General Info Watch the FULL Interactive Analysis at ANY.RUN!

File name

iCapture.jnlp

Verdict
Malicious activity
Analysis date
11/8/2018, 13:53:24
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
text/xml
File info:
XML 1.0 document, ASCII text, with CRLF line terminators
MD5

374c3c4f82e4b9dacdd47ddbeb3f75cc

SHA1

9630d19478a97135e7fd926995837ce75f2aa73d

SHA256

d5e48bec5f07fc3fb83b5ed2d1cc8f0c13ae233980250fe99f0ea8817b7e6b3c

SSDEEP

24:2daMgR4BIpU2p4Fa8jGPAZkLgYUzY4HBEQsR4BoVEsR4BoZom9zvn:caYB4uPBEQDBoyDBoZomJ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
180 seconds
Additional time used
120 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

Creates files in the user directory
  • jp2launcher.exe (PID: 1264)
Application launched itself
  • javaws.exe (PID: 3672)
Connects to unusual port
  • jp2launcher.exe (PID: 1264)
Executes JAVA applets
  • javaws.exe (PID: 3672)
Check for Java to be installed
  • javaws.exe (PID: 3672)

No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.jnlp
|   Java Web Start application descriptor (88.3%)
.xml
|   Generic XML (ASCII) (11.6%)
EXIF
XMP
JnlpSpec:
1.0+
JnlpCodebase:
https://remotedeposit.myfirstfarmers.com:8443/iCapWeb
JnlpHref:
iCapture.jnlp
JnlpInformationTitle:
iCapture Thin Client
JnlpInformationVendor:
SEI 3.2.12.5
JnlpInformationHomepageHref:
http://www.softwareearnings.com
JnlpInformationDescription:
iCapture Thin Client
JnlpInformationDescriptionKind:
short
JnlpInformationOffline-allowed:
null
JnlpSecurityAll-permissions:
null
JnlpResourcesOs:
Windows
JnlpResourcesJ2seVersion:
1.6+
JnlpResourcesJ2seHref:
http://java.sun.com/products/autodl/j2se
JnlpResourcesJarHref:
sThinClient.jar
JnlpResourcesJarMain:
true
JnlpApplication-descMain-class:
com.sei.swing.client.MainFrame
JnlpApplication-descArgument:
remotedeposit.myfirstfarmers.com

Screenshots

Processes

Total processes
36
Monitored processes
6
Malicious processes
2
Suspicious processes
0

Behavior graph

+
start javaws.exe no specs javaw.exe no specs javaw.exe no specs javaw.exe no specs javaws.exe jp2launcher.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3672
CMD
"C:\Program Files\Java\jre1.8.0_92\bin\javaws.exe" "C:\Users\admin\AppData\Local\Temp\iCapture.jnlp"
Path
C:\Program Files\Java\jre1.8.0_92\bin\javaws.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Oracle Corporation
Description
Java(TM) Web Start Launcher
Version
11.92.2.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\javaws.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\progra~1\java\jre18~1.0_9\bin\msvcr100.dll
c:\progra~1\java\jre18~1.0_9\bin\deploy.dll
c:\windows\system32\wininet.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\duser.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\program files\java\jre1.8.0_92\bin\jp2launcher.exe

PID
2584
CMD
"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_9\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.11.92.2" "later"
Path
C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe
Indicators
No indicators
Parent process
javaws.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Oracle Corporation
Description
Java(TM) Platform SE binary
Version
8.0.920.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\progra~1\java\jre18~1.0_9\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\program files\java\jre1.8.0_92\bin\verify.dll
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\program files\java\jre1.8.0_92\bin\zip.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\program files\java\jre1.8.0_92\bin\awt.dll
c:\windows\system32\oleaut32.dll
c:\progra~1\java\jre18~1.0_9\bin\deploy.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\java\jre1.8.0_92\bin\net.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\program files\java\jre1.8.0_92\bin\nio.dll

PID
2908
CMD
"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_9\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.timestamp.11.92.2" "1541681623"
Path
C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe
Indicators
No indicators
Parent process
javaws.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Oracle Corporation
Description
Java(TM) Platform SE binary
Version
8.0.920.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\progra~1\java\jre18~1.0_9\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\program files\java\jre1.8.0_92\bin\verify.dll
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\program files\java\jre1.8.0_92\bin\zip.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\program files\java\jre1.8.0_92\bin\awt.dll
c:\windows\system32\oleaut32.dll
c:\progra~1\java\jre18~1.0_9\bin\deploy.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\java\jre1.8.0_92\bin\net.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\program files\java\jre1.8.0_92\bin\nio.dll

PID
3304
CMD
"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_9\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.suppression.11.92.2" "false"
Path
C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe
Indicators
No indicators
Parent process
javaws.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Oracle Corporation
Description
Java(TM) Platform SE binary
Version
8.0.920.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\progra~1\java\jre18~1.0_9\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\program files\java\jre1.8.0_92\bin\verify.dll
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\program files\java\jre1.8.0_92\bin\zip.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\program files\java\jre1.8.0_92\bin\awt.dll
c:\windows\system32\oleaut32.dll
c:\progra~1\java\jre18~1.0_9\bin\deploy.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\java\jre1.8.0_92\bin\net.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\program files\java\jre1.8.0_92\bin\nio.dll

PID
3668
CMD
JavaWSSplashScreen -splash 49220 "C:\Program Files\Java\jre1.8.0_92\lib\deploy\splash.gif"
Path
C:\Program Files\Java\jre1.8.0_92\bin\javaws.exe
Indicators
Parent process
javaws.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Oracle Corporation
Description
Java(TM) Web Start Launcher
Version
11.92.2.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\javaws.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\progra~1\java\jre18~1.0_9\bin\msvcr100.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\program files\java\jre1.8.0_92\bin\splashscreen.dll
c:\windows\system32\cryptbase.dll

PID
1264
CMD
"C:\Program Files\Java\jre1.8.0_92\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_92" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfOTJcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF85MlxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF85MlxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURqbmxweC5vcmlnRmlsZW5hbWVBcmc9QzpcVXNlcnNcYWRtaW5cQXBwRGF0YVxMb2NhbFxUZW1wXGlDYXB0dXJlLmpubHAALURqbmxweC5yZW1vdmU9dHJ1ZQAtRHN1bi5hd3Qud2FybXVwPXRydWUALVhib290Y2xhc3NwYXRoL2E6QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzkyXGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF85MlxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfOTJcbGliXHBsdWdpbi5qYXIALURqbmxweC5zcGxhc2hwb3J0PTQ5MjIyAC1Eam5scHguanZtPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF85MlxiaW5camF2YXcuZXhl -ma QzpcVXNlcnNcYWRtaW5cQXBwRGF0YVxMb2NhbFxUZW1wXGphdmF3czI=
Path
C:\Program Files\Java\jre1.8.0_92\bin\jp2launcher.exe
Indicators
Parent process
javaws.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Oracle Corporation
Description
Java(TM) Web Launcher
Version
11.92.2.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\jp2launcher.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\progra~1\java\jre18~1.0_9\bin\msvcr100.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\java\jre1.8.0_92\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\program files\java\jre1.8.0_92\bin\verify.dll
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\program files\java\jre1.8.0_92\bin\awt.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\dwmapi.dll
c:\program files\java\jre1.8.0_92\bin\jli.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\program files\java\jre1.8.0_92\bin\zip.dll
c:\windows\system32\vga.dll
c:\progra~1\java\jre18~1.0_9\bin\deploy.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imagehlp.dll
c:\program files\java\jre1.8.0_92\bin\net.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\program files\java\jre1.8.0_92\bin\nio.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\program files\java\jre1.8.0_92\bin\sunec.dll
c:\program files\java\jre1.8.0_92\bin\sunmscapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\program files\java\jre1.8.0_92\bin\fontmanager.dll
c:\program files\java\jre1.8.0_92\bin\t2k.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\program files\java\jre1.8.0_92\bin\dcpr.dll
c:\program files\java\jre1.8.0_92\bin\management.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll

Registry activity

Total events
214
Read events
104
Write events
100
Delete events
10

Modification events

PID
Process
Operation
Key
Name
Value
2584
javaw.exe
delete key
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
2584
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.modified.timestamp
1535457890299
2584
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.roaming.profile
false
2584
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.version
8
2584
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expired.version
11.92.2
2584
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.browser.path
C:\Program Files\Internet Explorer\iexplore.exe
2584
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expiration.decision.11.92.2
later
2908
javaw.exe
delete key
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
2908
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.modified.timestamp
1541681623235
2908
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.roaming.profile
false
2908
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.version
8
2908
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expiration.decision.11.92.2
later
2908
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expired.version
11.92.2
2908
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.browser.path
C:\Program Files\Internet Explorer\iexplore.exe
2908
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expiration.decision.timestamp.11.92.2
1541681623
3304
javaw.exe
delete key
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
3304
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.modified.timestamp
1541681623610
3304
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.roaming.profile
false
3304
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.version
8
3304
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expiration.decision.11.92.2
later
3304
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expired.version
11.92.2
3304
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expiration.decision.timestamp.11.92.2
1541681623
3304
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.browser.path
C:\Program Files\Internet Explorer\iexplore.exe
3304
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expiration.decision.suppression.11.92.2
false
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
jp2launcher.exe
1264
jp2launcher.exe
delete key
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.modified.timestamp
1541681624000
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.roaming.profile
false
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expiration.decision.suppression.11.92.2
false
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.version
8
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expiration.decision.11.92.2
later
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expired.version
11.92.2
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expiration.decision.timestamp.11.92.2
1541681623
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.browser.path
C:\Program Files\Internet Explorer\iexplore.exe
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1264
jp2launcher.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jp2launcher_RASAPI32
EnableFileTracing
0
1264
jp2launcher.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jp2launcher_RASAPI32
EnableConsoleTracing
0
1264
jp2launcher.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jp2launcher_RASAPI32
FileTracingMask
4294901760
1264
jp2launcher.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jp2launcher_RASAPI32
ConsoleTracingMask
4294901760
1264
jp2launcher.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jp2launcher_RASAPI32
MaxFileSize
1048576
1264
jp2launcher.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jp2launcher_RASAPI32
FileDirectory
%windir%\tracing
1264
jp2launcher.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jp2launcher_RASMANCS
EnableFileTracing
0
1264
jp2launcher.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jp2launcher_RASMANCS
EnableConsoleTracing
0
1264
jp2launcher.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jp2launcher_RASMANCS
FileTracingMask
4294901760
1264
jp2launcher.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jp2launcher_RASMANCS
ConsoleTracingMask
4294901760
1264
jp2launcher.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jp2launcher_RASMANCS
MaxFileSize
1048576
1264
jp2launcher.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jp2launcher_RASMANCS
FileDirectory
%windir%\tracing
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.javaws.appicon.index
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\appIcon\appIcon.xml
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.javaws.splash.index
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\splash\splash.xml
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\JavaSoft\Java Runtime Environment\Security Baseline
1.4.2
1.4.2_99
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\JavaSoft\Java Runtime Environment\Security Baseline
1.5.0
1.5.0_99
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\JavaSoft\Java Runtime Environment\Security Baseline
1.6.0
1.6.0_211
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\JavaSoft\Java Runtime Environment\Security Baseline
1.7.0
1.7.0_201
1264
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\JavaSoft\Java Runtime Environment\Security Baseline
1.8.0
1.8.0_191

Files activity

Executable files
10
Suspicious files
4
Text files
30
Unknown types
33

Dropped files

PID Process Filename Type
1264 jp2launcher.exe C:\Users\admin\java0.log text
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\5d22c5c8-57d17d3a java
1264 jp2launcher.exe C:\Users\admin\java0.log text
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\security\update.securitypack.timestamp binary
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties text
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\security\baseline.versions text
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\security\blacklist.dynamic text
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\security\blacklisted.certs text
1264 jp2launcher.exe C:\Users\admin\java0.log text
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\security\securitypack.jar compressed
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\202866f-976f7317e19181610bae1c3cef46200993ee8b2a75e30c0a4d3b480160d7cdf6-6.0.lap text
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties text
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\202866f-976f7317e19181610bae1c3cef46200993ee8b2a75e30c0a4d3b480160d7cdf6-6.0.lap text
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\9fb3a10-75237ca9.idx abr
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties text
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\9fb3a10-75237ca9 java
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\9fb3a10-75237ca9-temp ––
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\6e2ce4ce-234b134b.idx abr
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\6e2ce4ce-234b134b java
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\6e2ce4ce-234b134b-temp ––
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1a6bcba6-22494f77.idx abr
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1a6bcba6-22494f77 java
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\5fe2e9cd-1437ae85.idx abr
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1a6bcba6-22494f77-temp ––
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1a6bcba6-22494f77.idx abr
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\5fe2e9cd-1437ae85 java
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\5fe2e9cd-1437ae85-temp ––
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\43f3f501-3d75fdfd.idx abr
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\43f3f501-3d75fdfd java
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\43f3f501-3d75fdfd-temp ––
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\4fc79d80-4c2b25b7.idx abr
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\4fc79d80-4c2b25b7 java
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\4fc79d80-4c2b25b7-temp ––
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\5d22c5c8-57d17d3a.idx abr
1264 jp2launcher.exe C:\Users\admin\java0.log text
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\6c1eef9b-7fb257ae.idx abr
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\5d22c5c8-57d17d3a-temp ––
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\6e2ce4ce-234b134b.idx abr
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\6c1eef9b-7fb257ae java
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\6c1eef9b-7fb257ae-temp ––
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\743d94ab-31db7f2c.idx abr
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\743d94ab-31db7f2c java
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\743d94ab-31db7f2c-temp ––
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\1738982d-27035a25.idx abr
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\security\blacklist.cache binary
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\1738982d-27035a25 java
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\1738982d-27035a25-temp ––
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\743d94ab-31db7f2c.idx abr
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\5d22c5c8-57d17d3a.idx abr
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\1738982d-27035a25.idx abr
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\9fb3a10-75237ca9.idx abr
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\202866f-976f7317e19181610bae1c3cef46200993ee8b2a75e30c0a4d3b480160d7cdf6-6.0.lap text
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\202866f-7e344805.idx abr
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\lastAccessed binary
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\202866f-7e344805 xml
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\202866f-7e344805-temp ––
1264 jp2launcher.exe C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\83aa4cc77f591dfc2374580bbd95f6ba_90059c37-1320-41a4-b58d-2b75a9850d2f dbf
1264 jp2launcher.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties text
1264 jp2launcher.exe C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp text
3672 javaws.exe C:\Users\admin\AppData\Local\Temp\javaws2 xml
3304 javaw.exe C:\Users\admin\AppData\Local\Temp\JavaDeployReg.log text
3304 javaw.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties text
3304 javaw.exe C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp text
2908 javaw.exe C:\Users\admin\AppData\Local\Temp\JavaDeployReg.log text
2908 javaw.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties text
2908 javaw.exe C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp text
2584 javaw.exe C:\Users\admin\AppData\Local\Temp\JavaDeployReg.log ––
2584 javaw.exe C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties text
2584 javaw.exe C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp text

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
10
TCP/UDP connections
62
DNS requests
7
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
1264 jp2launcher.exe POST 200 188.121.36.239:80 http://ocsp.godaddy.com/ NL
binary
der
whitelisted
1264 jp2launcher.exe POST 200 188.121.36.239:80 http://ocsp.godaddy.com/ NL
binary
der
whitelisted
1264 jp2launcher.exe POST 200 188.121.36.239:80 http://ocsp.godaddy.com/ NL
binary
der
whitelisted
1264 jp2launcher.exe POST 200 188.121.36.239:80 http://ocsp.godaddy.com/ NL
binary
der
whitelisted
1264 jp2launcher.exe POST 200 188.121.36.239:80 http://ocsp.godaddy.com/ NL
binary
der
whitelisted
1264 jp2launcher.exe POST 200 188.121.36.239:80 http://ocsp.godaddy.com/ NL
binary
der
whitelisted
1264 jp2launcher.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
1264 jp2launcher.exe POST 200 93.184.220.29:80 http://status.geotrust.com/ US
binary
der
whitelisted
1264 jp2launcher.exe POST 200 23.51.123.27:80 http://s2.symcb.com/ NL
binary
der
whitelisted
1264 jp2launcher.exe POST 200 23.37.43.27:80 http://sv.symcd.com/ NL
binary
der
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
1264 jp2launcher.exe 12.23.248.187:8443 AT&T Services, Inc. US unknown
1264 jp2launcher.exe 188.121.36.239:80 GoDaddy.com, LLC NL unknown
–– –– 188.121.36.239:80 GoDaddy.com, LLC NL unknown
1264 jp2launcher.exe 184.31.87.231:443 Akamai International B.V. NL whitelisted
1264 jp2launcher.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
1264 jp2launcher.exe 23.51.123.27:80 Akamai Technologies, Inc. NL whitelisted
1264 jp2launcher.exe 23.37.43.27:80 Akamai Technologies, Inc. NL whitelisted

DNS requests

Domain IP Reputation
remotedeposit.myfirstfarmers.com 12.23.248.187
unknown
ocsp.godaddy.com 188.121.36.239
whitelisted
javadl-esd-secure.oracle.com 184.31.87.231
whitelisted
ocsp.digicert.com 93.184.220.29
whitelisted
status.geotrust.com 93.184.220.29
whitelisted
s2.symcb.com 23.51.123.27
whitelisted
sv.symcd.com 23.37.43.27
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.