2launcher_RASAPI32
FileDirectory
%windir%\tracing
1264
jp2launcher.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jp2launcher_RASMANCS
EnableFileTracing
0
1264
jp2launcher.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jp2launcher_RASMANCS
EnableConsoleTracing
0
1264
jp2launcher.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jp2launcher_RASMANCS
FileTracingMask
4294901760
1264
jp2launcher.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jp2launcher_RASMANCS
ConsoleTracingMask
4294901760
1264
jp2launcher.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jp2launcher_RASMANCS
MaxFileSize
1048576
1264
jp2launcher.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jp2launcher_RASMANCS
FileDirectory
%windir%\tracing
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.javaws.appicon.index
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\appIcon\appIcon.xml
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.javaws.splash.index
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\splash\splash.xml
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\JavaSoft\Java Runtime Environment\Security Baseline
1.4.2
1.4.2_99
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\JavaSoft\Java Runtime Environment\Security Baseline
1.5.0
1.5.0_99
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\JavaSoft\Java Runtime Environment\Security Baseline
1.6.0
1.6.0_211
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\JavaSoft\Java Runtime Environment\Security Baseline
1.7.0
1.7.0_201
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\JavaSoft\Java Runtime Environment\Security Baseline
1.8.0
1.8.0_191

Files activity

Executable files
10
Suspicious files
4
Text files
30
Unknown types
33

Dropped files

PID
Process
Filename
Type
1264
jp2launcher.exe
C:\Users\admin\java0.log
text
MD5: 1ffd6f5d810464485907595a1caf980a
SHA256: 41fd2f9fc9f88a9991c31347a26da497861f4fb531e2d2aa42da6a4c9ffc40f4
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\5d22c5c8-57d17d3a
java
MD5: c71e42e24aaa6ff99d357761dcc93313
SHA256: c2660b57a0ffccc48376067cca54b597276a3647b02dadbca09af3234b57bba9
1264
jp2launcher.exe
C:\Users\admin\java0.log
text
MD5: 41e2774df2fe06a721b138930569cc06
SHA256: 5e1dce829fedce14615dab313169c3082c47f1d6e4880b7e1db296c4e504d7af
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\security\update.securitypack.timestamp
binary
MD5: 5058f1af8388633f609cadb75a75dc9d
SHA256: cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties
text
MD5: ef08bd6acf014b578a75868e74676a58
SHA256: 5ae7f6e579404015dfdba00a9b323787b117e05fcee916a6eb3bacbe6f868670
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\security\baseline.versions
text
MD5: 97ad88685fd7fceafb3a3eb75a4eba65
SHA256: 2eb698b70b61aa048b149c55e0718523e52b79554b40114d48428e22efe7b5be
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\security\blacklisted.certs
text
MD5: d54441f027147f5d3a03180a2751ba68
SHA256: 1cb53d7ea108ede8b20e562bfa959842f264279950bd5fbc4c3709da9a618590
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\security\blacklist.dynamic
text
MD5: b2c6eae6382150192ea3912393747180
SHA256: 6c73c877b36d4abd086cb691959b180513ac5abc0c87fe9070d2d5426d3dbf71
1264
jp2launcher.exe
C:\Users\admin\java0.log
text
MD5: f191ff7143ff769b037cff9bb434b9a1
SHA256: be661ff1027844515d34e1e189502c173f59ea494e5722bbe34378a57770c013
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\security\securitypack.jar
compressed
MD5: b2548a04ccf1365006cf1c0d84f31e0b
SHA256: 7ee8cc9a4c41da5cc2282493b2ad6ab36ef566a9359e17364bb301bba9abc302
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\202866f-976f7317e19181610bae1c3cef46200993ee8b2a75e30c0a4d3b480160d7cdf6-6.0.lap
text
MD5: e9a80c014a6e1c82ac7f6ded8555f17e
SHA256: f9e72b5d588e28db5a043a3fba83b686f0c0877423024b0b3bf1ee36571af4bc
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties
text
MD5: c7723de5d625dee1f3f224207404ccff
SHA256: db6d7f4305839443c5105a678df6c752fa00c7b10f106273083358cbdf035227
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\202866f-976f7317e19181610bae1c3cef46200993ee8b2a75e30c0a4d3b480160d7cdf6-6.0.lap
text
MD5: af80f8162450bb60da0d73d28f3a5034
SHA256: 07ff1badd1dcf2020642dce5d39714507bd8fe096dc528a1ec273a3586e59d73
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\9fb3a10-75237ca9.idx
abr
MD5: 2a02ba6f99c0a4a5d433811561af333a
SHA256: 637e5373994df8816d18ca3346ca6b154d9f8bcc3cdef75d5b13fce7d2638907
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties
text
MD5: 44b3ef3eae73346d5f97309e14f7adb6
SHA256: 28e46ad4c3de3179b4f5f6daeb651c0d942b161f2656fa7b14b2b5511dc720df
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\9fb3a10-75237ca9
java
MD5: 78808876c29f74d5b1dbd5aa328013f7
SHA256: 6cd975334a077f54ae91e3294c4bc4ff0ce871feeeaef79178ba9cb963cd34a9
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\9fb3a10-75237ca9-temp
––
MD5:  ––
SHA256:  ––
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\6e2ce4ce-234b134b.idx
abr
MD5: 9c156dc663c19eadde1b1b5b2237c8d0
SHA256: 6ac9b024164f9e51983e08ce18fcc3cfe6faee190ef29ac56207934c23a936c9
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\6e2ce4ce-234b134b
java
MD5: 88f1c49ff50e89382c7ef6da127399de
SHA256: e211665182ed81d960b68b098a0e8f9b8d495d29ce21b550d75561710d8053ad
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\6e2ce4ce-234b134b-temp
––
MD5:  ––
SHA256:  ––
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1a6bcba6-22494f77.idx
abr
MD5: 0e3b3da9fc2daf0de41940e7c48df4b3
SHA256: 59aa9903b86c11b9c0521373b7de24ed929b7efa2682d74f1ec60dfe15652c89
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\5fe2e9cd-1437ae85.idx
abr
MD5: e54a0827e5f0000d9e8373138aec2bc3
SHA256: e2dad3295e24766c1f1368bdb4da68e550e99f30b4a3007f2b3b7642a319abd1
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1a6bcba6-22494f77
java
MD5: 74ee7215166de10855220193f089ae74
SHA256: 8068fffcd32f0fbee6171ee337d515b696f5e55b8c585ca7c210a737641649ac
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1a6bcba6-22494f77-temp
––
MD5:  ––
SHA256:  ––
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1a6bcba6-22494f77.idx
abr
MD5: 7a2b2a6a7418160b22d307f5bea63383
SHA256: f7118afb02ddeac1d903751e9e0f252ca7bde1b5357ce966c777d471d1e1e50d
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\5fe2e9cd-1437ae85
java
MD5: 019fe08154489b0732093434cce2c62a
SHA256: ec5b6c952cd3cfc8c2f293a66a960556bb0bf3a12372713f952ff9aad2af9098
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\5fe2e9cd-1437ae85-temp
––
MD5:  ––
SHA256:  ––
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\43f3f501-3d75fdfd.idx
abr
MD5: 157283b8a28f9ebb463485c84299e508
SHA256: 428f98e2e10e3719b6a92708bbdd70b653dd8bc880b4df3b0198b46746422cee
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\43f3f501-3d75fdfd
java
MD5: 1e2b89bed1b7b262c78d5cc6bf5c064f
SHA256: 83dae34386305b9106f269e675da098ecd7a5d7b98e30d63cca9b5edf2db5d1e
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\43f3f501-3d75fdfd-temp
––
MD5:  ––
SHA256:  ––
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\4fc79d80-4c2b25b7.idx
abr
MD5: c4d6b4d8766535ac699ae1fedec7ba5e
SHA256: 0d3a96a42827949a90057e787b0ff8b17c09f77582f551381ca871f6a6f4e2de
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\4fc79d80-4c2b25b7
java
MD5: 761995a6e7e91c94ae40a0b55cbabee4
SHA256: 8f2c635c43d76fe608c8e3611bdf4f86175a9b314a254c01360dfcf6c3df6c90
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\4fc79d80-4c2b25b7-temp
––
MD5:  ––
SHA256:  ––
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\5fe2e9cd-1437ae85.idx
––
MD5:  ––
SHA256:  ––
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\5d22c5c8-57d17d3a.idx
abr
MD5: 4516c4d4119fe63817d59a812f5116fe
SHA256: d196ee6749096c07c1f5d30edc0417349fa6c2d257a47e1a86d611b01815084e
1264
jp2launcher.exe
C:\Users\admin\java0.log
text
MD5: a5c89f4134fb1ea73f8aaf227d38a225
SHA256: a2dd292aed9c2c4fed73494f1b322c7c2ac62a714f979f6b8fc41c2dbb0490db
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\6c1eef9b-7fb257ae.idx
abr
MD5: 2460ec364d03333ffdc7086415d6c7a5
SHA256: 0cb090d237e0781b8970dceca9807fb3462b0e0795d81b6ae4f0961b152b62fd
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\5d22c5c8-57d17d3a-temp
––
MD5:  ––
SHA256:  ––
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\6e2ce4ce-234b134b.idx
abr
MD5: 7a2b2a6a7418160b22d307f5bea63383
SHA256: f7118afb02ddeac1d903751e9e0f252ca7bde1b5357ce966c777d471d1e1e50d
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\6c1eef9b-7fb257ae
java
MD5: 55124c4c553ce87307c9c8bbb5486078
SHA256: 57414ce80c771167f8b7d9cb5d12fe209dd15cc8962038ff2c3a444d7b0ceab4
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\6c1eef9b-7fb257ae-temp
––
MD5:  ––
SHA256:  ––
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\743d94ab-31db7f2c.idx
abr
MD5: 0fe5d0ef9764374a757018c3ff5f5f7b
SHA256: 0f02e0e57b9e9d8efd9a61bf63a01e922797d4102106500578946001e77362dc
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\743d94ab-31db7f2c
java
MD5: ef2fe02a88ae789fd95a09236553b3b4
SHA256: 6d4c964805d30ef216da3779a6aabf28b0672b12b70ec35629fe5ff426526f0b
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\743d94ab-31db7f2c-temp
––
MD5:  ––
SHA256:  ––
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\1738982d-27035a25.idx
abr
MD5: c9088eacc391fb6fb0ee5707ee8f3c16
SHA256: f1625caf42a09aec89f680db104e5068ed364f5db84e64ce11d383c4134cec32
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\security\blacklist.cache
binary
MD5: 5fc0ecc5bc586d6cf605f844f162f051
SHA256: 6e2bffbf08081f926fe899a34fa7b0e0f355186583ee067925b8ecb5b4f274c0
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\1738982d-27035a25
java
MD5: abade1f625843914119a9046ca508698
SHA256: 971b682ae532d2faf5f8aafdea9a2ecf026c216cc39b0951f53e1ee4059a71d3
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\1738982d-27035a25-temp
––
MD5:  ––
SHA256:  ––
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\1738982d-27035a25.idx
abr
MD5: 7a2b2a6a7418160b22d307f5bea63383
SHA256: f7118afb02ddeac1d903751e9e0f252ca7bde1b5357ce966c777d471d1e1e50d
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\5d22c5c8-57d17d3a.idx
abr
MD5: 7a2b2a6a7418160b22d307f5bea63383
SHA256: f7118afb02ddeac1d903751e9e0f252ca7bde1b5357ce966c777d471d1e1e50d
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\743d94ab-31db7f2c.idx
abr
MD5: 7a2b2a6a7418160b22d307f5bea63383
SHA256: f7118afb02ddeac1d903751e9e0f252ca7bde1b5357ce966c777d471d1e1e50d
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\9fb3a10-75237ca9.idx
abr
MD5: 7a2b2a6a7418160b22d307f5bea63383
SHA256: f7118afb02ddeac1d903751e9e0f252ca7bde1b5357ce966c777d471d1e1e50d
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\202866f-976f7317e19181610bae1c3cef46200993ee8b2a75e30c0a4d3b480160d7cdf6-6.0.lap
text
MD5: 1b81607452e4731bf3aa7ed826587956
SHA256: 83ba6ee1071fba2fbaa02ff1c78a97e5b8604e80ecbf78d95794c1be4380c15d
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\202866f-7e344805.idx
abr
MD5: 4ceb4682aa11cdb3749903c71505b29a
SHA256: d2a4a6c0ad5ce1aa4e29f264e231713f2bc81e5ca07ecc17ef01f08e5076ac84
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\lastAccessed
binary
MD5: 5058f1af8388633f609cadb75a75dc9d
SHA256: cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\202866f-7e344805
xml
MD5: 374c3c4f82e4b9dacdd47ddbeb3f75cc
SHA256: d5e48bec5f07fc3fb83b5ed2d1cc8f0c13ae233980250fe99f0ea8817b7e6b3c
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\202866f-7e344805-temp
––
MD5:  ––
SHA256:  ––
1264
jp2launcher.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\83aa4cc77f591dfc2374580bbd95f6ba_90059c37-1320-41a4-b58d-2b75a9850d2f
dbf
MD5: c8366ae350e7019aefc9d1e6e6a498c6
SHA256: 11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238
1264
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties
text
MD5: 1c9ab3d0fd497261b4576ba1428e5d7c
SHA256: 9b27815802ab4f4a6aba8e6222cf613ec5da36c3a35eb58e503295470ca37acc
1264
jp2launcher.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp
text
MD5: 62785420155b833e015113f2c8b22472
SHA256: 70841ebb127a37ffdaeaca6cf0804cb65326fa6a6afa92a04a9040c7595605aa
3672
javaws.exe
C:\Users\admin\AppData\Local\Temp\javaws2
xml
MD5: 374c3c4f82e4b9dacdd47ddbeb3f75cc
SHA256: d5e48bec5f07fc3fb83b5ed2d1cc8f0c13ae233980250fe99f0ea8817b7e6b3c
3304
javaw.exe
C:\Users\admin\AppData\Local\Temp\JavaDeployReg.log
text
MD5: daa6ca4a858f0a916971946b3d5bc481
SHA256: 74d2b3e3d6b42fca773579d2654f9ebee63c980fe01ce9557b6ba2857cf882da
3304
javaw.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties
text
MD5: cb9bc372ec081cd8a321558fb4d0cc72
SHA256: 6c1a933405430bf4da2ee9acf1b263bf615caa5d163709c6764b19dd48f47859
3304
javaw.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp
text
MD5: 3756dfbd246f524e87273ac1c3b3d7d0
SHA256: 84179ae11c67bd3947a02b90e6687cc90aeb304b50f74d8890bee027c5c2d1f4
2908
javaw.exe
C:\Users\admin\AppData\Local\Temp\JavaDeployReg.log
text
MD5: daa6ca4a858f0a916971946b3d5bc481
SHA256: 74d2b3e3d6b42fca773579d2654f9ebee63c980fe01ce9557b6ba2857cf882da
2908
javaw.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties
text
MD5: cb9bc372ec081cd8a321558fb4d0cc72
SHA256: 6c1a933405430bf4da2ee9acf1b263bf615caa5d163709c6764b19dd48f47859
2908
javaw.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp
text
MD5: 90b588e2d95b4c25ef96a2a62cd7e4b9
SHA256: 07411a27dfdd58e2621c602ded5854ecec9df22bd2e602931416902661134fb9
2584
javaw.exe
C:\Users\admin\AppData\Local\Temp\JavaDeployReg.log
––
MD5:  ––
SHA256:  ––
2584
javaw.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties
text
MD5: 7a18666439f9928fd47deafa456703bb
SHA256: 4baaedcd95120032c78241755a32a991cf583cb599bf7063d308e2341f2e9365
2584
javaw.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp
text
MD5: b98cb027ec531d67a9c22dfd15c667df
SHA256: 97126fbc3f89b7c7a75a0a9fd5bc4e794fb5e7e93c1e94c61ce148c023749fc4

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
10
TCP/UDP connections
62
DNS requests
7
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
1264 jp2launcher.exe POST 200 188.121.36.239:80 http://ocsp.godaddy.com/ NL
binary
der
whitelisted
1264 jp2launcher.exe POST 200 188.121.36.239:80 http://ocsp.godaddy.com/ NL
binary
der
whitelisted
1264 jp2launcher.exe POST 200 188.121.36.239:80 http://ocsp.godaddy.com/ NL
binary
der
whitelisted
1264 jp2launcher.exe POST 200 188.121.36.239:80 http://ocsp.godaddy.com/ NL
binary
der
whitelisted
1264 jp2launcher.exe POST 200 188.121.36.239:80 http://ocsp.godaddy.com/ NL
binary
der
whitelisted
1264 jp2launcher.exe POST 200 188.121.36.239:80 http://ocsp.godaddy.com/ NL
binary
der
whitelisted
1264 jp2launcher.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
1264 jp2launcher.exe POST 200 93.184.220.29:80 http://status.geotrust.com/ US
binary
der
whitelisted
1264 jp2launcher.exe POST 200 23.51.123.27:80 http://s2.symcb.com/ NL
binary
der
whitelisted
1264 jp2launcher.exe POST 200 23.37.43.27:80 http://sv.symcd.com/ NL
binary
der
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
1264 jp2launcher.exe 12.23.248.187:8443 AT&T Services, Inc. US unknown
1264 jp2launcher.exe 188.121.36.239:80 GoDaddy.com, LLC NL unknown
–– –– 188.121.36.239:80 GoDaddy.com, LLC NL unknown
1264 jp2launcher.exe 184.31.87.231:443 Akamai International B.V. NL whitelisted
1264 jp2launcher.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
1264 jp2launcher.exe 23.51.123.27:80 Akamai Technologies, Inc. NL whitelisted
1264 jp2launcher.exe 23.37.43.27:80 Akamai Technologies, Inc. NL whitelisted

DNS requests

Domain IP Reputation
remotedeposit.myfirstfarmers.com 12.23.248.187
unknown
ocsp.godaddy.com 188.121.36.239
whitelisted
javadl-esd-secure.oracle.com 184.31.87.231
whitelisted
ocsp.digicert.com 93.184.220.29
whitelisted
status.geotrust.com 93.184.220.29
whitelisted
s2.symcb.com 23.51.123.27
whitelisted
sv.symcd.com 23.37.43.27
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.